Following the success of the GFCE Annual Meeting 2019 in Addis Ababa and the need identified within the GFCE Community, the GFCE will be increasing its efforts in the Africa region. Given this, the GFCE has devised a two-tier approach: 1) bringing together the GFCE community and coordinating cyber capacity efforts in the African region, and 2) through the AU-GFCE Collaboration project. The AU-GFCE Collaboration project aims to develop cyber capacity building knowledge (CCB) that will enable African countries to better understand cyber capacities and identify and address their national cyber capacity needs. Moctar Yedaly, Martin Koyabe, and Bernard Brian-Cudjoe have joined the GFCE Secretariat to ensure effective collaboration among key actors and stakeholders in Africa and the GFCE Community. The GFCE Secretariat is looking forward to work together with our new colleagues to strengthen regional collaboration on CCB!

Moctar Yedaly, GFCE Africa Program Director

“It is of my strong belief that one of the Sine Qua None conditions for Africa to meet its development objectives is to tape on the benefit provided by the ICTs. This demands for safe and secure cyberspace. Cybersecurity being a cross cutting sector of the AU Digital Transformation Strategy 2020 – 2030, its promotion in the continent is of most vital importance. The GFCE is a non-partisan institution aiming at building capacities in the Cybersecurity domain which meets my passion and believes for the continent. I am proud to be given the opportunity to contribute to strengthening  the GFCE focus on Africa.”

Martin Koyabe, Senior Project Manager AU-GFCE Collaboration Project

“As the world continues to mitigate the challenges and effects caused by COVID-19 pandemic, many countries in Africa are prioritising their resources towards deploying secure digital infrastructures to ensure reliable digital access by the citizens. The GFCE is therefore uniquely positioned, working with the African Union Commission (AUC), to urgently assist these countries build both capacity and capability in Cybersecurity.  Its therefore my motivation to join GFCE team and lead the GFCE-AUC collaboration project, which aims to develop cyber capacity building knowledge to enable African countries to enhance their cyber capacities and capabilities; and support them in strengthening their cyber resilience.”

Bernard Brian-Cudjoe, GFCE-AUC Liaison

“There are evident gaps in terms of cybersecurity awareness, knowledge, and skills among Africa countries that prevent them from deploying and adopting the right strategies, capabilities, and programs to mitigate cyber threats. According to Quartz, in 2017, cybercrime cost African countries $3.5 billion and as the Digital Transformation Strategy has been adopted by the African Union Member States, cybersecurity should be an integral and indivisible part of the strategy to yield the desired socio-economic benefits. Africa must secure its cyberspace by building the capacities of its citizens and relevant stakeholders especially those that influence policies on technology to provide the needed guidance, recommendations, and strategy to mitigate fraud and crime. For this singular reason of Africa’s digital transformation agenda, I am very happy and privileged to be part of this project to help African countries build their cyber capacities, strengthen their cyber resilience and identify the gaps and national cyber capacities needs to adopt the right strategy.”

News Item | 8 March 2021

The Global Forum on Cyber Expertise is happy to announce its collaboration with the African Union Commission (AUC) on “Enabling African countries to identify and address their cyber capacity needs” through a two-year project. 

Introduction
Digital financial services can reach excluded and underserved populations quickly and efficiently, making it a vital strategic pillar to enhance financial inclusion in developing countries. However, because of the digital nature of the deployment of such financial services, cyber risk is growing rapidly and evolving dynamically in developing countries with low cybersecurity capacity. Countries that do not have, for example, a national cybersecurity strategy, a national computer emergency response team (CERT) and cybercrime legislation may find it difficult to increase its capacity to respond to the increasing cyber risks. According to various national cyber security assessments[1], there is an urgent need to connect Africa’s digitalization efforts with ongoing global efforts to improve cybersecurity as this will enable the region to recap the benefits of digital growth while protecting society and reducing cyber risks.

