By Miriam Humbe
The Nigerian Communications Commission (NCC) has intensified advocacy on the protection of Critical National Information Infrastructure (CNII) with the aim of maintaining steady quality of service nationwide.
For a better understanding, the CNII is a comprehensive approach to securing and protecting the telecommunications sector, a vital infrastructure from a wide range of threats, including cyberattacks and natural disasters.
The Critical Infrastructure Protection policy, a comprehensive security framework is therefore, crucial. It is designed to safeguard essential systems, networks, and assets vital to a nation’s security, economic stability, and public safety.
The Designation and Protection of Critical National Information Infrastructure Order, 2024 enacted under the Cybercrimes Act targets specific threats to assets like telecom towers, data centers, and fibre optic cables. It aims to secure Nigeria’s digital economy and services.
To highlight the importance Nigeria places on the telecommunications sector and Critical National Information Infrastructure, the Federal government issued the Order officially designating ICT systems in various sectors of the Nigerian economy as CNII.
The federal government therefore established legal frameworks aimed at Protecting Critical National Information Infrastructure. Laws such as Nigeria’s 2024 Order, designating vital systems (power, finance, telecom) for special security, establishing oversight bodies like Office of the National Security Adviser, (ONSA) to develop protection plans (CNIIPP) and share threat intelligence via networks (TISN), and imposing penalties for interference, are all aimed at ensuring continuity for national security, economy, and public safety.
Key methods include audits, incident response, promoting resilience, and fostering collaboration between government, operators, and private entities to prevent unauthorized access, data theft, and service disruptions.
The Security of Critical Infrastructure Act 2025 (SOCI Act 2025) amendments has introduced stricter cyber security and risk management obligations for 11 critical sectors – ensuring the nation’s economy, security, and public health are protected from evolving threats. Non-compliance could expose your organisation to regulatory penalties and heightened cyber threats.
It is necessary to ensure Critical Infrastructure Protection (CIP). This is a comprehensive security framework designed to safeguard essential systems, networks, and assets vital to a nation’s security, economic stability, and public safety
Section 37 of Nigeria’s 1999 Constitution guarantees the fundamental right to privacy, stating that the privacy of citizens, their homes, correspondence, telephone conversations, and telegraphic communications is protected, safeguarding individuals from unlawful intrusion and ensuring confidentiality. Exceptions however, exist for national security or lawful investigations under strict conditions. It is a cornerstone for data protection and personal liberty, preventing arbitrary searches and ensuring private communications remain private.
Since Critical National Information Infrastructure is likened to a gold mine, how can we all protect it for the good of all?
Below are some five key suggestions for Best Practices: Vulnerability Assessments and Risk Analysis, Proactive Incident Response Planning, Network Segmentation and Access Control, Employee Training and Awareness Programs and Continuous Monitoring and Threat Intelligence.
To protect the Critical National Infrastructure, all hands must be on deck. Private sector owners and operators, other Federal, State, and Local government agencies must collaborate to protect the nation’s critical infrastructure.
