Abolaji Adebayo 
In the face of evolving threats, from ransomware and sophisticated phishing to supply chain compromises and attacks on 5G and SDN, safeguarding the critical infrastructure requires a fundamental shift in strategy, Abolaji Adebayo writes
The hum of a data server, the invisible pulse of a mobile network, the seamless transfer of funds, the remote monitoring of a hospital patient, these are the rhythms of modern Nigeria, a nation increasingly powered by its digital economy. This interconnectedness, however, has forged a new frontier of vulnerability.
In the shadows of this rapid digitidation, a silent war is being waged, one fought not with physical weapons but with lines of malicious code, targeting the very backbone of the nation’s progress: its telecommunications infrastructure.
Telecommunications infrastructure is the central nervous system of the modern world. It enables global finance, powers critical government services, facilitates emergency response, and connects billions of people.
However, this immense importance also makes it a prime target for nation-states, cybercriminals, and hacktivists. A successful attack on a telecom network can cripple a nation’s economy, disrupt essential services, and compromise national security.
Recognising the escalating stakes, the Nigerian Communications Commission (NCC) is moving decisively to erect a formidable digital defense. Through the development of a comprehensive, mandatory cybersecurity framework set for implementation by telecom licensees in 2026, the regulator is embarking on a critical mission to future-proof the nation’s digital economy against an ever-evolving threat landscape.
Digital threats
The urgency was palpable in Abuja recently during the NCC’s second stakeholders’ meeting on the cybersecurity framework. This wasn’t merely a bureaucratic exercise; it was a strategic war council. The NCC’s Executive Commissioner for Technical Services, Abraham Oshadami, laid bare the reality for industry leaders and government representatives.
He articulated a world where the nature of cyber threats has fundamentally shifted. “Given the increasing digitalization of services, the rapid growth of data exchange, and the sophisticated nature of modern cyber threats, the need for a robust, adaptive, and inclusive cybersecurity framework has never been more urgent,” Oshadami stated.
His words underscore a global phenomenon hitting home. Nigeria, with its vast and growing population of internet users, is a lucrative target. Cybercriminals employ everything from ransomware attacks that can paralyze a mobile network operator to sophisticated phishing schemes targeting millions of subscribers. The threats are no longer just about stealing data; they are about disrupting national life.
Cyber insecurity cost
For years, the cornerstone of cybersecurity has been the “CIA triad”: Confidentiality, Integrity, and Availability. Oshadami compellingly argued that this is no longer sufficient. The conversation must now include a fourth, more grave dimension: Human Safety.
“As cyberthreats evolve, they endanger not only system performance but also human safety,” he warned, adding that “cybersecurity now encompasses human safety and must address the real risk to people’s lives when a system is attacked or compromised.” This is not theoretical. Consider a scenario where a cyber-attack disrupts the network of a major hospital, crippling critical care systems and remote patient monitoring.
Imagine the chaos if emergency service numbers (like 112) are rendered inoperable by a coordinated denial-of-service attack. Or ponder the national security implications if a state-sponsored actor gains control of critical operational technology (OT) within a telecoms hub. The framework, therefore, isn’t just about protecting profits; it’s about safeguarding citizens.
National asset
Why focus so intensely on the telecom sector? The answer lies in its foundational role. The telecommunications industry is the central nervous system of Nigeria’s digital ambition. It facilitates everything from banking and commerce to education and governance.
This critical role in national development, economic transformation, and societal interaction makes it both a strategic asset and, as Oshadami noted, “a prime target for cyber threats.”
An attack on a major bank is contained; an attack on a major telecom operator can have a cascading effect, crippling the banking sector, disrupting e-commerce platforms, and halting digital government services simultaneously. The 2026 implementation timeline for licensees acknowledges this interdependency. It provides a clear runway for companies to integrate these new
Ultimately, the NCC’s cybersecurity framework is more than a set of rules; it is a statement of intent
protocols, conduct necessary audits, and train personnel, ensuring the transition strengthens rather than disrupts services.
