A Comparative Analysis of Cyber Security Laws and Policies in Nigeria and South Africa

There is free flow of information in the cyberspace and as a result, nations are obviously wary of the integrity of its data as part of both public safety and national security concerns. There are ways that the associated risk could be mitigated and mostly has to do with a proper development and implementation of Cyber security policies and strategies. This research focuses on the cyber security policies, strategies and laws of both Nigeria and South Africa and also making a comparative analysis of the current National Cyber Security Policy and Strategy of both countries and the necessary recommendations going forward. In the case of Nigeria, analytical evidence shows that the national documents were found to have satisfied most of the requirements in terms of content but failed to address other aspects of cyber security concerns in the country. On the other hand, South Africa as a country is lagging especially in governmental coordination, cybersecurity legislation, engagement with business and citizens, and skilled labour. The paper tends to explore these loopholes evident in the cyber security laws and policies of the aforesaid countries and made the necessary recommendations on how to adopt best and sustainable practices in dealing with issues related


INTRODUCTION
Infractions on the web including cybercrime can be and the crimes being perpetrated, not to mention of how to safely use the systems with the basic security precautions in mind. (Kenneth, 2011, ITU: 2020. Certain key assumptions are taken for granted when postulating on the general aims of cybersecurity functions in nations states. These assumptions are prevalent in all countries both developed and developing in a greatly networked world. Scholars have identified that the first aim is to provide a list of pre-determined, non-mandatory cybersecurity functions from which developed and developing countries may make a selection, for implementation. This means that countries that have not yet developed their own authoritative and normative sources, or experience skills and fiscal constraints, do not need to apply level 1 of the NCMF, but can select one or two of the predetermined, non-mandatory functions. Level 1 is applied, when following this approach, by a third party, to identify non-mandatory cybersecurity functions on behalf of the nation-state. Level 1 is thus still used, but applied by a third party, and not by the nation-state using the National Cybersecurity Mandatory Functions-NCMF (Jacobs, 2018).
In the same vein, the second aim is for nation states identifying their own national cybersecurity functions, to use this predetermined list of non-mandatory cybersecurity functions against which to measure the strategic relevance and completeness of their own identified national cybersecurity functions. The non-mandatory cybersecurity functions are all strategic in nature, (as opposed to tactical or operational), and, as such, provide a predetermined list of functions that are general in nature, against which to measure the strategic relevance and completeness of their mandatory national cybersecurity functions (Jacobs, 2018).
It is further advantageous to have the general cybersecurity functions to use as a baseline, or foundation, against which to measure the completeness and relevance of a nation's identified national cybersecurity functions. Being able to measure the national cybersecurity functions against an existing baseline is useful in that it ensures alignment with the international community and its cybersecurity efforts.
The general quest for a grand strategy for a sustainable cybersecurity laws and strategy has pushed countries to draw defined laws and policies to guide them in national security template to protect the cyber space and public safety of the entire citizenry. Consequently, the table below shows a summary of cyber security policies of some selected counties in tandem with their national security policies as shown on Table 1. take advantage of this technology flame to perpetrate crime and steal information, and so therefore, this paper will focus on the strategies and policies adopted by both Nigeria and South Africa to curb against this type of crime.

The Problem Statement
Africa has for some time now been battling with cyber threats such as ransomware, child pornography, phishing, malware, and abuse, denial of service, and so on. According to BitSight (2016) report, Africa was worst hit by ransomware with two out of twenty institutions battling with ransomware on their network.
Grajek (2018)  and are thriving on their systems and demanding for a ransom. Nigeria and South Africa must come to reality of the cyber threats they face considering the volume of data with both systems. This Paper will review and compare the policies and strategies adopted in Both Countries and Make recommendation on how to approach things going forward.

Review of Related Literature
The  In Nigeria for example, cybercrime has been flourishing for quiet sometime now and this is obvious from the fact that we have so many internet fraudsters popularly known as yahoo boys and also from students (Okeshola and Adeta 2013). Academic fraud, denial of service, phishing attacks, identity theft and financial crimes are some among the type of cybercrime activities experience from within the Country (Sawahel 2017). In South Africa, majority of cybercrime attacks happens in two areas. The first one is targeted towards the institutions' information assets both from within and other external forces, while the second aspect comes from the community members attacking other businesses and individuals.
Regarding African cyber security, Serianu (2016) pointed out that threats from within are the greatest threats to organizations in Africa when compared to external threats. In fact, The Nation (2019)  The same agency was also hit in 2019 which forced the agency to re-conduct fresh exams (News Agency 2019). As mentioned by Borja (2006)  Approach.