The Global Forum on Cyber Expertise (GFCE) is a multi-stakeholder community of more than 120 members and partners from all regions of the world, aiming to strengthen cyber capacity and expertise globally. The GFCE has extensive expertise and experience that could be valuable for the African region. Various GFCE members and partners are involved in large cyber capacity programs in Africa. This was a key reason to organize the GFCE Annual Meeting 2019 in Addis Ababa with the support of the African Union Commission (AUC). Over 40 African countries participated within the Annual Meeting where  the GFCE Working Groups organized workshops on key cyber topics. Additionally, GFCE side-meetings were organized, bringing together donors, implementers and regional organizations to discuss how they could improve coordination and avoid the duplication of efforts in the African region.

To build on the success of the Annual Meeting 2019 and the continuous efforts of the AUC, the GFCE and the AUC seek to strengthen cyber resilience in the African region in close collaboration with all relevant stakeholders.

Two-year collaborative project
The GFCE, in partnership with the AUC, aims to develop cyber capacity building knowledge to enable African countries to better understand cyber capacities and support them in strengthening their cyber resilience with support from the Bill & Melinda Gates Foundation.

Through a two-year collaborative project, the GFCE and AUC aim to achieve the following outcomes:

• Grow a trusted community of cyber leaders from the different African countries;
• Identify relevant cyber capacity gaps on a national and sub-regional level in African countries;
• Enable African countries to prioritize, address and communicate their national cyber capacity needs; and
• Foster coordination and increasing international collaboration between (existing) cyber capacity building efforts in Africa.

The project will build on and utilize existing cyber structures, plans, expertise and capacities within the AUC, as well as within the multi-stakeholder and international GFCE Community. The GFCE Secretariat and the AUC will be responsible for the coordination of the program.

In order to meet these outcomes, the project will focus on the following deliverables:

• Online database of current projects and programs on cyber capacity building in the African region;
• Published report of current cyber capacities as well as capacity gaps in the African region based on desk research and engagement with the African countries, AUC and the African Union Cyber Security Expert Group (AUCSEG);
• Formation of a regional GFCE Africa group with relevant stakeholders from the global community;
• Knowledge modules on key CCB topics[2] with an African regional focus developed in collaboration with the GFCE Working Groups as well as a module on “Communicating the impact of CCB” and “Reducing the gender gap in cybersecurity leadership”;
• Formal and informal knowledge sharing opportunities during in-person and/or online meetings;
• Concrete requests for national cyber capacity support as input for the tailor-made spin-off projects.

If you have any questions, please contact the GFCE Secretariat at contact@thegfce.org.

[1] For example, the Global Cybersecurity index published by the ITU and cybersecurity maturity assessments done by Oxford University’s Global Cybersecurity Capacity Building Center.

[2] Based on the themes identified in the GFCE Global Agenda for Cyber Capacity Building.

“The GFCE is thrilled to be able to count on Microsoft’s continuous support in building cyber capacity globally. As the GFCE seeks to increase its regional focus towards 2021, this vital partnership with Microsoft will enable us to strengthen, coordinate and make our efforts in Africa more efficient and effective.” – Chris Painter, President of the GFCE Foundation Board.

This partnership comes at a crucial moment for the GFCE as the year 2020 marks a milestone for celebrating its fifth anniversary. Throughout these years, the GFCE has met many achievements supporting cyber capacity building regionally and globally. As the GFCE looks ahead to 2021, it aims to become the coordinating platform on cyber capacity building and further strengthen the GFCE ecosystem by improving processes, expanding collaboration with stakeholders and establishing a truly global and regional presence on cyber capacity building efforts.

Africa has been an important region full of potential for the GFCE and its work on coordinating cyber capacity building, as various GFCE members and partners are involved in cyber capacity building projects in the region. In 2019 the GFCE Annual Meeting was hosted in Addis Ababa with the support of the African Union Commission (AUC), during which different workshops were organized on key cyber topics together with side-meetings, bringing together donors, implementers and regional organizations to discuss how to improve capacity building coordination in the African region.

The GFCE has also been involved in the African region through its Clearing House mechanism. This mechanism helps the GFCE community to support individual countries with their cyber capacity building efforts. In Africa, the GFCE Clearing House has been present through the Friends of The Gambia case and the Sierra Leone. The Gambia has been a requesting member for cyber capacity building efforts and the GFCE has provided opportunities for them to connect, network and contribute to cyber capacity building related to activities such as national strategy and policy development. Sierra Leone has also been involved for their national cyber security strategy.

