Tag: NCC

The NCC has inaugurated an incidence response facility, called the Center for Computer Security Incident Response (NCC-CSIRT). This is to address incidences of cybercrimes, protect telecoms infrastructure and encourage increased participation in nation’s digital economy. The centre aligns with the National Cybersecurity Policy and Strategy (NCPS) published by the Office of the National Security Adviser (ONSA), which requires each sector to establish a computer incident response team that will provide requisite services to the stakeholders and players within the sector. The NCC-CSIRT is to ensure continuous improvement of processes and communication frameworks to guarantee secure and collaborative exchange of timely information while responding to cyber threats within the telecoms sector.

According to NCC, the CSIRT’s services will commence with four main thrusts, namely; monitoring, incident management, communication, and alert and warning. It has a mandate to assist the telecoms sector in the defence and response to major cyber threats and attacks targeted at the members, provide information, technical as well as policy advisories to strengthen the defensive and response capabilities to cyber threats in the sector. The Centre will liaise with other sectoral CSIRTs as well as local and international security frameworks to protect the communications sector and the general wellbeing of the Nigerian people. The centre will also provide guidance and direction for the constituents in dealing with issues relating to the security of critical infrastructure in their possession; and to periodically assess, review and collate the threat landscape, risks, and opportunities affecting the communications sector and provide advice to relevant stakeholders.

As the internet usage increase since the COVID-19 period, there has been a rise in cyber incidents and criminal activities. The CSIRT will assist the telecoms sector with the management and coordination of cyber security incidents and threats. This will help to provide proactive steps towards building trust, and safety needed for growing the digital economy

In line with the constitution which makes 18 years as the age of consent in Nigeria, the NCC is set to enforce the contract between service providers and their subscribers. One of such is to disallow a minor or a person less than 18 years from engaging in the contract of SIM acquisition which requires a person of proper legal status to undertake. In the Reviewed/Draft Registration of Telephone Subscribers Regulations, presented on Tuesday, October 6, 2021, a subscriber is a person of 18 years and above, with a proper legal status, and matured and rational enough to bear certain responsibilities, obligations and liabilities imposed by a contract.

In order not to contravene the constitution, the NCC intends to limit SIM acquisition to those of this legal status. In the Reviewed/Draft Registration of Telephone Subscribers Regulations, the NCC defines any person below the age of 18 as minor, while a “subscriber is a person from the age of 18 years who subscribes to communications services by purchasing a subscription medium or entering into a subscription contract with a licensee.” It is therefore incumbent on parents or guardian of such people to acquire SIMs in their names for their children and wards under this age. However, they must be ready to take responsibilities for any liability that might accrue thereafter from the use of such SIM card. The policy therefore puts a significant responsibility on parents and guardians to monitor the activities of their minors.

The implication of this policy is that any person below the age of 18 is disqualified from registering and owning a SIM card in any of the network companies in Nigeria. If the policy comes in place, network operators will in the short run delete and loss the subscribers who are not of this age. The ability of them to gain back these subscribers in the long run will depend on the ability of parents and guardians to have the trust that will catalyze them to register SIMs for their adolescents. Even at that, those below the age of 18 without parents, guardians or people who can place adequate trust on them will be lost completely until they reach the legal age of contract as provided by the constitution. This may result to another round of revenue loss to the telecoms companies in Nigeria.

The Nigerian communications commission (NCC) has set new mobile international rate (ITR) for voice services paid by overseas telecom carriers for terminating international calls on local networks in Nigeria at $0.045. The new rate which shall take effect from January 1, 2022, is the floor price or the minimum that can be charged for ITR services. The essence of charging this new rate in the U.S. dollars is to enable Nigerian operators to receive an increasing rate in Naira terms should there be naira devaluation. The new ITR is denominated in dollars to help the local operators. Being denominated in Naira, the existing ITR had multiple negative impacts on local operators which was further exacerbated by episodes of devaluation of naira which ultimately left Nigeria from being a net receiver with respect to international minutes to a net payer.

The new ITR floor rate makes it unlawful for any local networks in Nigeria to charge below the fixed rate. Thus, no licensee shall charge and/or receive effective rate per minute below determined ITR floor rate. Therefore, all networks in Nigeria shall therefore put into consideration all payment discounts, volume discounts and any other concession so as not to go below the fixed ITR. However, operators are free to negotiate a rate above the floor and this will be entirely left to commercial negotiation between the operators and international carriers/partners.