METHOD
The methodology employed for the primary research

Infrastructure
The critical infrastructures include certain information and communication systems which is obviously good for economic development, financial transactions, social interactions and so on. In fact, they underpin our national life and existence as a nation so any destruction to these systems will definitely affect government operations, economic prosperity and even undermine national security.
Consequently, the government deemed it necessary to formulate policies and strategies to guide and protect these critical infrastructures. The following are among the policies and strategies adopted. priorities and make sure all stakeholders have these at their disposal.

2)
Identity and evaluate Potential Critical National Information Infrastructure: Government will liaise with owners and operators of these critical infrastructure to take inventory of these assets and do a risk analysis in other to ascertain the level of protection required.

3)
Redundancy Mechanism for essential services: Compulsory backup for each of the critical infrastructures must be in place in the event of any disaster and to avoid a single point of failure.

4)
National Vulnerability Assessment (NVA): They shall periodically carry out a vulnerability assessment under the guidance of NCCC with a view to find out if there is any weakness in the system.

Enhancing Cybersecurity Incidence Management
Cybersecurity incidence management will be realized by strengthening the national cyber security incidence response team, mechanism and incident response plan.

Strengthening Legal and Regulatory Framework
For Example, when it comes to internet security and child online protection, any omission that is against a child that is not acceptable in the physical environment is also prohibited online. This is necessary as it will protect children from exposure to bad contents. Mechanism will also be developed to assist women with the capacity and at the same time creating opportunities within the cyber spectrum.

Enhancing Cyber Defence Capability
The Defence Space Administration that is responsible for providing an enabling cyber environment for the

Promoting a thriving Digital Economy
Nigeria really wants to use cybersecurity to move the use of internet for commercial and other government related activities that will enhance a flourishing digital economy. In view of this, the following was adopted by the government; 1) Take the Lead in having a cybersecurity culture and behaviour, which can be achieved through training programs.
2) Best practises must be adhered to by all stakeholders especially when handling government functions.
3) Security is a collective business, and as such it becomes the duty of every community member to report any online crime through a dedicated platform that will be provided by the government. 4) Government will adopt a mechanism for virtual currency to ensure its progressive use, and at the same time highlight its use.

Assuring Monitoring and Evaluation (M&E)
Substandard or counterfeit soft wares and hardwires will not be tolerated from either private or government agencies. Furthermore, Government shall also develop the needful for annual licensing and registration.

Enhancing International Cooperation
Nigeria will work closely with other stakeholders in cyber policies, strategy formulation, cyber law enforcement, threat intelligence sharing and capacity development.

B. Nigerian Cybersecurity Laws
The Nigerian Cybercrime Act 2015 gives the President the power to designate critical information system assets which includes some computer systems, networks and other IT infrastructure and also to come up with certain guidelines and procedures for auditing to ensure that those define assets still remains critical.
1) The Nigerian Cybercrime Act 2015 prescribes a death penalty for any offense perpetrated against a system that has been designated as a critical asset. 2) Anybody found guilty of hacking unlawfully into a computer system or network are liable to a fine of up to N10 Million or 5 years imprisonment.
3) The cybercrime law prohibits identity theft with a penalty of 3 years imprisonment or a fine of not less than N7 Million or to both. 4) Cyber-Stalking and Cyber-Bullying will attract a fine of not less than N2 million or imprisonment for a term of not less than 1 year or to. 5) Cybersquatting which is registering and using an internet domain name with intention will attract a fine or N5 million or nothing less than 2 years or both. 6) Racist or xenophobic, violent threats and abusive statements that could incite racial or religious violence are prohibited. Perpetrators will be fined of not less that N10 million or a minimum or 5 years imprisonment or both.

Adapted Organizational Structures
This proposes the presence of adequate national organizational structures that supports the implementation

Identifying Accurate Measures
It is imperative that cyber security should be machine driven in other to make the most of outputs and reduce human intervention which could lead to errors. Almost everyone in South Africa depends on data especially as it relates to digital infrastructures. Therefore, it is important that the decision taken regarding cyber security should be the right one. The full implementation of the South African cyber security policy should clearly identify functions and roles.

Reducing Criminal Opportunities
Cyber security cross with the execution of international legislation to reduce criminal opportunities. It is expected to raise the awareness of threat and vulnerabilities envisaged which could go a long way in reducing criminality in South Africa.

Education and Awareness
Continuous education on cyber security should be encouraged among experts in the fields of political, economic and legislations. Having a cyber security culture and awareness will enlighten people and ultimately achieve the stated objective in the policy and strategic document.

Computer Security Incident Response Team (CSIRT)
This is the formation of a team, cutting across different functional areas within the system are charged with the responsibility of preparing for and also responding to cybersecurity related incidents. Thus, acts as a contact point for threats and breaches related to cyber security. Usually, the response plan is in five phases; identification of threats, analysis, containing such threat, mitigation and reporting the outcome.