The GFCE therefore hopes that this partnership is the beginning of improving regional coordination on cyber capacity building efforts and increasing collaboration by engaging stakeholders regionally.

The GFCE Secretariat is pleased to announce that the African Union Commission (AUC) officially confirmed to host the GFCE Annual Meeting 2019 in Addis Ababa, Ethiopia from 8-10 October 2019.

The official photo moment in the African Union Headquarters.

The objective of the GFCE Annual Meeting 2019 is to move further towards cyber capacity building (CCB) implementation by bringing together multi-stakeholder actors from all over the world. Two days of the Annual Meeting will be dedicated to the Working Groups, breakout sessions, GFCE announcements and interactive round-table work sessions.

The Working Groups involve existing and planned efforts of the GFCE community in building global cyber capacity along the prioritized themes of the Delhi Communiqué.

The five Working Groups related to the themes are:

• GFCE Working Group A: Cyber Security Policy and Strategy;
• GFCE Working Group B: Cyber Incident Management and Critical Infrastructure Protection;
• GFCE Working Group C: Cybercrime;
• GFCE Working Group D: Cyber Security Culture and Skills;
• GFCE Working Group E: Cyber Security Standards and IoT.

With a particular regional focus, the first day of the Annual Meeting will consist of one full-day of GFCE Workshops, based upon the themes of the five Working Groups. The workshops will present cyber expertise in an informal arrangement and will deepen the knowledge of the participants on each of the five Working Group themes.

During the Annual Meeting, the new CCB knowledge portal will be presented, which will include a global overview on CCB projects, CCB knowledge products and a calendar with events related to CCB.

Please register on the event website.

News item | 16-10-2017

We are proud to announce Austria and Mauritius as the newest members of the GFCE community. This adds up to a total of 63 members united to strengthen global cyber capacity efforts. Please read a quick introduction of both members below.

Austria

The BKA recognizes the importance of strong global networks and prevention of duplication, especially in cyber capacity building, and therefore supports the vision of the GFCE. While starting preparations for the Austrian presidency of the Council of the European Union (July to December 2018), the BKA could not hope for a more suitable time to join the GFCE and looks forward to jointly take cyber capacity to the next level.

Mauritius

The Government of Mauritius recognises the serious threats posed by cybercrime and herewith the need for cyber capacity building efforts. Mauritius has developed a National Cyber Security Strategy and National Cybercrime Strategy, which are currently in effect. These strategies give insight on the approach and strategy of the Mauritian Government and what measures are taken to effectively protect their cyberspace. One of the main focus areas of these strategies is strengthening cyber capacity of different target groups through various programs within society.

A new study by Symantec and the African Union provides a detailed analysis of the latest trends on cybercrime and cybersecurity on the African Continent. The report reveals both the economic potential of cyber in Africa with an estimated market value of 75 million USD in 2025 and the extent of cyber threats, especially with regards to mobile malware and money transfers. The report is based on a survey among African nations and a regional threat analysis. The study was conducted with support from the United States Department of States and has been adopted as initiative within the GFCE community. The study will be presented during the African Union Assembly and made available via the GFCE website.

Written by: Ms. Cheri McGuire, Vice President of Global Government Affairs and Cybersecurity Policy at Symantec

Why cybercrime matters to Africa

Africa is a continent on the rise. It is growing quickly in terms of population, the economy, and global influence. Today, Africa is home to 1.21 billion people (up from just 800 million in 2000), with a median age of just 19.5 years, the youngest population in the world. With this prominence of youth comes a diverse population that is looking for productive employment, social engagement, free expression, and increased global connectivity. While the downturn in world commodity prices has hit African economies hard, nearly every African nation is poised to grow over the coming years. Some will continue on a trajectory putting them among the fastest growing economies in the world. Technology adoption continues to rise as well, with mobile device ownership growing exponentially, social media use increasing, and the Internet of Things (IoT) quickly becoming a reality. Even the most conservative metrics show that Africa is poised to make great gains and help fuel global growth into the future. Along with this rapid economic growth, comes a burgeoning e-commerce industry that is poised to expand to an estimated $75 billion USD by the year 2025. 

