Africa’s telecommunications infrastructure continues to come under threat from physical and cyber-attack. While the motivation varies, the result is the same…
The very real threat faced by Africa’s telecommunications industry continues to blight the delivery of reliable communications across the continent, negatively impacting government, businesses and consumers alike.
In Nigeria, 2023 saw repairs and revenue losses from damaged cables estimated at almost N27 billion. In South Africa, Vodacom annually loses some R100 million to mobile tower battery theft and infrastructure vandalism; Telkom’s estimated losses from vandalism and theft are R7 billion per year; and MTN spent R33 million in 2023 to account for damages and theft.
Pressure points
The threats to Africa’s telecommunications infrastructure are not limited to one key area; theft, vandalism and sabotage are a concern to all.
“There is a multitude of equipment that is prone to theft and vandalism, with the major ones being copper cabling, diesel generators, battery banks and fuel,” says Christopher Greaves, researcher, Middle East & Africa, TowerXchange. “There have even been cases of entire cell towers being deconstructed, from the steel all the way to the concrete (but in rare cases).”
“Power backup systems, including diesel generators, solar panels, and batteries, are especially vulnerable due to their high value in black markets,” explains Martin Machira, Manager projects and Business development, Galooli East Africa. “Fuel theft and dismantling of generator parts are common. Copper cables are frequently stolen due to high resale value and weak regulations.
Copper theft is one of the most widespread threats to telecommunications infrastructure in Africa, but fuel is another top contender. Many sites rely on diesel generators to ensure consistent power supply, especially in rural or remote areas. Power generators, too, are often targeted due to their resale value – Nigeria is a hotspot for generator theft due to the country’s notorious power supply challenges.
“Copper and fuel are highly vulnerable in Nigeria and Africa as a whole, particularly due to high demand in the informal/black markets. These items are easy to steal and have significant market value,” adds Michael Ike Enebeli, Director of Sales & Business Development, Galooli West Africa.
“Beyond the site itself, a significant amount of theft of fuel takes place within the supply chain such as on route and at supply depots,” says Greaves. “The risk of theft varies by market, with Nigeria and South Africa being the biggest (although this is also correlated to the amount of cell towers); but every telecom tower operator in Africa is at risk of theft.”
TowerCos beware
Africa’s telecommunications ecosystem is large and varied, comprising TowerCos, MNOs, data centres, ISPs, fibre operators, WISPs, etc. – each of whom face different levels of threat depending on their role, location, and the infrastructure they manage.
“You could argue that TowerCos view vandalism as a bigger threat because passive infrastructure management is their core service offering. Moreover, TowerCos must meet stringent SLA targets of 99.9% upwards in most cases which are impacted by the theft of power equipment that can lead to downtime,” says Greaves.
“TowerCos face the biggest threat due to the large number of remote physical infrastructures they manage, which makes them vulnerable to downtime from theft and vandalism. This can lead to network outages and loss of revenue, damaging their reliability,” agrees Enebeli.
Machira, too, concurs that TowerCos are at the highest risk of physical theft and vandalism, particularly concerning their energy assets: generators, rectifiers, solar panels, and backup batteries.
That’s not to say that others in the communications industry are not also vulnerable. While MNOs don’t always directly manage physical infrastructure, they are deeply affected by any disruptions. Downtime at towers impacts their ability to provide services like voice, data, and mobile money, leading to customer dissatisfaction and revenue loss.
Data centres, on the other hand, are heavily reliant on consistent, high-quality power, thus face the same threats of fuel, generator and battery theft as TowerCos, and are particularly vulnerable to power outages by the nature of their offerings. Moreover, as data centres become more important to digital infrastructure, and cellular networks become increasingly utilised for business communications and financial transactions, both face heightened risks of cyber-attack.
“MNOs and data centres are more susceptible to cyberattacks, also facing significant risks from network outages due to vandalism at their sites, leading to financial losses,” agrees Machira.
The cybersecurity threat
The threat to telecommunications infrastructure across Africa is pretty serious. Telcos are central to how we all communicate, so they’ve become a major target for cybercriminals. With the rise of digital services in Africa, the risk is even greater. A successful attack on a telecom company could disrupt services on a massive scale, affecting everything from business operations to emergency services. That’s why the pressure to secure these networks is constantly increasing.
The more connected devices we have, the harder it is to secure networks. IoT devices — smartphones, wearables, smart home gadgets — are great for convenience, but they can also open up more vulnerabilities if not properly secured. Many IoT devices don’t have the best security features, so they can be used as entry points by hackers. It’s like having more doors and windows in a house — if one isn’t locked properly, someone could slip in unnoticed.
Managing the risks in protecting critical infrastructure requires staying ahead of threats with a proactive approach. Organisations need to regularly scan their networks for vulnerabilities and conduct penetration tests to find weak spots. Using real-time monitoring tools to keep an eye on potential threats is essential. Plus, having a solid incident response plan helps contain any breaches quickly. Finally, training employees on cybersecurity awareness ensures that they’re prepared to spot and avoid common attacks, reducing the chance of downtime or unexpected costs. One of the best things a network operator can do is implement real-time monitoring. This gives them visibility into what’s happening in their network at all times and helps detect unusual behaviour early. Combining this with strong access controls — where only authorised people have access to certain parts of the network — can go a long way in protecting their assets.
Governments and regulators need to step up by enforcing tougher cybersecurity regulations. They should require telcos to meet high security standards and encourage collaboration across the industry to share threat information. Supporting businesses by providing financial incentives to adopt the latest security technology could also help. Lastly, regular audits would ensure that companies are complying with security regulations and keeping their systems up to date.
Ultimately, the responsibility for protecting these vital networks is shared. Telcos are responsible for securing their systems, but governments and regulators need to make sure they’re following strict guidelines. End-users also play a part in keeping things safe — by practicing good cybersecurity habits, like not clicking on suspicious links. At the end of the day, protecting infrastructure requires everyone to do their part.
Government assistance
Governments and regulators play a crucial role in securing telecommunications infrastructure, particularly as the digital economy becomes increasingly central to Africa’s development.
“I understand that in some markets such as Nigeria there has been a push for the government to recognise digital infrastructure as ‘critical,’ which would apply stricter punishments that may deter organised crime,” highlights Greaves.
Indeed, August 2024 saw a major step forward in securing its digital infrastructure with the release of the official ‘Designation and Protection of Critical National Information Infrastructure Order, 2024,’ within which damage to telco towers, switch stations, data centres, satellite infrastructure, and fibre, was criminalised. ‘Bosun Tijani, Minister of Communications, Innovation, and Digital Economy, said that this initiative will significantly reduce the risks posed to technological systems, networks, and infrastructure.
“Criminalising vandalism is a positive step, but enforcement and the will to prosecute remain challenges,” notes Enebeli. “Without active prosecution and the implementation of remote monitoring tools, telecom infrastructure owners continue to face significant risks.”
“Governments should establish a National Communications Infrastructure database that contains a list of critical infrastructure and their locations,” asserts Machira. “Additionally, they should provide physical security controls for key infrastructure in high-risk areas, such as border towns.”
