Two Agencies under the Ministry of Communications and Digitalisation (MoCD), the National Information Technology Agency (NITA) and the National Communications Authority (NCA), alongside the Ghana Association of Banks (GAB), have signed joint statements with the Cyber Security Authority (CSA) as part of efforts towards the successful implementation of the Cybersecurity Act, 2020 (Act 1038) which was assented into law on December 29, 2020.

After successful deliberations, the respective Institutions agreed to collaborate more closely on some critical areas and agreed to provide each other with all the necessary assistance for the execution of their respective mandates and functions.

NCA and CSA reaffirmed their commitment to work together and agreed to:

  • Hold joint discussions with various designated (CII) owners and come up with sector-specific directives to serve as guidelines for the protection of these CIIs.
  • Collaborate in the area of capacity building of the staff of both institutions to ensure that the personnel have fundamental knowledge and appreciation of cybersecurity. These capacity-building projects may include exchange programmes, technical workshops, and consultations.
  • Work together to determine a minimum certification as baseline requirements for Computer Emergency Response Team staff in both institutions.
  • Collaborate in the area of awareness creation and public education on critical national issues, technology usage, cybersecurity, cybercrime and related matters.
  • Adopt a multi-stakeholder engagement approach through partnerships to enhance stakeholder knowledge of the law and to create a cooperative environment to support law enforcement and build capacities among various sectors.

CSA and NITA reaffirmed their commitment to work together and agreed to:

  • Partner to engage their common stakeholders to hold joint discussions on the areas of their respective mandates.
  • Collaborate in the development of a sectoral directive for the protection of CIIs in the government sector.
  • Collaborate in the area of capacity building and knowledge transfer through personnel exchanges.
  • Collaborate in the area of incident response as NITA is considered a Sectoral Computer Emergency Response Team (Sectoral CERT) lead pursuant to Section 44 of Act 1038.
  • Collaborate on standardisation, certification and accreditation activities as part of both institutions’ regulatory mandates.
  • The GAB and CSA reaffirmed their commitment to work together and agreed to:

    • Collaborate with the Bank of Ghana to review the existing financial sector cybersecurity directive based on the current cyber risk profile of the financial sector and to align with the Cybersecurity Act 2020 (Act 1038).
    • Sign an MOU on capacity building and awareness creation on cyber risks in the banking sector. The parties will further collaborate to sensitise the public on the latest trends in cyber threats and ways they can protect themselves.
    • Adopt a multi-stakeholder approach through partnerships and joint activities to increase stakeholder knowledge, understanding and compliance with the Cybersecurity Act, 2020 and to promote collaboration with other agencies to improve cybersecurity in the financial sector.
    • Work closely with the BoG to ensure the accreditation of the Financial Sector Sectorial CERT pursuant to Section 44 of the Cybersecurity Act, 2020 to facilitate incident reporting and information sharing on cybersecurity incidents among banks.
    • Collaborate and contribute to the establishment of the Industry Forum pursuant to Section 81 of Act 1038.

    Both the CSA and GAB resolved to work closely with the BoG and other relevant agencies to ensure alignment of the various regulatory responsibilities of Banks to facilitate effective cybersecurity development in the banking sector