The World Bank is seeking services of a qualified firm to conduct analysis of the status of critical infrastructure protection (CIP) in Nigeria, identify gaps and formulate recommendations for strengthening CIP framework for the information, communication, science and technology sector, encompassing broadband and data infrastructure. The purpose of the assignment is to support the Government of Nigeria in its quest to protect CNII and operationalize the CNII Order of 2024, particularly for telecommunications and data center sub-sectors. 

Nigeria has taken significant recent steps to enhance the protection of its critical national infrastructure, targeting both physical and cyber threats that could disrupt essential services. In August, 2024, the government of Nigeria released the Designation and Protection of Critical National Information Infrastructure (CNII) Order, 2024, which defines and designates 13 critical sectors as vital to Nigeria's economy and security, namely: (i) power and energy; (ii) water; (iii) information, communication, science and technology; (iv) banking, finance and insurance; (v) health; (vi) public administration); (vii) education; (viii) defense and security; (ix) transport; (x) food and agriculture); (xi) safety and emergency services; (xii) industrial and manufacturing; and (xiii) mines and steel.

This order criminalizes willful damage or unauthorized interference with key assets, including telecom towers, financial databases, and digital identification systems. Relatedly, the Critical Infrastructure Protection (CIP) Bill of 2019, was drafted and highlighted the need for legislation to secure infrastructure against physical and cyber threats. Though it did not pass into law, this bill underscored the importance of shielding Nigeria's critical assets, laying a foundation for current policies to protect infrastructure against vandalism and enhance national cybersecurity measures​.

In the meantime, a special purpose vehicle (SPV) is currently being set up by the Federal Government of Nigeria, which aims to deploy fiber optic infrastructure for building a robust national backbone network to achieve universal broadband access. The infrastructure deployed through the SPV is envisioned to be operated and managed by a private operator. Against this background, appropriate cybersecurity obligations need to be drafted and imposed to the service providers in the digital infrastructure sector, including the private sector partner that will operate and manage the SPV.

Against this backdrop, the World Bank is seeking services of a qualified firm to conduct analysis of the status of CIP in Nigeria, identify gaps and formulate recommendations for strengthening CIP framework for the information, communication, science and technology sector, encompassing broadband and data infrastructure. The purpose of the assignment is to support the Government of Nigeria in its quest to protect CNII and operationalize the CNII Order of 2024, particularly for telecommunications and data center sub-sectors.