Human capital: a key component of cybersecurity development in Africa
By Clément Rossi, Cybersecurity Program Officer, CEIS
In light of the multiplication of major infrastructure projects (including the roll-out of 4000 km of fibre optic cable in Guinea since 2014 and 3000 km in Senegal in 2015-2017) and the global digital transformation of government agencies (establishment of a digital identity when issuing identification documents in Gabon, the e-gov project in Senegal), protecting critical infrastructure has become a major challenge. Serious attacks against Senegal’s government websites (2015), and the attack which shut down Liberia’s internet network (2016), are a prime example. African authorities have indeed taken notice and have begun to take action, starting with the creation of dedicated platforms (Côte d’Ivoire’s platform against cyber-attacks, as of 2009) and national CERTs (Burkina Faso, 2013). These structures have been gradually enhanced thanks to the increasing capabilities of national agencies in charge of cybersecurity (ANTIC in Cameroon, ARTCI in Côte d’Ivoire, and ANSSI in Burkina Faso) and to the development of concrete national cybersecurity strategies (Cameroon in 2016, Senegal in 2017, and soon Benin in 2018).
Cybersecurity falls within the defence-security continuum and is regarded as a tool to achieve global digital stability. However, this vision requires that all actors, both public and private, appreciate all the challenges involved—including those players at the top decision‑making levels. Cooperation and public-private partnerships are therefore essential. However, although West African states have now incorporated the cyber dimension into their national security strategies and are developing digital security action plans, their economic interests and private sector remain largely vulnerable. It cannot be repeated enough: the digital transformation and the development of new uses, particularly via mobile internet, are impossible without building digital “trust”, especially for critical banking or financial services.
West Africa remains a ripe market for growth, providing real opportunity for long-term economic development to create stable local employment. The needs are vast: audits and consultancy, penetration tests, detection and analysis solutions, emergency response teams, network security administration, secure, anti-fraud systems, data encryption, etc. To meet this significant demand, complete ecosystems made up of consulting firms, IT distributors, security solution resellers and integrators offer all the expertise required. The boom in business incubators (C‑TIC in Senegal) and tools designed to encourage digital innovation and entrepreneurship (Rwanda) help fuel Africa’s active and emerging digital industry. However, the continent is facing a glaring skills shortage, similarly to Europe, which has slowed down economic growth in the sector.
University curriculums specializing in technology are popping up all across the sub-region, particularly in private schools, which helps provide trained technicians and engineers. Nonetheless, engineers face a daunting dual-challenge: the first being a lack of opportunities due to a disparity between initial training and companies’ operational expectations, and the second being under-specialisation, making it difficult to break into professional sectors which are themselves under-developed. Some universities, inspired by Cheikh Anta Diop University in Dakar, have introduced more specialised cybersecurity curriculums; however, they are still far and few between, and are generally restricted to students having attained higher education, rather than being accessible to technicians. Making matters worse, those with the most highly developed skills in IT security are the hackers themselves, who are often self-educated with little to no formal education and make their living through cybercrime. How can we ensure their reintegration into the workforce and encourage them to use their technical skills to help businesses and security forces? The Senegalese National Gendarmerie should be applauded for its launching of IT competitions, by which it offers the most skilled ethical hackers genuine career paths as NCOs, no matter their educational background.
Tech products and other technical solutions represent only a fraction of the solution to cybersecurity challenges. The human factor is by far the largest contributor, and human expertise remains one of the fundamental keys to success. In comparison, it would be impossible to imagine special operations forces heading off on a mission having no previous experience in combat or intensive training. Confronted with an increasing number of evermore complex cyberattacks, computer emergency response teams must also go in fully prepared.
Whereas initial training develops theoretical skills through an adapted pedagogic approach, professional certification harnesses the specific qualifications required for cyberspace protection professionals. The recognition of operational skills through certifications or accreditations is clearly a potential path towards building viable professional sectors, through the combined efforts of public authorities and private actors.
Just like in the physical world, long-term development and growth cannot be achieved in the digital world without security and stability. The Dakar Forum is undoubtedly the best platform from which to take this stance. With the objective of building specialised sectors and developing human skills for securing states and businesses, CEIS has committed to join forces with Bluecyforce to offer operational training to cybersecurity personnel. This initiative is one of several contributing to the establishment of African cybersecurity ecosystems, supporting a philosophy of sharing knowledge through practice and experience. Such ecosystems are vital to digital development in Africa and a cornerstone of its digital sovereignty. As confirmed by the Sufi proverb, “What you give is yours forever. What you keep, you lose.”
Clément Rossi is responsible for the cybersecurity program at CEIS. He is also in charge of all the partnerships for the International Cybersecurity Forum (FIC) which takes place every year in Lille and brings during 2 days, more than 8500 people and 350 companies around cybersecurity and defence issues.