The NCC had engaged Messrs’ Payday Advance and Support Services Limited to undertake a cost-based study of voice MTR that is most suitable for the Nigerian telecommunications industry, given the challenges faced by the local operators as a result of the denomination of ITR in Naira. Based on different parameters as well as regulatory measures such as international experience, cost model results, the state of competition in the sector and the Nigerian macro-economic environment, in addition to the information provided by the stakeholders, the NCC arrived at the present cost-based ITR of $0.045 for voice services paid by overseas telecom carriers for terminating international calls on local networks in Nigeria.

There is a new Android malware named ‘AbstractEmu’, attacking android devices, this is reported by the Nigerian Communications Commission (NCC). If the malware gains access to smartphones, it takes complete control of infected smartphones and silently modifies device settings while simultaneously taking steps to evade detection.

This AbstractEmu is distributed via Google Play Store and third-party stores such as the Amazon Appstore and the Samsung Galaxy Store, as well as other lesser-known marketplaces like Aptoide and APKPure. So far, a total of 19 Android applications that posed as utility apps and system tools like password managers, money managers, app launchers, and data saving apps have been reported to contain the rooting functionality of the malware. The apps include All Passwords, Anti-ads Browser, Data Saver, Lite Launcher, My Phone, Night Light and Phone Plus, among others.

The rooting malware although rare, and very dangerous. It operates by using the rooting process to gain privileged access to the Android operating system, the threat actor can silently grant itself dangerous permissions or install additional malware – steps that would normally require user interaction. Elevated privileges also give the malware access to other apps' sensitive data, something not possible under normal circumstances.

Once installed in a device, it leverages one of five exploits for older Android security flaws that would allow it to gain root permissions. It also takes over the device, installs additional malware, extracts sensitive data, and transmits to a remote attack-controlled server. It can also modify the phone settings to give app ability to reset the device password, or lock the device, through device admin; draw over other windows; install other packages; access accessibility services; ignore battery optimisation; monitor notifications; capture screenshots; record device screen; disable Google Play Protect; as well as modify permissions that grant access to contacts, call logs, Short Messaging Service (SMS), Geographic Positioning System (GPS), camera, and microphone.

Although the app has been removed from the Google Play Store, the other app stores are likely distributing them. Consequently, to mitigate the risks. The NCC creates a two-fold advisory include:

• Users should be wary of installing unknown or unusual apps, and look out for different behaviours as they use their phones.
• Reset your phone to factory settings when there is suspicion of unusual behaviours in your phone.

This is the second malware reported by the NCC since October. The first was Flubot.

Similarly, the NCC also alerted of an advanced persistent threat (APT), an Iranian hacking group known as Lyceum (also known as Hexane, Siamesekitten, or Spirlin) targeting telecoms, Internet Service Providers (ISPs) and Ministries of Foreign Affairs (MFA) in Africa with upgraded malware in a recent politically motivated attacks oriented in cyberespionage. The hacking group is known to be focused on infiltrating the networks of telecoms companies and ISPs. Between July and October, 2021, Lyceum was implicated in attacks against ISPs and telecoms organisations in Israel, Morocco, Tunisia, and Saudi Arabia. Lyceum has been linked to campaigns that hit Middle Eastern oil and gas companies in the past. The APT is also responsible for a campaign against an unnamed African government's Ministry of Foreign Affairs. The group appears to have expanded its focus to the technology sector.

There are various ways through which the lyceum group could attack its target. Lyceum's initial onslaught vectors include credential stuffing and brute-force attacks. Once a victim’s system is compromised, the attackers conduct surveillance on specific targets. Lyceum will attempt to deploy two different kinds of malware: Shark and Milan (known together as James). Both malwares are backdoors. Shark, a 32-bit executable written in C# and .NET, generates a configuration file for domain name system (DNS) tunneling or Hypertext Transfer Protocol (HTTP) C2 communications. Milan is a 32-bit Remote Access Trojan (RAT) that retrieves data. These two malwares are able to communicate with the group’s command-and-control (C2) servers. The APT maintains a C2 server network that connects to the group's backdoors, consisting of over 20 domains, including six that were previously not associated with the threat actors.

The malwares usually target individual accounts at companies of interest, once these accounts are breached, they are used as a springboard to launch spear-phishing attacks against high-profile executives in an organization. The suggests that not only do these attackers seek out data on subscribers and connected third-party companies, but once compromised, threat actors or their sponsors can also use these industries to surveil individuals of interest.

