1 A Proposed Framework to Measure Growth of Critical Information Infrastructure Protection in Africa 1 Alfred Musarurwa School of Computing and Informatics Polytechnic of Namibia, Namibia s214099954@students.polytechnic.edu.na Abstract. Historically Africa was associated with a very low broadband penetration rate. At the turn of the millennium, there has been a massive expansion in the penetration rates of seacom cables resulting in an exponential growth on the fixed and mobile broadband in the continent. This paper investigates the effect of the exponential broadband growth on the Critical Information Infrastructure Protection (CIIP) in Africa and proposes a framework that can be used to measure the progress of CIIP and its impact in Africa. Keywords: Critical Information Infrastructure Protection, Cyber Security in Africa, ICT Governance in Africa, Broadband Development in Africa, Critical Infrastructure Protection in Africa. I. INTRODUCTION The turn of the millennium saw an exponential growth in broadband Internet. Broadband is one of fundamental factors for economic growth. It improves the lives of people in developing economies by facilitating access to economic opportunities and social welfare. For instance mobile broadband through its facilitations of ubiquitous computing has driven financial inclusion through mobile banking and mobile money in Southern Africa as well as supporting new ways of delivering health care. Broadband does not just comprise infrastructure; today, widespread broadband connectivity offers the prospect on new services and an information revolution to change-and-challenge our very approach to development [1]. The growth in traffic is being spurned on by the maturing social media sector, data-rich applications and mobile video. The region is also hosting a new wave and Chinese or locally built cheap smartphones which is making such devices more readily available to a larger proportion of the population. 2 Husin Jazri School of Computing and Informatics Polytechnic of Namibia, Namibia hjazri@polytechnic.edu.na The Internet World Statistics confirms that indeed there is a continual growth in broadband Internet in Africa as it will double between 2014 and 2015 with 20-fold increase by the end of this decade[11]. The growth in broadband also means the growth of Critical Infrastructures (CI). International telecommunications Union (ITU) defines CI as the computers, computer systems, and/or networks, whether physical or virtual, and/or the computer programs, computer data, content data and/or traffic data so vital to a country that the incapacity or destruction of or interference with such systems and assets would have a debilitating impact on security, national or economic security, national public health and safety, or any combination of those matters [2]. These include financial systems, electricity distribution systems, water distribution systems, transportation systems and so forth. The interconnectedness of the CI carrying information results in the creation of a Critical Information Infrastructure (CII). Broadband falls under this category because it has become the information highway for many critical systems mentioned. As nations becomes more digitally connected and interdependent, CII naturally becomes more critical and can be the visible target of cyber-attacks, thus need stronger protection. Various initiatives to protect the CII are called Critical Information Infrastructure Protection (CIIP). CIIP is universally acknowledged as a vital component of national security policy [3]. CIIP comes in many forms and shapes covering all security and safety aspects of people, technology, processes, policies, laws and regulations, education, and standards. Broadband is considered a major part of CII. Therefore this study intends to understand and offer a framework to measure the CIIP growth in relation to the growth of broadband, and possibly understand the existential gaps between the two domains. This study focuses on Africa and based on relevant open sources information from countries in this region using best case scenarios. The rationale is simply that if the gaps in CIIP implementation exist in relation to