What are your plans for NITDA?
I think I have been implementing my plans so far. When I came in last year the first thing I did was to personally design and develop what I called IT Strategic Plan of Transforming and Repositioning IT sector in Nigeria. I drafted it, I invited some experts and stakeholders to review it and they did so and I also presented it to another committee during our eNigeria in November 2016. Furthermore, I also presented it to my management team during our last retreat in February 2017, and we have adopted the document as our own actionable plan on how to transform the IT sector in Nigeria.
We focus more on some major areas: (1) regulation, (2) capacity building (3) digital job creation (4) cyber security (5) Local content development.
Our mandate is very wide, and because of this I did scale of preference. We identified things that were of priority and we are focusing more on those things to see what we can achieve from them within the next few years. However this does not mean we can’t pursue the remaining but we are focusing on these areas first.
First and foremost, regulation. IT has not been properly regulated in Nigeria. NITDA based on its statutory power is the regulator of Information Technology in Nigeria. It has the sole responsibility to make sure IT is regulated. IT has never been regulated throughout our history. Whenever you are online you are exposed to danger; most of our people are not aware of this. Because of this the first thing I did was to make sure our regulation is very effective. Part of doing that is that you have to have your standards and guidelines on what to regulate. We are reviewing our standards and developing new ones. I have just directed my technical adviser to setup two new committees to work on standards and guidelines on how to regulate IT in Nigeria. We have more than 20 which have already been developed.
By regulating the sector, you will save a lot of resources for Nigerians and for the federal government. It is an effective way of countering cybercrimes. As long as IT is regulated you can easily counter cybercrimes. It is also an avenue to promote our local content and reduce our dependence on importation. Nigeria loses huge amount of money in foreign exchange every year through importation of ICT goods and services. About $2.8 billion is what we lose yearly to this; this includes $1billion spent annually on software imports.
What we want to do is to ensure that only those products and services that we don’t have capacity to produce are imported. But if the capacity is there, we must patronise our own. That is the only way we can move forward.
But some people are of the view that regulating IT and what people do online will slow down ICT development in the country…
No. If we are regulating we have our standards and guidelines. Most of our MDAs websites are being compromised day in day out because they are not conforming to minimum standard of designing and hosting websites.
Part of regulation is to make sure that minimum standard is there, but today any MDA or organisation can just use any software to design its website without security and any person can access it. And by implication you are compromising our security. That is why you see cyber criminals hijack websites anyhow and start defrauding people, claiming they are working for that government agency or that private organisation. They will say something like ‘ We are recruiting, pay N50,000 to this account’, and you will see people paying into that account because there is nothing to tell them that, that information is not from the agency or organisation.
So by regulating how websites should be designed and hosted, we are protecting the interest of our nation and our fellow Nigerians. Regulation is not to stifle people’s right to ICT or jeopardise their efforts towards development of ICT, but to make the system effective and ensure that the security of the country is not compromised, and to ensure that fellow Nigerians are not harmed by substandard products and services.
We are also to ensure that there is constant upgrade of software used in designing our websites. And we are also interested in knowing where websites are hosted. For instance how can you allow an agency that is dealing with security to be hosting its data outside the country? You can’t see that anywhere in the world except here in Nigeria. We can’t keep the secret, the confidential records of government if we host our data outside the country; in another country.
You said Nigeria still imports virtually all what it consumes in terms of ICT, what are you doing to stop or reduce this?
We have setup two offices purposely to do this. One office: Office of Nigerian Local Content in ICT. This is an office to promote anything Nigerian in ICT, to give it publicity, to promote it and to call the attention of MDAs to patronise our own IT. By implication we are using this to strengthen our economy.
The office is to tell the MDAs that there is a law that has made it an offence for you to buy an ICT product or service, which is available here in Nigerian, outside the country. It is an offence to do that.
But most MDAs claimed that they were not aware of this, and that is why we are giving it publicity now. I have told the Bureau of Public Procurement that they shouldn’t allow any MDA without NITDA’s clearance to purchase any IT product or service. I also went to the Budget Office to tell them that they shouldn’t approve any IT budget of any agency without our input; without seeking clearance from here.
People don’t know that the federal government had asked MDAs to consult NITDA and seek clearance before embarking on any IT project.
Are MDAs complying with this?
They have started complying. Whoever doesn’t follow the directive, a legal action will be taken against him. I said it and I mean it because for you to breach our Act is a punishable offence which could be imprisonment of up to one or three years, as the case maybe.
So any CEO that thinks he can use IT to siphon government money by not seeking clearance from NITDA for his IT project should go ahead and do that but if the information reaches us, he will pay.
And anyone that comes here, we will not just give him the approval: first and foremost, we will see the IT components, software, hardware and other devices involved. We will see the personnel in the agency that can manage it. Sometimes we may even tell you to let us see your projects of last year in IT because we need sustainability; not careless spending of money. We will also know the amount to be spent. If we look at the amount and the project we can do Cost Benefit Analysis; value for money analysis to see whether there is justification for spending government money on it or not. If we are comfortable with all these and the project is a small project, we will give you provisional approval. But if it is a major project, we will inspect it. And we can only give you certificate of compliance at the end of it.
Have you in a way detected any fraud in the way MDAs are going about their IT projects?
Most of the MDAs are coming to us now and we are monitoring their IT projects. We have a team that is monitoring all of them; their IT projects. We have seen an instance where a project which should be N20 million was brought to us as a N200 million project. When we invited them to come and defend the proposal we discovered that the project, ordinary shouldn’t be more than N20m.
Some of them consider IT projects as conduit to siphon government money. So we are monitoring all IT projects of all MDAs and we are keeping our eyes on them. They can’t claim ignorance again; I personally signed the letters we sent to all of them informing them of this, in addition we also put out adverts in newspapers. In all the letters sent we received acknowledgement copies, so this will be used as evidence against them in case they breach it.
And for sure some MDAs are being monitored and as long we are still here, we will not allow any MDA to use IT as a conduit to siphon government money. There must be justification for any IT project. And the media should call our attention to whatever they see going wrong in the IT projects of MDAs.
How many MDAs have come to you for IT clearance?
I can’t give you the number offhand now, but many have actually come. I can give you some: PENCOM came seeking clearance, the Federal Character Commission came for clearance for their project, the Federal Ministry of Mines came here for the same purpose. And many still come on a daily basis. And because of this we can say many are complying, a few others are not. But we are monitoring them.