With this growing prosperity and digitization however new risks and vulnerabilities arise that could undermine progress. Chief among these risks is the global rise of cybercrime. As the African Continent’s economy moves online, citizens, their computer systems, and the Continent’s information technology (IT) infrastructure become enticing targets for an increasingly professional cadre of cybercriminals. The growth of cybercrime is by no means just an African problem. In fact, in 2013, the total global direct cost of cybercrime reached an estimated $113 billion USD. In South Africa alone, 73% of adults reported experiencing cybercrime, which is estimated to have cost the South African economy 337 million USD. Compounding the problem is the fact that many Africans are still using outdated, or in many cases pirated, software. Nearly one quarter of users in Africa are currently using the operating system Windows XP that was first released in 2001, and for which software patches were discontinued in 2014.

Understanding the Threat Landscape

In order for Africa to realize its full potential, policymakers will need to implement effective policies and awareness initiatives to stem the rising tide of cyber threats. Unfortunately, these same policymakers, technicians, and other experts have long noted the lack of detailed and reliable threat information regarding cybercrime threats in the region. Such information is invaluable in assessing and managing cyber risks by providing governments a more complete and nuanced understanding of how criminals and other actors are targeting and exploiting cyber-related vulnerabilities.

To help address this information gap, the African Union (AU) and Symantec Corporation, through the Global Forum for Cyber Expertise (GFCE) and with the support of the U.S. Department of State, are engaged in a public-private partnership to develop a report that collects and presents detailed policy and technical data on the state of cybersecurity in Africa. The research includes surveys sent to every African nation on current cyber capabilities and trends, as well as regional cybersecurity threat data from Symantec’s Global Intelligence Network. Governments and other interested parties can utilize this information to identify gaps and to strengthen protection, prevention and response mechanisms to confront the diverse range of cyber threats. This report also will be an excellent opportunity for AU Member States to illustrate the significant advances and accomplishments in the areas of cybersecurity and combating cybercrime. Moreover, the results of the research will serve to guide future capacity building efforts for AU Members. 

The Threat of Mobile Malware

Initial findings indicate that due to the borderless nature of cybercrime, many of the trends we see globally also are affecting Africa, including the explosion of ransomware and social media scams, and the proliferation of new malware and website vulnerabilities. However, because of how the IT infrastructure evolved in Africa, several of these cybercrime trends will become especially acute and pose a significant danger. Mobile malware, for instance, is a huge problem in Africa today and will continue to be a major threat into the future. Globally, the number of new vulnerabilities identified in mobile software grew a staggering 214% in 2014. Over the past decade, Mobile phone networks have transformed communications in Africa. Most importantly, mobile phones have allowed African communications networks to leapfrog the entire landline generation of development and go directly to the digital age. Globally, smartphones are an increasingly attractive target for cybercriminals who are investing in more sophisticated attacks that are effective at stealing personal data or extorting money from victims. The steady rise of mobile malware that mainly targets Android systems is also of concern given 89% of the smartphone market share in Africa runs on that platform.  For example, according to Symantec data, more than one out of every seven mobile devices in Nigeria is currently infected with mobile malware. Africa also leads the world in money transfers using mobile phones, with 14% of all Africans receiving money through mobile transfers. And with some of the world’s largest mobile money transfer services, such as Kenya’s Mpesa, cybercriminals will continue to heavily target mobile devices in Africa. 

With a young population that is rapidly adopting new technologies, Africa is on the verge of an Internet boom. These advances also bring with them new risks. To keep pace, initiatives by African Nations should seek to combat cybercrime and improve their overall cybersecurity posture. It will take a concerted effort from international governments, industry, and civil society to reduce cybercrime and improve cyber protection and resilience so that Africa can reach its full potential in the global economy.

On the 15th and 16th of February 2016 the Capacity Building Workshop for Diplomats took place in Addis Ababa (Ethiopia) jointly organized by the African Union Commission (AUC) and ICT for Peace foundation (ICT4Peace). The workshop aimed to promote confidence in the use of ICTs among African diplomats and was focused on international cyber security consultations and negotiations. It was attended by 45 diplomats and government officials involved in foreign policy development and/or cyber security diplomacy from 28 African Countries as well as representatives from three Regionals and specialized organizations of the African Union.

