On August 8, 2024, the Sierra Leone government launched its National Security Policy and Strategy (NSPS). The document, the first of its kind for the country, outlines a comprehensive framework for responding to current and emerging security threats.
A key component of the document is the National Cybersecurity Strategy, which outlines the country’s National Cybersecurity landscape in terms of its current state and outlook for the future.
Arthur Gwagwa, a researcher at the University of Utrecht, explains why a cybersecurity strategy is important for any country.
“Developing cybersecurity strategies in Africa, in a country such as Sierra Leone, is a response to both internal and external factors. Notably, external partners like the EU have played a significant role in funding initiatives to help Africa integrate into global supply chains.
“This support is crucial, as cybersecurity and data protection are essential for better integration with global supply chains and European trade. A cyber-secure Africa will not expose EU companies to cyber-attacks from African soil.
“For example, the research published in PLOS ONE shows that Nigeria is one of the relatively small number of countries that house the greatest cybercriminal threat. The impetus is also internal,” he stressed in an interview with FactSpace West Africa.
In this piece, FactSpace West Africa reviews 10 of the 16 key points captured in the strategy and an assessment of their implementation, with the help of a cybersecurity expert.
- National cybersecurity governance structure
The cybersecurity governance structure entails the various bodies that will manage and ensure the efficient operation of the architecture in Sierra Leone.
At the top of the hierarchy is the National Cybersecurity Advisory Council, backed by a Middle-level Technical Working Group of experts from key institutions. This level provides technical recommendations are provided for operations.
A National Cyber Security Center will coordinate the operationalisation of cybersecurity activities at the lower level.
- Develop legal and regulatory frameworks
A National Cybercrime Bill shall be enacted and popularised, supported by regulations to facilitate and monitor compliance with its provisions regarding digital investigations, lawful interception of communication, audit requirements, and the security of ICT systems and infrastructures.
This has partly been fulfilled with the passage of the Cybersecurity And Crime Act of 2021.
A data protection and privacy law will also promote citizens’ privacy and rights. The whole system will be supported by a framework for implementing international cybersecurity standards as baselines in public and private institutions.
“The strategy underscores the need for adequate national and international cyber security in an era of globalisation, technological innovation, and rapid expansion of cyberspace.
“It provides a framework and pathway for the country’s cyber security policy to mature so that it can provide the necessary security capacity at all levels of society—government, national infrastructure, businesses, the third sector, and individuals,” Gwagwa stated.
- Empowering the criminal justice system, preventing crime and mitigating cybercrime
Under this category, specialised training programmes will be developed for judicial officials, including judges, prosecutors, lawyers, and law enforcement officials with the knowledge of interpreting and applying the relevant cybersecurity law, focusing on dealing with electronic evidence.
Also, cybercrime curricula designed to educate law enforcers and law students will be developed, to accelerate the skills development required to investigate and prosecute cybercrime offences.
Additionally, the National Forensic Lab at the Criminal Investigation Department (CID) of the police will be capacitated to enhance digital investigations and prosecution of computer-related crimes.
“Empirical research by the Oxford Global Cybersecurity Capacity Centre on cyber capacity indicates that Africa lags in most cybersecurity dimensions, including its participation in formal and informal cybercrime and data protection arrangements.
“This observation is backed by other cyber security assessments including those carried out by Ernst & Young, the International Telecommunications Union Global Cybersecurity Index, and the World Bank,” additionally, “the first-ever United Nations Conference on Trade and Development (UNCTAD) Africa E-Commerce Week, held in Nairobi in December 2018, concluded that weak technology-related infrastructure and the failure to acquire and adapt existing foreign innovations are some of the factors hindering Africa from tapping into the potential of digital commerce,” Gwagwa added.
- Promote good cybersecurity culture through stakeholder engagement
The document advocates for a robust sensitization and awareness-raising programme to be developed, geared towards improving cybersecurity practices in the country.
This will entail campaigns to promote the safe use of online services by the public. A month in the year will be dedicated for national cybersecurity awareness to increase public education and awareness-raising on cybersecurity issues.
- National initiatives on online child protection
The document champions establishing policies for the usage of the cyberspace, with a focus on children. This is supposed to include ensuring child-friendly platforms and mechanisms to provide support for victims of online cybercrimes.
It will also entail the development of information-sharing platforms that cater to the needs of children in different age brackets.
- Develop a framework for the integration of cybersecurity in education system
Aside from specialized training for major stakeholders, the government will develop cybersecurity curricula across primary and secondary schools, as well as specialised university courses and degree programmes on cybersecurity.
There will also be cybersecurity education programmes for teachers and lecturers to ensure skilled staff is readily available to teach the newly created cybersecurity courses.
This will require allocation of resources to cybersecurity education for public universities and incentive schemes such as scholarships to foster awareness and stimulate interest in cybersecurity career opportunities.
- Fostering growth of local cybersecurity industry in Sierra Leone
Per the document, the government will create an enabling environment for the growth of cybersecurity start-ups and insurance market in Sierra Leone.
It will also create incentive mechanisms to boost the private sector investment in the cybersecurity industry.
- Promotion of innovation, research and development in the cybersecurity
There will be sustainable initiatives to bridge the gap between universities and the industry market.
This will include development of a cybersecurity focused research and development programmes in universities and other public research institutions, as well as establishment of a framework for effective dissemination of innovation and research findings and provision of dedicated funding mechanisms for ongoing research.
- Protection of Critical National Information Infrastructure (CNII) and essential services
The government will develop a robust national cybersecurity risk management framework, with clearly defined roles and responsibilities for all CI and CII stakeholders. It will also establish a Critical Information Infrastructure Protection (CIIP) Unit under the National Cybersecurity Department to coordinate and manage all critical infrastructure protection.
A mechanism will also be developed for all players to regularly share information and make vulnerability disclosure.
“Sierra Leonne’s strategy must be seen as essential to realising cybersecurity maturity. The strategy emphasizes that cyber resilience, a crucial aspect of cybersecurity, should be achieved through robust collaboration across the government, critical infrastructure owners and operators, industry, and academia.
“This collaborative approach, which is key to effectively addressing cybersecurity challenges, fosters a sense of teamwork and shared responsibility in building a secure digital environment.
“It identifies critical areas and stakeholders in line with best practices encouraged by the World Bank and Oxford. The Sectoral Cybersecurity Maturity Model (SCMM), jointly developed by the World Bank Digital Development team and Tel Aviv University, urges developing countries to take a comprehensive, cross-government approach to cybersecurity and critical infrastructure resilience.
“This holistic approach involves the participation of all stakeholders and strongly encourages to conduct a thorough maturity assessment to detect deficiencies and opportunities for improvement within their policy frameworks,” Gwagwa stressed.
- Regional and international cooperation against cybercrime
This entails enhancing Sierra Leone’s diplomatic competencies in cyber-related issues to better engage in cyber-diplomacy and international cooperation, and to ratify regional and international cybersecurity treaties and obligations, like those of ECOWAS, Malabo and Budapest Conventions.
Also, under this, the country will participate in bilateral and multilateral agreements on cybersecurity with other countries. It will also participate in regional and global cyber engagements and drills as a means of building its overall cybersecurity capabilities.
By Kemo Cham
