Protecting Critical Infrastructure Against Cyber Threats

Chukwuemeka Fred Agbata (Technology Entrepreneur), ICT Minister Hon Paula Ingabire (Rwanda), Mr Noordin Haji (Director General, National Intelligence Service, Kenya) and Brig Gen (Rtd) MK Hadji Janev Metodi (Military Academy, Macedonia) respectively

With exploding digital transformation, Africa’s prosperity is increasingly bound to its digital infrastructure and the data flows that sustain it. The panel on “Protecting Critical Infrastructure Against Cyber Threats” addressed the continent’s vulnerabilities and strategies at a time when cyberattacks are escalating in scale and complexity. Panelists included ICT Minister Hon Paula Ingabire (Rwanda), Mr Noordin Haji (Director General, National Intelligence Service, Kenya), Brig Gen (Rtd) MK Hadji Janev Metodi (Military Academy, Macedonia), and moderator Chukwuemeka Fred Agbata (Technology Entrepreneur). The panel examined the technological, legal, policy, and sovereignty challenges facing African nations as they try to protect their social, economic and security futures.

Africa stands out for its youthful, rapidly digitizing population. As Minister Ingabire noted, Rwanda’s “Smart Rwanda” agenda illustrates the synergistic approach toward national transformation—embedding cyber security strategy at the core of digital development. But the panel agreed: Africa’s cyber vulnerabilities are expanding alongside connectivity gains, exposing both public and private infrastructure to a diverse range of “borderless” threats, from ransomware to disinformation campaigns, and raising the stakes for regional stability.

The scale of the challenge is evidenced by Kenya’s experience: between January and April of one year alone, Kenya registered over 840 million cyberattacks on both public and private infrastructure. Such numbers are harbingers of a digital domain under continuous assault, one in which threat actors—from criminal syndicates to state proxies—are both sophisticated and opportunistic, leveraging AI-driven technologies that often outpace defensive innovation and legislative response.

Paula Ingabire

Minister of Information and communications technology, Cabinet of Rwanda

Rwanda’s approach, as outlined by Hon. Ingabire, demonstrates a holistic cyber defense architecture—from dedicated national cybersecurity agencies and Computer Security Incident Response Teams (CSIRTs), to a coherent legal foundation for deterring and punishing cybercrime. The interplay between technological investment, institutional capacity, and legal enforcement provides a template for other African countries seeking to operationalize cyber resilience.

Mr Noordin Haji

Director General, National Intelligence Service, Kenya

Mr Noordin Haji highlighted the importance of intelligence-led approaches, where actionable intelligence is translated into evidence and integrated into the criminal justice chain. Crucially, this means intelligence services must not only gather threats but also understand and navigate relevant legal frameworks—including ensuring due process and balancing surveillance with the protection of individual privacy.

Brig Gen (Rtd) MK Hadji Janev Metodi

Associate Professor of Law

Professor Metodi warned that sovereignty goes beyond data hosting: it encompasses control over digital supply chains, intelligence about technological backdoors, and the power to set—not just follow—norms about data access, privacy, and AI governance.

Both speakers and the audience highlighted the limitations of isolated national action. African nations, negotiating individually with “big tech,” face disadvantageous power dynamics, as shown by cases where Facebook, Twitter, or AWS responded dismissively to African government demands. Only through collective action, harmonized regulatory standards, and pooled infrastructural investment, could the continent assert itself in the digital sovereignty debate and develop a true cyber defense posture with bargaining power.

The panel grappled with the tension between effective surveillance for preempting cyber threats and the protection of civil liberties. Kenya’s layered approach—requiring warrants and oversight for surveillance, while acknowledging the practical difficulty of timely legal intervention in real-time cyberattacks—reflects the delicate balance to be struck. Both Haji and Metodi agreed that as “order and liberty” must go hand-in-hand, policymakers must better communicate the rationale for controls to the public and ensure that data-driven empowerment does not slide into unchecked state power or social destabilization.

The panel pointed to the fast-changing threat landscape—AI-driven deepfake attacks, disinformation campaigns, criminal syndicates, and state proxies exploiting Africa’s regulatory gaps. Panelists explained that not only overt cyberattacks, but also digital manipulation of political discourse and social cohesion are forms of “hybrid conflict” that can rise to the level of war, destabilize states, and challenge traditional doctrines of sovereignty and order.

Audience questions emphasized the need for data centers and AI to be not only secure but also climate-smart and energy-efficient, highlighting potential environmental pitfalls of large-scale infrastructure. The potential dangers of being too dependent on foreign-controlled platforms (like Starlink/SpaceX) or cloud environments governed by distant legal regimes were also raised as structural vulnerabilities for African countries seeking digital sovereignty.

The panelists insisted that protecting Africa’s critical infrastructure in the cyber era is both a national and continental imperative. Legal, institutional, and technical capacity-building must be matched by pan-African solidarity. Early adoption of technologies, combined with efforts to harmonize laws and policies, develop AI and cybersecurity talent, and assert data sovereignty, are keys to both resilience and agency.

Fundamentally, Africans must move beyond dependency, embedding security by design and privacy by design in every phase of digital transformation, and build strategic autonomy that protects both their data and their collective futures—while communicating to their peoples that security, liberty, and development must be pursued together.