Written by: Ms. Souhile Amazouz, Senior Policy Officer, Information Society Division, Infrastructure and Energy at the African Union.

Unlocking Prosperity and Freedom

The workshop provided an introduction to the subject of international cyber security policy and the current consultation and negotiation efforts and was an opportunity for the participants to be exposed to the context in which cyber security is being addressed in global, regional forums notably the United Nations Group of Governmental Experts (UNGGE), the Organization for Security and Cooperation in Europe (OSCE⁾ and the Global Conference on CyberSpace (GCCS). The workshop has familiarized African diplomats with the on-going international discussions to acquire a deeper understanding of the most important areas of diplomatic negotiations for a secure and open cyberspace, such as the application of the international laws for the Cyberspace, norms of responsible state behavior as well as confidence building measures in the cyberspace.

Addressing the participants Mr. Moctar Yedaly Head of Information Society Division, Infrastructure and Energy at the African Union Commission, underlined the importance of such workshops for Africa and policy makers. He argued that digital technologies and the internet are the backbone of our society and economies. He said that: “Digital technologies are key enablers of prosperity and freedom. As African countries expand their access to internet networks information systems, they are increasingly vulnerable to cyber-attacks“. 

Investing in Cyber Capacity Building

In his address Mr. Daniel Stauffacher President of the ICT4Peace foundation stated that over the past five years states have become increasingly engaged in a series of regional and international policy discussions and debates over cyber security issues. He also highlighted that we are now living in the world of hyper-connectivity and that many countries have already placed cyber security or information security under their national security agenda. The workshop on Cyber diplomacy was part of a series of capacity building workshops that ICT4Peace is organizing for diplomats to develop capabilities for international negotiations.

The participants agreed on crucial measures, including the importance of developing national cyber strategies, fostering domestic and regional coordination, developing CERTs, and signing and ratifying the African Union Convention on Cybersecurity and Personal Data Protection.

Sponsor

Bill & Melinda Gates Foundation

Duration

01/09/20 – 31/12/23

Project objectives

The primary outcome of the project is to enable a majority of African Countries to identify and address their national cyber capacity needs, in turn helping to strengthen their cyber resilience.

To achieve the primary outcome and to ensure these efforts can be sustained for the duration and after the project, the following secondary outcomes are envisioned:

• Coordination and cooperation between existing cyber capacity building projects and programs in Africa
• Identification of cyber capacity needs on a national and sub-regional level in African countries
• The growth of a trusted community of cyber leaders from the different African countries

Description

• The project will be split into four phases: ‘Preparing’, ‘Developing’, ‘Learning’, and ‘Sustainment’ – see below for more detail – spanning a two-year period.
• The project will build on and utilize existing cyber structures, plans, expertise and capacities within the AUC Information Society Division (ISD) in charge of Cyber Security in the Africa region, as well as within the multi-stakeholder and international GFCE Community. 
• The GFCE Secretariat and the Information Society Division of the AUC will be responsible for the coordination of the program. A GFCE regional liaison will be part of the AUC team to align the coordinating role of the AUC and the GFCE Secretariat. Below under each phase are the responsibilities explained for both the GFCE Secretariat and the AUC.

Sponsor

Federal Ministry for Foreign Affairs

Duration

15/02/22-15/07/22

Project objectives

In-depth interviews with each ECOWAS member states on their CCB needs. Increased participation of ECOWAS countries in GFCE initiatives, including the AUGFCE project and the CCB Coordination Committee.

Description

Through participation in GFCE workshops, ECOWAS countries are further engaged in identifying CCB needs, sharing knowledge and best practices, and setting CCB priorities. This will take the form of a White Paper that contains the following elements:

• Identifies CCB needs in the ECOWAS region, based on the workshop feedback, as well as from ongoing GFCE initiatives in the region (the AU_GFCE project and the KPMG produced report);
• Delivers recommendations for a 3-year West African – G7 CCB programme and the establishment of a ECOWAS – G7 CCB platform.