There are however ways to guard against this kind of threats. The NCC therefore re-echo ngCERT reports that multiple layers of security in addition to constant network monitoring is required by telecom companies and ISPs alike to stave off potential attacks.

Specifically, telecom consumers and the general public are advised to:

• Ensure the consistent use of firewalls (software, hardware and cloud firewalls).
• Enable a Web Application Firewall to help detect and prevent attacks coming from web applications by inspecting HTTP traffic.
• Install Up-to-date antivirus programmes to help detect and prevent a wide range of malware, trojans, and viruses, which APT hackers will use to exploit your system.
• Implement the use of Intrusion Prevention Systems that monitors your network.
• Create a secure sandboxing environment that allows you to open and run untrusted programs or codes without risking harm to your operating system.
• Ensure the use of virtual private network (VPN) to prevent an easy opportunity for APT hackers to gain initial access to your company’s network.
• Enable spam and malware protection for your email applications, and educate your employees on how to identify potentially malicious emails.

Sequel to appeals by the Mobile Network Operators and other industry stakeholders, soliciting for a further extension, the Federal Government through the NCC has extended the deadline for the National Identity Number (NIN)-Subscriber Identity Module (SIM) data verification exercise till the 31^st of December, 2021. The extension is to ensure better compliance with government’s directive provide the enabling environment for the registration of Nigerians in remote areas, diaspora, schools, hospitals, worship centres, as well as foreigners, diplomatic missions, those in other areas that were hitherto unreachable, and increase enrolments in countries with a significant number of Nigerians. This will avoid widening the digital divide.

The review of the progress of the exercise indicated that over 66 million unique National Identity Numbers (NIN) have been issued- an indication of progress achieved in the ongoing NIN-SIM linkage. However, a significant part of the populace is yet to be registered into the National Identity Database (NIDB), which may be due to some challenges which the Federal Government has looked into and has made efforts to alleviate, hence the need to extend the deadline.

As of October 30, 2021, over 9,500 enrolment systems and over 8,000 NIN enrolment centres within and outside the country has carried out 66 million NIN enrolments, with an average of 3 to 4 SIMs linked to the NIN. The Federal Government has pledged to allow all innocent, law abiding citizens and residents will not lose access to their phone lines as long as they obtain and link their NIN. To this end, the NCC has created additional NIN enrolment centres within and outside the country, and many more coming up. This will ensure that the remaining citizens and legal residents living in the country and the diaspora are able to obtain their NINs and link them with their SIMs before the end of the year.

The NIN-SIM verification process is geared towards supporting the Government’s drive to develop Nigeria’s digital economy, strengthen the ability of government to protect the cyberspace and support the security agencies.

Four deserving Nigerian tech startups, Clearflow System Hub, Aelaus Engineering Teams/Hyech Electronics Solutions, Kalibotics, and CyberNorth Tech, have been awarded N5 million each by the NCC for their novel digital solutions, aimed at finding innovative digital solutions in addressing the challenges of insecurity and to stem the growth in national e-waste rates, while advancing the frontier of Internet of Things (IoT) in Nigeria.

The first two startups, Clearflow System Hub; and Aelaus Engineering Teams/Hyech Electronics Solutions, emerged winners on IoT category on kidnapping and banditry, Kalibotics and CyberNorth Tech, emerged winners on assistive robotics for effective e-waste management solutions. According to the NCC, the awards were in furtherance of its commitment to encourage development of new indigenous technologies and contents, that are oriented in cutting-edge research to stimulate sustainable economic growth. It also aligns with the objectives of the Nigerian Economic Sustainability Plan (NESP) 2020, NCC's Strategic Vision Plan (SVP) 2021-2025, Executive Order 5 of 2017, and Section 1 (f) of the Nigerian Communications Act (NCA), 2003 which focuses on promotion of Nigerian content in contracts, science, engineering and technology.

Meanwhile, the NCC has reiterated its resolve to ensure increased broadband penetration in line with the Federal government’s targets of 70% broadband penetration among 90% of the country's population. It also seeks to achieve broadband speeds of 15Mbp and 25Mbps in rural and urban areas respectively over the next five years. The commission is determined to provide a robust broadband infrastructure which facilitate the effective deployment of Fifth Generation (5G) Mobile Technology and services associated with it in Nigeria. The commission is 97% ready for 5G deployment, and has also fixed a date for the auction of some spectrum slots in 3.5GHz band

The NCC has fixed December 13, 2021. As the official date for the auction of the 3.5 Gigahertz (3.5 GHz) spectrum for the deployment of Fifth Generation (5G) technology in Nigeria. This is contained in the Information Memorandum (IM) presented by the Commission at a stakeholder engagement forum organised on 5G spectrum in Lagos recently. The NCC has slated the mock auction sale, a precursor to the actual auction for December 10, 2021, while the actual sale, software-based Ascending Clock Auction format, will take place on the said date.