Collaboration
A top-down, regulator-heavy approach would be doomed to fail. The NCC has wisely chosen a path of collaboration. The meeting in Abuja was a testament to this philosophy, bringing together a diverse coalition of telecom licensees, government agencies from the broader digital economy ecosystem, and consultants. “The NCC remains committed to an inclusive and consultative process.
Recognising that sustainable cybersecurity outcomes can only be achieved through shared responsibility and strong public-private partnerships,” Oshadami emphasised. This collaborative model is essential for several reasons. First, the telecom operators are on the front lines; they possess intimate knowledge of the threats they face daily.
Their input ensures the framework is pragmatic and actionable, not just theoretical. Second, cyber threats are borderless. A vulnerability in one network can become a gateway to attack another. A unified framework ensures a high baseline of security across the entire industry, eliminating weak links that attackers often exploit.
Third, the involvement of agencies like the World Bank, which is supporting the project, provides not just funding but also access to global best practices and international threat intelligence, connecting Nigeria’s defenses to a wider global network.
Framework
While the full technical details are still being refined, the presentation by Dr. Kazeem Durodoye, CEO of CyberNover (the NCC’s consultants on the project), offered stakeholders a clearer view of the framework’s architecture.
Industry experts suggested that it will likely be structured around several core pillars such as risk-based governance, mandating a top-down approach where company boards are directly accountable for cybersecurity strategy and oversight, ensuring it is treated as a core business risk, not just an IT issue.
It also entails technical standards and resilience, which establish minimum security standards for network infrastructure, mandating robust incident response and disaster recovery plans, and ensuring resilience against large-scale attacks that could cause nationwide outages.
There is protecting operational technology (OT) as another pillar which entails moving beyond traditional IT security to address the unique vulnerabilities of the physical hardware and systems that control network operations, which are increasingly targeted by adversaries.
They also suggested supply chain security, ensuring that the ecosystem of vendors and third-party partners that support telecom operators also adhere to strict security protocols, closing a common backdoor for attacks, while continuous monitoring and threat intelligence will promoting the adoption of advanced security operations centers (SOCs) and encouraging real-time sharing of threat intelligence between operators and the NCC to enable a proactive, rather than reactive, defense posture.
NCC’s Head of Cybersecurity and Internet Governance, Babagana Digima, provided the crucial timeline: the framework is expected to be finalized by the end of the third quarter of 2025, with implementation kicking off in early 2026.
Pathway
The path to a more secure digital Nigeria is not without its hurdles. For telecom operators, implementing a new regulatory framework will come with significant costs, investment in new technologies, training, and potentially restructuring internal processes. The NCC will need to ensure the guidelines are clear, and the compliance process is streamlined to avoid stifling innovation.
Furthermore, the cyber threat landscape will not stand still between now and 2026. The framework must be inherently adaptive, designed with mechanisms for regular updates to counter novel attack vectors. Yet, the opportunities far outweigh the challenges.
A secure and trusted digital environment is the single greatest catalyst for economic growth. It attracts foreign investment, as companies feel confident housing their data and operations in Nigeria.
It fosters innovation, allowing fintechs, startups, and established businesses to develop new services without the constant overhang of cyber risk. It protects the most vulnerable citizens from fraud and identity theft.
Ultimately, the NCC’s cybersecurity framework is more than a set of rules; it is a statement of intent. It is a declaration that as Nigeria continues its bold journey into the digital future, it will do so with its eyes wide open, building not just for growth and innovation, but for security, resilience, and the safety of its people. In fortifying its digital frontier, Nigeria is not just protecting its present; it is securing its future.
Last line
Safeguarding telecom infrastructure is not a one-time project but a continuous cycle of assessment, adaptation, and improvement. The threat landscape will never stand still, and neither can our defenses.
