École nationale de cybersécurité à vocation régionale
National Cybersecurity Academy with a Regional Focus
Target groups: Government officials
The World Bank forecasts that Sub-Saharan Africa, due to its young population and human and natural resources, has potential to yield inclusive growth and wipe out poverty in the region. The analysis stresses that with the world’s largest free trade area and a 1.2 billion-person market, the continent is creating ‘an entirely new development path, harnessing the potential of its resources and people’. Part of this growth is in Africa’s dynamic digital economy.
These positive trends, however, are undermined by two major challenges: the evolving threat landscape and inadequate levels of cybersecurity across the continent. In 2016, the African Union Commission in collaboration with Symantec released a comprehensive study on the state of cybersecurity and key threats across the continent. The report found that of 54 countries in Africa, 30 lacked specific legal provisions to fight cybercrime and utilise electronic evidence.
It is estimated that cybercrime cost Africa a total of 3.5 billion USD in 2017, primarily due to weak infrastructure security, lack of skilled human capital and lack of awareness of the sector’s dynamics. The sectors in which cybercrime is predominantly active are banking/financial services, government, e-commerce platforms, mobile payments and telecommunications.
At the same time, a survey carried out by the African Union Commission revealed a still limited understanding of the connection between cybersecurity and development, which results in limited resources and inadequate political attention to the problem. According to the survey, out of the 55 African states, only eight have a national strategy on cybersecurity, 13 have a Computer Emergency Response Team (CERT) or Computer Security Incident Response Teams (CSIRTs), 14 have personal data protection laws, and only 11 have cybercrime laws. As researchers stress, there are still many challenges to be addressed.
To take up this challenge, France partnered with Senegal to establish a National Cybersecurity Academy with a Regional Focus in Dakar (École nationale de cybersécurité à vocation régionale, ENVR). The Academy aims to raise awareness among policymakers and train cybersecurity experts, create a best-practice hub in Africa and ultimately enhance cooperation with and within the African continent on cyber-related security and defence issues. In particular, the project supports African partners in strengthening their capacities to deal with cyber threats, ranging from the protection of computer networks and infrastructures providing critical services to fighting criminal activities in cyberspace and cyber-enabled terrorism.
But the ENVR is less about providing assistance to African countries than about creating a regional hub for expertise on cybersecurity. Temporarily based in Senegal’s National School of Public Administration, the Academy seeks to enhance regional cooperation between African countries, for example by harmonising expertise and practices. This project aims to favour pedagogical innovation and to ensure quality training.
You can learn more about this project here.
The ENVR aims to close the gaps in cybersecurity training and education, to strengthen human capacities that allow for a real transformation across the whole of government, and to mainstream cybersecurity culture across the administration. The regional scope of this project allows government officials and employees to follow a tailored training course at the African Institute of Cybersecurity/Institut Africaine de Cybersécurité (IAC), in a department created specially to support this process.
The ENVR has already given executives and managers, intermediate- and high-level administrators, police officers, legal experts, judges, customs officers, public finance officials, and IT specialists the opportunity to acquire new skills, notably on the strategic, technical and operational aspects of cybersecurity. In the long term, the Academy is seeking to widen its scope and include African universities, civil society and the private sector.
For example, to help fight cybercrime, the ENVR will offer specialised diplomas in digital investigations and digital tracing techniques. Its ultimate goal is to ‘create’ a citizen with a well-developed cybersecurity culture – a citizen who is aware of the stakes and capable of acting to make a change in their own environment.
Which aspects of this project have contributed to its success? And which, according to the implementing organisations, might play an important role in launching similar initiatives in other parts of the world? The project DNA profiling on the basis of the Good Cyber Stories framework highlighted the importance of three success genes in particular:
I – Political importance
The political profile of this initiative has been one of the critical elements contributing to its success. From its inception, the project has been an integral part of the vision presented by President of Senegal Macky Sall, who, through the Emerging Senegal Plan, aspires to strengthen Digital Senegal supported by a dynamic private sector. High-level political support for this initiative in both France and Senegal has clearly placed it high on the list of priorities in bilateral and regional relations.
Thanks to the Academy Senegal has become a regional hub for the training and capacity building necessary to face the challenges in cyberspace.
O – Local ownership
In addition to the political leadership and profile of this undertaking, much of what has been achieved would not be possible without a high degree of local ownership. The project is already a success story for the inter-institutional cooperation and the international partnerships aspects that it entails.
In Senegal, the ENVR is under the direct control of the Presidency of the Republic and the National Commission on Cryptology and has been set up as part of Senegal’s national cybersecurity strategy. Various authorities have been involved in its creation and development, including the national police force and gendarmerie, customs authorities, the Senegal IT agency ADIE, and the Ministries of Defence, Justice, Finance and Higher Education.
In France, the project is led by the Ministry for Europe and Foreign Affairs, with the support from the Ministries for the Armed Forces and the Interior, as well as advice and expertise from the French Network and Information Security Agency (ANSSI).
C – Organisational capacity
Adequate organisational capacity is another important element of this Good Cyber Story. France has provided funding for the IAC, which offers international training for policymakers and technical experts that helps African states to exercise more sovereignty in cyberspace. The training focuses primarily on governance of cyberspace, the fight against cybercrime, digital intelligence and ICT security. Several international organisations have already volunteered their support for the Academy to ensure that it responds to the real needs and offers relevant training curricula.
The Academy also maintains close ties to the private sector active in the digital domain. Numerous European and African companies see in this Academy an opportunity to establish strategic partnerships and reach the target groups. It also aims to serve as an incubator for digital companies and provide opportunities for young entrepreneurs.
The regional character of this initiative implies that other countries can receive support under the existing framework and thereby contribute to its scaling up. One obvious factor to be considered is the focus of the initiative on the francophone countries in the region, which opens the possibility for expansion into other languages such as English and Portuguese.
At the same time, the ‘project success genes’ provide valuable guidance for countries interested in establishing similar centres in their regions.