The IM, details information, conditions, obligations, financial implication, timelines and other necessary details on the planned 3.5Ghz spectrum auction. It explains the rollout obligations of the would-be eventual winners of the spectrum licence auction, whose reserved price has been pegged at $197.4 million (N75 billion). It states explicitly that only licensees, who make down payment of 10 per cent of the reserved bid price and with 100 per cent regulatory compliance would be allowed to participate in the auction while licensees with outstanding debts that have secured NCC’s approval for a payment plan will be allowed to participate in the auction. The auction gives a 10-year spectrum licence and requires the possessor to hold a minimum an operational Universal Access Service Licence (UASL). For new entrants or licensees into the telecoms sector, it is very necessary to obtain a UASL operational license to be qualified for the 5G licence.

The 5G licensees are expected to have a 10-year rollout obligation plan, beginning from the date of award of the licence. Between the first and second year of the licence, the operators are expected to rollout service in, at least, one state in each geo-political zone. They are obligated to cover all the zones from the third to fifth year. They are expected to cover all the states in the country, according to guidelines set out in the IM, between six to 10 years.

5G technology is expected to leverage on the impact of Fourth Generation (4G) technology which brought about tremendous increase in mobile usage and network performance globally, to bring substantial network improvements, including higher connection speed, mobility and capacity, as well as low-latency capabilities.

Three telecoms’ companies have qualified as approved bidders of the forthcoming 3.5 gigahertz spectrum auction for the deployment of 5G networks in the country. MTN Nigeria Plc., Mafab Communications Limited, and Airtel Networks Limited were announced by the NCC as the preferred bidders, who have also satisfied the Intention to Bid Deposit as outlined in the Information Memorandum. For this reason, the three companies will participate in the mandatory Mock Auction process, and the Main Auction which holds on Friday, December 10, 2021, at Transcorp Hilton Hotel, Abuja by 11:00 a.m., and on Monday, December 13, 2021, respectively, at the same venue.

This will be the second and final trial of the 5G technology in the country as the deadline for submission of bids and Initial Bid Deposits (IBDs) closed on Monday November 29, 2021 at 5pm. The de­ployment is expected to happen first quarter of next year, according to the Minis­try of Communications and Digital Economy. The first trial of 5G technology and applications in West Africa was caried out by MTN Nigeria. This was done in with a strong collab­oration with the Ministry of Communications Technology and Huawei (Abuja), ZTE (Calabar) and Ericsson (Lagos). This enabled MTN and its partner – Huawei, to be able to provide a glimpse into a range of 5G use cases and applications at a test Lab designed to show proof-of-concept in Abuja.

The stage is now set for the launch of 5G technology. While these firms have met the necessary conditions, the deployment still requires a huge expenditure on the upgrade of telecoms infrastructure. The stock market remains the best option for such financing need, syndicate financing by banks could also be explored. This will enable the telecoms firms that have not yet met the financial conditions for 5G deployment to do so as well as enable the operators upgrade their infrastructure. This is more so given that operators have asked the Nigerian Communications Commission (NCC) for intervention to facilitate early approval installation of additional GSM masks for the 5G roll-out.

In exercise of its powers under Sections 2 and 70 (2) of the NCC Act, the NCC has developed a Commercial Satellite Communications Policies for the telecommunications sector aimed at facilitating provisioning of Space based communications services in Nigeria. The guidelines provide a Licensing Framework which will facilitate investments and entry into the Nigerian market for provision of communications services.

The commission has granted approval for the space landing permits of various classes to different operators to beam their satellites in Nigeria. The recipients of the space landing permits include INTELSAT LLC with 24 C – Bands and Ku-Bands permits; EUTELSAT S.A. with nine Ku-Bands, C-Bands permits; Avanti HYLAS 2 Limited with one Ka-Band permit; and YAHSAT with one C-band and two Ka-Bands permits, etc. The space landing permit empowers the satellite providers to provide commercial satellite broadband services to users in Nigeria. The permit took effect from 2019 to 2021 for all the commercial satellite providers, and covers a period of three to thirteen years depending on the type of permit granted. The NCC plans to update the data every six months to show the status of market access and all the Landing permits issued or modified.