Protecting Critical Infrastructure Against Cyber Threats
Chukwuemeka Fred Agbata (Technology Entrepreneur), ICT Minister Hon Paula Ingabire (Rwanda), Mr Noordin Haji (Director General, National Intelligence Service, Kenya) and Brig Gen (Rtd) MK Hadji Janev Metodi (Military Academy, Macedonia) respectively
With exploding digital transformation, Africa’s prosperity is increasingly bound to its digital infrastructure and the data flows that sustain it. The panel on “Protecting Critical Infrastructure Against Cyber Threats” addressed the continent’s vulnerabilities and strategies at a time when cyberattacks are escalating in scale and complexity. Panelists included ICT Minister Hon Paula Ingabire (Rwanda), Mr Noordin Haji (Director General, National Intelligence Service, Kenya), Brig Gen (Rtd) MK Hadji Janev Metodi (Military Academy, Macedonia), and moderator Chukwuemeka Fred Agbata (Technology Entrepreneur). The panel examined the technological, legal, policy, and sovereignty challenges facing African nations as they try to protect their social, economic and security futures.
Africa stands out for its youthful, rapidly digitizing population. As Minister Ingabire noted, Rwanda’s “Smart Rwanda” agenda illustrates the synergistic approach toward national transformation—embedding cyber security strategy at the core of digital development. But the panel agreed: Africa’s cyber vulnerabilities are expanding alongside connectivity gains, exposing both public and private infrastructure to a diverse range of “borderless” threats, from ransomware to disinformation campaigns, and raising the stakes for regional stability.
The scale of the challenge is evidenced by Kenya’s experience: between January and April of one year alone, Kenya registered over 840 million cyberattacks on both public and private infrastructure. Such numbers are harbingers of a digital domain under continuous assault, one in which threat actors—from criminal syndicates to state proxies—are both sophisticated and opportunistic, leveraging AI-driven technologies that often outpace defensive innovation and legislative response.
Paula Ingabire
Minister of Information and communications technology, Cabinet of Rwanda
Rwanda’s approach, as outlined by Hon. Ingabire, demonstrates a holistic cyber defense architecture—from dedicated national cybersecurity agencies and Computer Security Incident Response Teams (CSIRTs), to a coherent legal foundation for deterring and punishing cybercrime. The interplay between technological investment, institutional capacity, and legal enforcement provides a template for other African countries seeking to operationalize cyber resilience.
Mr Noordin Haji highlighted the importance of intelligence-led approaches, where actionable intelligence is translated into evidence and integrated into the criminal justice chain. Crucially, this means intelligence services must not only gather threats but also understand and navigate relevant legal frameworks—including ensuring due process and balancing surveillance with the protection of individual privacy.
Mr Noordin Haji
Director General, National Intelligence Service, Kenya
The panelists stressed the importance of robust and harmonized cyber legislation. As digital businesses scale pan-African operations, they encounter mismatched regulatory environments—a hurdle that undermines agility, compliance, and rapid defensive action. There was consensus on the value of supranational conventions, such as the African Union’s Malabo Convention, as vehicles for convergence on cybersecurity, data protection, and lawful access norms across borders.
Minister Ingabire further explained that countries are benchmarking their data protection laws on models such as the European Union’s GDPR, facilitating easier cross-country data movement and compliance for startups. However, without an African-wide harmonized legal standard, fragmentation will continue to slow innovation and to leave loopholes open for malicious actors.
A focal point of the discussion was the need to cultivate multidisciplinary expertise in Africa’s cyber workforce. Brig Gen Metodi warned that the dominant focus on IT skills is insufficient. Given the hybrid nature of cyber threats—incorporating technology, intelligence, policy, legal context, and international rivalry—universities must expand curricula to train professionals who understand security doctrines, risk intelligence, compliance, and cross-border legalities. This capacity-building, he suggested, is foundational to achieving strategic autonomy.
Hon. Ingabire stressed the need for local technological development, especially as foreign developed AI models and supply chains may not reflect or serve African interests. Early adoption, paired with deliberate capacity building, fosters an ecosystem in which Africans are not merely users but creators—and can thus develop AI-driven cyber defense tools tailored to their unique threat environments.
Brig Gen (Rtd) MK Hadji Janev Metodi
Associate Professor of Law
However, Professor Metodi warned that sovereignty goes beyond data hosting: it encompasses control over digital supply chains, intelligence about technological backdoors, and the power to set—not just follow—norms about data access, privacy, and AI governance.
Both speakers and the audience highlighted the limitations of isolated national action. African nations, negotiating individually with “big tech,” face disadvantageous power dynamics, as shown by cases where Facebook, Twitter, or AWS responded dismissively to African government demands. Only through collective action, harmonized regulatory standards, and pooled infrastructural investment, could the continent assert itself in the digital sovereignty debate and develop a true cyber defense posture with bargaining power.
The panel grappled with the tension between effective surveillance for preempting cyber threats and the protection of civil liberties. Kenya’s layered approach—requiring warrants and
oversight for surveillance, while acknowledging the practical difficulty of timely legal intervention in real-time cyberattacks—reflects the delicate balance to be struck. Both Haji and Metodi agreed that as “order and liberty” must go hand-in-hand, policymakers must better communicate the rationale for controls to the public and ensure that data-driven empowerment does not slide into unchecked state power or social destabilization.
The panel pointed to the fast-changing threat landscape—AI-driven deepfake attacks, disinformation campaigns, criminal syndicates, and state proxies exploiting Africa’s regulatory gaps. Panelists explained that not only overt cyberattacks, but also digital manipulation of political discourse and social cohesion are forms of “hybrid conflict” that can rise to the level of war, destabilize states, and challenge traditional doctrines of sovereignty and order.
Audience questions emphasized the need for data centers and AI to be not only secure but also climate-smart and energy-efficient, highlighting potential environmental pitfalls of large-scale infrastructure. The potential dangers of being too dependent on foreign-controlled platforms (like Starlink/SpaceX) or cloud environments governed by distant legal regimes were also raised as structural vulnerabilities for African countries seeking digital sovereignty.
The panelists insisted that protecting Africa’s critical infrastructure in the cyber era is both a national and continental imperative. Legal, institutional, and technical capacity-building must be matched by pan-African solidarity. Early adoption of technologies, combined with efforts to harmonize laws and policies, develop AI and cybersecurity talent, and assert data sovereignty, are keys to both resilience and agency.
Fundamentally, Africans must move beyond dependency, embedding security by design and privacy by design in every phase of digital transformation, and build strategic autonomy that protects both their data and their collective futures—while communicating to their peoples that security, liberty, and development must be pursued together.
©2026 - International Security Conference on Africa (ISCA). All rights reserved.