Cyber Inspectorate
The cyber inspectorate is charge with the responsibility of liaising with law enforcement agencies, to provide both private and public services. It is also responsible for inspecting and monitoring websites or related activities in the public domain and report in the event any bridge or compromise.

Law Enforcement
The policy provides for the exploitation of various initiatives to strengthen capacity among the law enforcement agencies charge with the responsibility of handling cybercrime. South Africa must comply with best practices in this line.

Minimize Cybersecurity Threats and Vulnerabilities
To reduce cyber threats and vulnerabilities, the policy mandates that the Minister of Communications come up with guidelines for the protection and identification of cybersecurity threats and vulnerabilities. Also there has to be a periodic review of best practices in intelligence gathering, crime detection, investigation and prosecution of offenders.

Local and International Partnership
Regarding local and international partnerships, this policy mandates the formation of initiatives to ensure cooperation and coordination between local and international partnerships which could be either private or government sector. This ensures adequate information sharing amongst stakeholders, which could go a long way on securing South Africa's Cyberspace.

Innovation, Skills Development and Compliance
The popularity of Cybercrime and its continuous threats cannot be over emphasized. As such there is a continuous need to develop strategies to deal with related issues as they arise. These issues could be developing a well packaged cybersecurity programmes developing a Security culture to create awareness e.tc. The policy developed here will focus on the aforementioned issues in other to address them.

E. South African Cybersecurity Laws and Policies
In Generally, a summary of the following actions constitutes a crime in the Republic of South Africa: 1) Any unauthorized intrusion or hijacking of data is a crime.
2) Any unauthorized hijacking that compromises the integrity of data is a crime, and that includes the creation However, the act must be perpetrated intentionally.
3) Any unlawful use of system or devices that are meant to serve as security measures for data protection is a crime and that includes the use of cracking software. 4) Denial of Service to any device or server in other to crash it is a crime. 5) Computer related fraud or forgery are classified as extortion and a crime that is punishable. 6) An accomplice to any of the crimes mentioned above is also guilty person.

Nigeria and South Africa
After thorough examination of the cybersecurity policies in both Nigeria and South Africa, it was discovered that both countries are far behind developed countries in areas like government coordination, legislation, stakeholder engagement and interaction and in skilled labour supply.
There is no coordinated approach in both Nigeria and South Africa in handling cybersecurity. Even though there are structures in place to handle cyber related issues, these structures however are inadequate to holistically handle cyber security issues. In South Africa for Example, various legal establishments are in place to address cybersecurity, but then they have proved to be ineffective in handling the challenges the country faces in cybercrime.
Intensely securing the cyberspace of any country no doubt cannot be done alone. It requires Stakeholder collaboration given how digital and connected the world has become, hence it is referred to as a global village. Both implementation reporting and there seems to be no light at the end of the tunnel for now since as there is no adequate coordination amongst the agencies and stakeholders.
Indeed, there seems to be little, or no priority placed on cybersecurity in South Africa which is obvious from the fact that even the policy and strategic documents took two years to be adopted.

Another challenge faced individually by both Nigeria
and South Africa is the fact that convincing citizens to accept and embrace best practices for cybersecurity has become very difficult even though it is part of the policy. Another challenged faced by both countries is that it has become difficult to convince business owners to take responsibility at times to defend themselves by adopting appropriate measures to curb cyber threats and at the same time escalate all successful attacks. The governments has a serious job on their hands to address this and needs to do whatever it takes to encourage this businesses to adopt this strategy. The problems are further compounded in both Nigeria and South Africa with the fact that there is a shortage of ICT skills, which has affected the deployment and development of ICT and ultimately the economy.
Nigeria's Cybersecurity Policy and strategy documents contains a well spelled out cybersecurity therapy for the country. However, the recent EndSars protests of last year October 2020, saw different attacks which compromised so many government and private assets and that shows that a lot needs to be done to actualize what is contained in the policy document. So, both Nigeria and South Africa have adopted a similar strategy to deal with Cybercrime, but the main issue is implementation which till date has remained a challenge.

CONCLUSION
In conclusion, well-structured cyber-security program requires a very robust commitment from the federal government to stimulate the required implementation of  There are also areas of concern from the research work carried out and as a result the following recommendation are proposed.
1) There should be details of the status or state of cyber security in both the strategic and policy documents of both Nigeria and South African.
2) The Policy document should be adapted to each country's local need to tackle local issues patterning cyber security.
3) There should be a digital identity framework so citizens can be identified within the cyberspace. 4) There should be a good partnership and relationship between the government and Internet Service Providers for better and more proactive monitoring. 5) Lastly, the policy and strategic documents should contain a national cyber defence military capability.

DECLARATION OF CONFLICTING INTERESTS
The Authors declare that there is no potential conflict of interest in the research, authorship, and/or publication of this article.