Good Cyber Story
Country: Senegal, France
Focus: Training
Target Groups: Government Officials
Dominant Genes: Political Importance, Transparency and Accountability, Local Ownership
DNA sequence Info

École nationale de cybersécurité à vocation régionale


The challenge

The World Bank forecasts that Sub-Saharan Africa, due to its young population and human and natural resources, has potential to yield inclusive growth and wipe out poverty in the region. The analysis stresses that with the world’s largest free trade area and a 1.2 billion-person market, the continent is creating ‘an entirely new development path, harnessing the potential of its resources and people’. Part of this growth is in Africa’s dynamic digital economy.

These positive trends, however, are undermined by two major challenges: the evolving threat landscape and inadequate levels of cybersecurity across the continent. In 2016, the African Union Commission in collaboration with Symantec released a comprehensive study on the state of cybersecurity and key threats across the continent. The report found that of 54 countries in Africa, 30 lacked specific legal provisions to fight cybercrime and utilise electronic evidence.

It is estimated that cybercrime cost Africa a total of 3.5 billion USD in 2017, primarily due to weak infrastructure security, lack of skilled human capital and lack of awareness of the sector’s dynamics. The sectors in which cybercrime is predominantly active are banking/financial services, government, e-commerce platforms, mobile payments and telecommunications.

At the same time, a survey carried out by the African Union Commission revealed a still limited understanding of the connection between cybersecurity and development, which results in limited resources and inadequate political attention to the problem. According to the survey, out of the 55 African states, only eight have a national strategy on cybersecurity, 13 have a Computer Emergency Response Team (CERT) or Computer Security Incident Response Teams (CSIRTs), 14 have personal data protection laws, and only 11 have cybercrime laws. As researchers stress, there are still many challenges to be addressed.

A response

To take up this challenge, France partnered with Senegal to establish a National Cybersecurity Academy with a Regional Focus in Dakar (École nationale de cybersécurité à vocation régionale, ENVR). The Academy aims to raise awareness among policymakers and train cybersecurity experts, create a best-practice hub in Africa and ultimately enhance cooperation with and within the African continent on cyber-related security and defence issues. In particular, the project supports African partners in strengthening their capacities to deal with cyber threats, ranging from the protection of computer networks and infrastructures providing critical services to fighting criminal activities in cyberspace and cyber-enabled terrorism.

But the ENVR is less about providing assistance to African countries than about creating a regional hub for expertise on cybersecurity. Temporarily based in Senegal’s National School of Public Administration, the Academy seeks to enhance regional cooperation between African countries, for example by harmonising expertise and practices. This project aims to favour pedagogical innovation and to ensure quality training.

You can learn more about this project here.

The Impact

The ENVR aims to close the gaps in cybersecurity training and education, to strengthen human capacities that allow for a real transformation across the whole of government, and to mainstream cybersecurity culture across the administration. The regional scope of this project allows government officials and employees to follow a tailored training course at the African Institute of Cybersecurity/Institut Africaine de Cybersécurité (IAC), in a department created specially to support this process.

The ENVR has already given executives and managers, intermediate- and high-level administrators, police officers, legal experts, judges, customs officers, public finance officials, and IT specialists the opportunity to acquire new skills, notably on the strategic, technical and operational aspects of cybersecurity. In the long term, the Academy is seeking to widen its scope and include African universities, civil society and the private sector.

For example, to help fight cybercrime, the ENVR will offer specialised diplomas in digital investigations and digital tracing techniques. Its ultimate goal is to ‘create’ a citizen with a well-developed cybersecurity culture – a citizen who is aware of the stakes and capable of acting to make a change in their own environment.
Envr2 final

Project DNA

Which aspects of this project have contributed to its success? And which, according to the implementing organisations, might play an important role in launching similar initiatives in other parts of the world? The project DNA profiling on the basis of the Good Cyber Stories framework highlighted the importance of three success genes in particular:

I - Political Importance

Political Importance

T - Transparency and Accountability

Transparency and Accountability

O - Local Ownership

Local Ownership

École nationale de cybersécurité à vocation régionale

Project DNA

Multi-Stakeholder Participation
Local Ownership
Organisational Capacity
Transparency and Accountability
Legal and Institutional Framework
Political Importance
Societal Awareness

Join the EU Cyber Direct Network

Subscribe to the EU Cyber Direct newsletter and receive updates on our latest research, news, and events