KOFI ANOKYE OWUSU-DARKO (BLOG 1)

  INTRODUCTION I have read the Cybersecurity Act, 2020 (Act 1038), and in my view its implementation will be challenging. In my first article, I looked at the Governance Structure of the Cybersecurity Authority and its political orientation that could compromise the operational independence and affect the continuity of the role of the Authority should there be a change of government. An institutionalized Board under a specified Ministry to take care of government policy directives would have been preferable. In my second article, I highlighted how complex the implementation of Licensing of the Cybersecurity Providers under Act 1038 will be considering the broad, vague and all-encompassing meaning given to what a cybersecurity service is, which in my opinion may include anybody that deals with computers be it by way of software or hardware with connectivity to cyberspace. My last article on Act 1038 article will look at the Accreditation of Cybersecurity Professionals and Practiti

  INTRODUCTION I have read the Cybersecurity Act, 2020 (Act 1038), and in my view its implementation will be challenging. In my first article I looked at the Governance Structure of the Cybersecurity Authority and its political orientation that could compromise the operational independence and affect the continuity of the role of the Authority should there be a change of government. An institutionalized Board under a specified Ministry to take care of government policy directives would have been preferable. This article will look at the Licensing of the Cybersecurity Providers ( sections 49, 100 and the First Schedule of Act 1038), which requires that a person shall not provide a cybersecurity service unless that person obtains a license issued by the Authority in accordance with the Act.   I find the implementation of this licensing regime to be complex taking cognizance of the broad and not too clear meaning given to cybersecurity services and cybersecurity service provider.

  Introduction I have read the Cybersecurity Act, 2020 (Act 1038), and in my view its implementation will be challenging. I intend to give my opinion on various aspects of it in three separate articles. The Governance Structure ( sections 2 to 20 of Act 1038), the Licensing of the Cybersecurity Providers ( sections 49, 100 and the First Schedule of Act 1038), and the Cybersecurity Standards, Enforcement and Education as well as Accreditation and Certification of Cybersecurity Professionals ( sections 57 to 61 of Act 1038). This first article is about the governance structure which I find politically biased and in control of the Executive arm of government instead of being institutionalized. This is likely to compromise the operational independence, perceived or real, of the Cyber Security Authority. My approach will be to say what the law says about a subject area under the governance structure and give an opinion. First let us start with an appreciation of what cybersecurity is

  INTRODUCTION I have had to tweak an article I wrote in 2011 on the treatment of “electronic signatures” and “digital signatures” by the Electronic Transactions Act, 2008 (Act 772) since I find it still relevant having noticed that the recent Cybersecurity Act, 2020 (Act 1038) in repealing Sections 118 and 136 of Act 772 did not take the opportunity to deal with the confusion with digital signatures in Act 772 which is relevant in cybersecurity. Act 772 seems to be referring to “electronic signatures” whilst talking about “digital signatures” or vice versa and this gets me confused. In my opinion there is a distinction between an “electronic signature” and a “digital signature” and I stand to be corrected in my understanding. My understanding of “electronic signature” is that it is data in electronic form which can be attached to, or logically associated with other electronic data and which serve as a method of authentication. Basically, it is a digitised version of a handwritt