The arrival of broadband Internet in Africa via the undersea cables is widely hailed as an opportunity for economic advancement due to the power of ICT-enabled businesses. The hopeful look at India’s success in software and services as a model for African growth, but a new meme is emerging that see the interconnections of Africans as a threat to global security. While it is an interesting, and perhaps fruitful, exercise to think through the potential downsides of the Internet in Africa, the way the issue is being framed, largely by Westerners promoting cybersecurity services, strikes me as overwrought and misplaced.

The argument has two versions:

In one, detailed by cybersecurity consultant and author Jeffrey Carr, there is a dangerous fusion of anti-American forces who do, or will soon have, the means, motive and opportunity to unleash cyberwarfare upon American critical infrastructure and commerce. Looking at Somalia, where piracy and terrorism seem to be mixing, Carr argues that the arrival of the EASSy cable will present a dangerous new challenge to international security:

Once Somalia goes digital, it will create a never-before-seen opportunity for local gangs to move their strategic alliances with Al Shabaab onto the Internet. Their twin exports – extortion and terrorism will have unlimited opportunities for profit and mayhem, particularly if they are directed against critical infrastructure such as energy, water, and transportation facilities.

The second version, which is probably a more likely one, is that the combination of broadband connectivity and poor virus protections in Africa will make African computers prime targets for botnet herders who will use them to “paralyze the network infrastructure of a major western nation.” Writing in Foreign Policy, an organizer of a major cybersecurity summit, Franz-Stefan Gady, argues

“[T]he continent is home to the world’s most vulnerable computers. About 80 percent of the African population lacks even rudimentary knowledge of information technologies, according to a recent World Bank survey. Though Internet cafes are widespread, providers often cannot afford proper antivirus software, making computers very easy targets for skilled botnet operators and hackers.”

Moreover, he says, African countries, by and large, lack the legal wherewithal to prosecute cyber-criminals.

As a final datapoint, consider a recent report by the cybersecurity firm Symantec which says South Africa is in the “unenviable” position of receiving better connectivity right when it is hosting the World Cup; this, they say, is a recipe for accelerated cybercrime.

It should be noted at the outset that the people we are not hearing from on this are Africans. Cybersecurity demands international cooperation, but the views of African regulators, businessmen and civil society – who likely have a more nuanced views of the upsides of connectivity – are missing.

I suspect this voice would add context to the above worries. For example, in countries where basic literacy is a challenge yet to be overcome, worrying about the next Kevin Mitnick rising from Mogadishu seems a little silly. Recall that the most sophisticated cyber attacks come from Russia, a country with a long history of technological prowess, and China, where top-notch technical schools are likely the source of the recent Google hacks. In addition to infrastructure, you need computer skills, and as anyone who works to promote ICTs in Africa knows, this is a tough job.

The obvious response to this is that the Somali terrorist-pirates could purchase hacking services. This are widely available and, as I understand it, fairly affordable (though likely much more than a few AK-47s and a boat). But this is also nothing new. Al-Qaeda, an organization which is far more anti-American, far more well-funded, and has far more access to broadband Internet, does not seem to be a fan of cyberattacks. As far as I know, there is no evidence that Al-Qaeda has established offensive cyber capabilities, despite having operatives in broadband-saturated locations.

There are some hints that affiliated people have considered hacking as a means to their end – manuals, for example – but terrorists rely on shock factor to, umm, terrorize. When effective cyberwar is as theoretical as it, risk-averse groups are likely to stick to IEDs and suicide bombers.

Furthermore, the view of the Somali pirates and “terrorists” is ahistorical. It misses the reprehensible waste dumping and illegal fishing that have decimated the Somali economy (of course enabled by the absence of a functioning government). Writing frantic articles about cyber WMDs arising from this position is reckless. Somalia instead needs state-building, legal protection of its sovereignty and job opportunities.

ICTs are a great opportunity and although they do have potential downsides, the whole framing of these African cyberwar (!!!!) pieces leaves a bad taste in my mouth.

Update: For a hilarious and spot-on treatment of this subject, see this:

I think that Africans have more to fear from older technology outside their continent than the rest of the world fearing Africa. It would be ironic if at some point in the near future, Nigeria had to block IP addresses from the United States.

He’s right. When Franz-Stefan writes that “skillful cybercriminals operating out of an unregulated Internet café in the slums of Addis Ababa, Lagos, or Maputo” will create the world’s biggest botnets, he shows that he has little understanding of those “slums” – for starters, electricity is a little intermittent to power a cyberwar.

Update 2: A new bill in the US Senate would require punishment for governments who do not control cybercrime allegedly occurring in their country. It would create a list of bad states and could cut aid to them if they don’t align their cyber-policies with American desires. Imagine, if you will, that this ends up like the USTR’s Special 301 list which coerces developing countries to enforce more draconian intellectual property regimes. If, as Jonathan Zittrain argues, innovative networks (“generative” in his parlance) are under threat from cybercrime, then it won’t be long until America is coercing African countries to lock down their networks, perhaps at the behest of the same security consultants who are arguing we need to re-engineer our networks to be more locked down. I don’t like where this is heading.