Policy Brief 1: Africa Digital Policy, 2018
As access to broadband networks expands, countries’ exposure to cyber risks also grows. In Africa, the increasing availability of broadband; relatively weak, poor or undeveloped cybersecurity strategies; cybersecurity and digital skill shortages; and a general lack of awareness of cyber risks and security measures are but some factors that make many developing countries more susceptible to cyber threat and harm. Mauritius’ National Cybersecurity Strategy 2014-2019 was introduced with the aim 7of effectively protecting information systems and networks. The strategy document was drafted after a survey conducted on the state of information security in local businesses in October 2013. The strategy, which includes a policy formulation section, was designed with the aim of protecting individual users, enterprises and government bodies against cyber threats. One of the goals in the strategy focuses on collaboration. It acknowledges that ‘preparing sufficient cyber defence capabilities against cyber threats demands immediate, transparent and better coordinated actions from all stakeholders’, be it from an individual user or collective perspective. A cybersecurity management framework is also required, it argues, to ensure that different stakeholders have reliable and real-time depictions of the country’s cybersecurity status. The management structure thus hinges on a collaborative approach based on the core principle that information security preparedness for a country is the cornerstone of the national cybersecurity policy.
Highlights:
1. Collaborative approaches to national cybersecurity strategies benefit from adaptability, transparency, and trusted information-sharing among all participants.
2. Cybersecurity collaborations should display both vertical (e.g., between overseeing organisations and other stakeholders) and horizontal (e.g., between peer stakeholders) interaction between and among stakeholders, be descriptive rather than prescriptive, and be sufficiently flexible in order to adapt alongside evolving cyber risks and technologies.
3. Special steps must be taken to involve stakeholders who could find it difficult to participate or who are more vulnerable to cyber threats, including civil society organisations and marginalised communities.
4. Collaboration should extend not only to public and private sector entities who own and control critical information infrastructure, but also stakeholders from other sectors (e.g. the technical community, the banking and finance sectors, business process outsourcing, health, tourism, and energy sectors) and not-for-profit stakeholder groups (e.g. academia and civil society).
5. Commercial interests should not be the main driver for private sector stakeholders to participate in collaborative cybersecurity efforts. Rather, the private sector should innovate and mitigate threats, building security into applications and systems along with the need for raising awareness.