The breakdown of the National Identity Management Commission (NIMC)’s server a fortnight ago caused unprecedented hardship among government and private institutions that needed to verify the National Identification Numbers (NINs) of customers who sought critical services.
Institutions affected included banks, telecommunications companies, Nigeria Immigration Service (NIS), external examination bodies, and the like. For over 10 days, the situation persisted, creating the kind of frustration that gives the impression that there are no measures put in place to deal with such an emergency in the country.
- NIGERIA DAILY: How Thugs Dictate The Outcome Of Elections In Nigeria
- Harassment of Ortom threat to unity, co-existence of Nigeria – PDP
Though experts insinuate that what happened was a classical case of cyber attack, the NIMC management blamed it on hitches from the hosts of its data, the Galaxy Backbone Limited, a federal government agency that provides Information and Communications Technology services to all government agencies. In a statement it issued, NIMC said, “The National Identity Management Commission (NIMC) wishes to inform the general public that its NIN verification Service (NVS) is temporarily unavailable due to the maintenance service being carried out by one of the commission’s network service providers. The NIMC wants to assure the public that verification and authentication services would be restored once the maintenance is concluded. The commission apologises for any inconvenience this might cause our esteemed customers, as all hands are on deck to ensure speedy restoration. Meanwhile, the public can make use of the alternative tokenisation verification platform.”
Passing the buck to other institutions that were unable to render services to customers, Kayode Adegoke, the spokesman for NIMC, blamed banks, telecoms, and other organisations that verify customers NIN for not resorting to tokenisation. He argued thus: “Even though the NIN verification service (NVS) might be down due to maintenance by one of our service providers of its infrastructure, the alternative platform – TOKENISATION – is up and running. There is the need to ask questions from the telcos, NIS, banks and others on the reason for turning down customers in the guise of NIN not being verified due to the temporary unavailability of the NVS, while the alternative platform-tokenization is working!!!”
However, those who resorted to tokenisation and attempted to use the USSD code complained that the device was not working, and that the NIMC app for NIN verification was not effective. An expert explained the situation thus: “The thing with the USSD code is that you cannot dial it with a number you did not register the NIN with, but if you download the mobile app, at the point of downloading it will send OTP (one-time password) to your line so that you can input it at the point of registering on the app. The OTP is not dropping. These are what we were asked to test run and see how it goes.”
This situation persisted until last weekend when Galaxy Backbone claimed its portal had been restored and running, and that all government agencies it serviced had their servers restored. It is, nevertheless, not acceptable that in the 21st Century when every system is anchored on data, such a hitch could obstruct services for over 10 days. This is no doubt, a signal that Nigeria’s cyber security is either in doubt or so weak that it is vulnerable to devastating cyber attacks. No country, in recent history, has faced such breakdown for such a long period.
The questions that arise are: does Nigeria have a cyber security policy? If so, is it being implemented? After several years of workshops, debates and discussions, the government arrived at a National Cyber Security Programme in 2020. Under the programme, the policy, strategy and implementation of cyber security for Nigeria was developed. The objective of the programme was to come up with a special purpose vehicle that would effectively assess the cyber security readiness or vulnerability of all government institutions and come up with measures to avert them. In spite of the hard work put into the preparation of the policy document, government has been foot-dragging on setting up the necessary regulatory framework for its implementation. Perhaps, if it had been in place, the glitch suffered by Galaxy Backbone Limited that led to the embarrassment the country went through for over 10 days would have been averted.
The cost of the breakdown of NIMC’s server to government and Nigerians is not yet clear. But, we call on NIMC, Galaxy Backbone Limited and government to put in place measures to avert the repeat of the harrowing experience Nigerians and institutions went through in the last few days. It is feared that cyberwar could be as devastating as any war, leading to financial loss and compromise of vital data. So, it is a good thing that an agency has been created to protect data and ensure data regulation. We call for a quick takeoff of the agency and to ensure that the mandate is carried out effectively.
There is no gain saying the fact that cyber security is now as vital as the security of lives and properties in the country. It should not be ignored.