Digital tools represent a tremendous opportunity for the economies of African countries in terms of dematerialization and the creation of new economic circuits. To derive optimum benefit, the related value chains must be protected by strengthening cyber defenses and endowing their companies with a true culture of cybersecurity. Even if the trend is positive, it is not uncommon for executives working in African public administrations and companies to use e-mail addresses ending in “@ gmail.com”, “@ yahoo.com”, or even “@ outlook.com ”in the performance of their duties. This indicates a certain absence of a culture of cybersecurity, the consequence of which is a greater vulnerability of national information and administration systems and, consequently, of the States themselves.
Read also Personal data: the long African road to protection
Starting from a cybersecurity weakness noted by the ITU …
In the 2015 International Telecommunication Union (ITU) report, “Global Cybersecurity Index and Cyber Well-Being Profiles”, most African countries were at the bottom of the global rankings in terms of their engagement and performance. cybersecurity readiness. In 2018, the same ranking confirmed that the vast majority of African countries are still weak in the face of computer threats. Out of 54 countries, only Mauritius, Kenya and Rwanda would show a high level of preparedness in relation to cyber threats. This is an illustration of a vulnerability that must be diagnosed and corrected.
… Explained by a multiple vulnerability for…
Vulnerability in Africa is primarily material. It relates to access to quality infrastructure, the cost of which may prove prohibitive for the budgets of administrations and public companies intended for security. It is then intangible, in particular with regard to the information available. As Haweya Mohamed, managing director of the marketplaceTech Afrobytes rightly recalled, “the biggest challenge on the African continent [concernant la cybersécurité], it is access to training ”. Not that training is inexistent, but it is still too little known. It must be said that the disciplines of cybersecurity are still little taught, because they are perceived as unattractive and little invested by young students in comparison to computers or telecommunications. In addition, there is an insufficient number of African experts often caught up in large American, European and Asian companies.
Read also Cybersecurity: how Africa is trying to defend itself
African vulnerability is also organizational. Indeed, the biggest provider of vulnerabilities being the user, it is not uncommon for the lack of digital hygiene awareness to generate certain cyber risk situations with unpleasant consequences. Often, vulnerabilities are the result of mistakes by untrained users. In Mali for example, the Presidency of the Republic saw its Twitter account hacked in early January 2020. The author of the act had tweeted a virulent criticism of the American president, but also of the United States that he had. dared to call it a “rogue state”. How could this have been possible? In fact, a Malian journalist had managed to find out the password for said Twitter account. Evidence of negligence that could have damaged relations between the United States and Mali. This fact is indicative of the existence of significant flaws in the organization. Note: these faults are not the sole prerogative of Mali in Africa.
Read also ICT in Africa: the training in question
… facilitate public-private partnerships
That said, this observation should be qualified due to the fact that efforts are increasingly being deployed to improve the situation and lay the foundations for better cybersecurity. Thus, the importance of training and awareness seems to be taken into account. More and more initiatives are emerging, especially in West Africa. These include the creation of the Dakar Cybersecurity School in Senegal, the opening of the first international subsidiary of the Epitech school in Cotonou, Benin, and the training courses provided by Tata Communications and the Smart Africa Alliance. Add to this the programs offered by large international groups such as IBM, Cisco or Huawei, to name but a few. The result obtained underlines the relevance of the rapprochement between public authorities and actors of the private sector. Through their means, their presence – sometimes international – and their expertise, private structures have resources that make it possible both to raise awareness among the general public, to train public service actors and to develop solutions to strengthen security.
Read also African cybersecurity: let’s go for the Dakar school
More than ever, it is therefore a question of facilitating the establishment of public-private partnerships in the field of cybersecurity in order to allow the authorities of African countries to benefit from the best know-how and resources, the objective being to do better. facing the threats generated by the new digital order.
Read also Digital in Africa: it is training that will make the difference in Africa
… improve governance
In terms of governance, it should be noted that most African states have a CERT (Computer Emergency Response Team), or even several entities dedicated to cybersecurity. The latter do not have an adequate legal framework, as the Director General of the Smart Africa Alliance, Lancina Koné, indicated during a conference on the theme of “Cybersecurity in a post-Covid-19 context. », But the current trajectory is encouraging. In Benin, a National Information Systems Security Agency (Anssi) has been set up; in Togo, the Togolese Cybersecurity Agency (ANCY) and its armed wing, Cyber Defense Africa, are in place; in Côte d’Ivoire where there is a Telecommunications Regulatory Authority (ARTCI), the merger of the Security Operation Center (SOC) with the Platform for the Fight against Cybercrime (PLCC) could lead to an Anssi. These are all elements that illustrate an awareness and a desire at the level of States to develop the “old software” of the digital approach and improve understanding of the cyber environment.
Read also Security: “It’s time for Africa to take charge”
… better assert political will
Last point and it is important: without a strong political will, asserted, setting the objectives to be achieved, there can be neither culture nor training, let alone cybersecurity for our public authorities and our societies. It therefore appears crucial today to raise awareness among politicians, to support them in their choices and reflections. Africa’s digital sovereignty and the guarantee of Africa’s strategic autonomy demand it.
Read also Cybersecurity: France strengthens its partnerships in Africa
* Franck Kié, president of the CIBerObs association, cybersecurity consultant and member of the Africa club of the School of Economic Warfare.