The GFCE Secretariat is pleased to announce that the African Union Commission (AUC) officially confirmed to host the GFCE Annual Meeting 2019 in Addis Ababa, Ethiopia from 8-10 October 2019.

The official photo moment in the African Union Headquarters.

The objective of the GFCE Annual Meeting 2019 is to move further towards cyber capacity building (CCB) implementation by bringing together multi-stakeholder actors from all over the world. Two days of the Annual Meeting will be dedicated to the Working Groups, breakout sessions, GFCE announcements and interactive round-table work sessions.

The Working Groups involve existing and planned efforts of the GFCE community in building global cyber capacity along the prioritized themes of the Delhi Communiqué.

The five Working Groups related to the themes are:

• GFCE Working Group A: Cyber Security Policy and Strategy;
• GFCE Working Group B: Cyber Incident Management and Critical Infrastructure Protection;
• GFCE Working Group C: Cybercrime;
• GFCE Working Group D: Cyber Security Culture and Skills;
• GFCE Working Group E: Cyber Security Standards and IoT.

With a particular regional focus, the first day of the Annual Meeting will consist of one full-day of GFCE Workshops, based upon the themes of the five Working Groups. The workshops will present cyber expertise in an informal arrangement and will deepen the knowledge of the participants on each of the five Working Group themes.

During the Annual Meeting, the new CCB knowledge portal will be presented, which will include a global overview on CCB projects, CCB knowledge products and a calendar with events related to CCB.

Please register on the event website.

News item | 16-10-2017

We are proud to announce Austria and Mauritius as the newest members of the GFCE community. This adds up to a total of 63 members united to strengthen global cyber capacity efforts. Please read a quick introduction of both members below.

Austria

The BKA recognizes the importance of strong global networks and prevention of duplication, especially in cyber capacity building, and therefore supports the vision of the GFCE. While starting preparations for the Austrian presidency of the Council of the European Union (July to December 2018), the BKA could not hope for a more suitable time to join the GFCE and looks forward to jointly take cyber capacity to the next level.

Mauritius

The Government of Mauritius recognises the serious threats posed by cybercrime and herewith the need for cyber capacity building efforts. Mauritius has developed a National Cyber Security Strategy and National Cybercrime Strategy, which are currently in effect. These strategies give insight on the approach and strategy of the Mauritian Government and what measures are taken to effectively protect their cyberspace. One of the main focus areas of these strategies is strengthening cyber capacity of different target groups through various programs within society.

A new study by Symantec and the African Union provides a detailed analysis of the latest trends on cybercrime and cybersecurity on the African Continent. The report reveals both the economic potential of cyber in Africa with an estimated market value of 75 million USD in 2025 and the extent of cyber threats, especially with regards to mobile malware and money transfers. The report is based on a survey among African nations and a regional threat analysis. The study was conducted with support from the United States Department of States and has been adopted as initiative within the GFCE community. The study will be presented during the African Union Assembly and made available via the GFCE website.

Written by: Ms. Cheri McGuire, Vice President of Global Government Affairs and Cybersecurity Policy at Symantec

Why cybercrime matters to Africa

Africa is a continent on the rise. It is growing quickly in terms of population, the economy, and global influence. Today, Africa is home to 1.21 billion people (up from just 800 million in 2000), with a median age of just 19.5 years, the youngest population in the world. With this prominence of youth comes a diverse population that is looking for productive employment, social engagement, free expression, and increased global connectivity. While the downturn in world commodity prices has hit African economies hard, nearly every African nation is poised to grow over the coming years. Some will continue on a trajectory putting them among the fastest growing economies in the world. Technology adoption continues to rise as well, with mobile device ownership growing exponentially, social media use increasing, and the Internet of Things (IoT) quickly becoming a reality. Even the most conservative metrics show that Africa is poised to make great gains and help fuel global growth into the future. Along with this rapid economic growth, comes a burgeoning e-commerce industry that is poised to expand to an estimated $75 billion USD by the year 2025. 

With this growing prosperity and digitization however new risks and vulnerabilities arise that could undermine progress. Chief among these risks is the global rise of cybercrime. As the African Continent’s economy moves online, citizens, their computer systems, and the Continent’s information technology (IT) infrastructure become enticing targets for an increasingly professional cadre of cybercriminals. The growth of cybercrime is by no means just an African problem. In fact, in 2013, the total global direct cost of cybercrime reached an estimated $113 billion USD. In South Africa alone, 73% of adults reported experiencing cybercrime, which is estimated to have cost the South African economy 337 million USD. Compounding the problem is the fact that many Africans are still using outdated, or in many cases pirated, software. Nearly one quarter of users in Africa are currently using the operating system Windows XP that was first released in 2001, and for which software patches were discontinued in 2014.

Understanding the Threat Landscape

In order for Africa to realize its full potential, policymakers will need to implement effective policies and awareness initiatives to stem the rising tide of cyber threats. Unfortunately, these same policymakers, technicians, and other experts have long noted the lack of detailed and reliable threat information regarding cybercrime threats in the region. Such information is invaluable in assessing and managing cyber risks by providing governments a more complete and nuanced understanding of how criminals and other actors are targeting and exploiting cyber-related vulnerabilities.

To help address this information gap, the African Union (AU) and Symantec Corporation, through the Global Forum for Cyber Expertise (GFCE) and with the support of the U.S. Department of State, are engaged in a public-private partnership to develop a report that collects and presents detailed policy and technical data on the state of cybersecurity in Africa. The research includes surveys sent to every African nation on current cyber capabilities and trends, as well as regional cybersecurity threat data from Symantec’s Global Intelligence Network. Governments and other interested parties can utilize this information to identify gaps and to strengthen protection, prevention and response mechanisms to confront the diverse range of cyber threats. This report also will be an excellent opportunity for AU Member States to illustrate the significant advances and accomplishments in the areas of cybersecurity and combating cybercrime. Moreover, the results of the research will serve to guide future capacity building efforts for AU Members. 

The Threat of Mobile Malware

Initial findings indicate that due to the borderless nature of cybercrime, many of the trends we see globally also are affecting Africa, including the explosion of ransomware and social media scams, and the proliferation of new malware and website vulnerabilities. However, because of how the IT infrastructure evolved in Africa, several of these cybercrime trends will become especially acute and pose a significant danger. Mobile malware, for instance, is a huge problem in Africa today and will continue to be a major threat into the future. Globally, the number of new vulnerabilities identified in mobile software grew a staggering 214% in 2014. Over the past decade, Mobile phone networks have transformed communications in Africa. Most importantly, mobile phones have allowed African communications networks to leapfrog the entire landline generation of development and go directly to the digital age. Globally, smartphones are an increasingly attractive target for cybercriminals who are investing in more sophisticated attacks that are effective at stealing personal data or extorting money from victims. The steady rise of mobile malware that mainly targets Android systems is also of concern given 89% of the smartphone market share in Africa runs on that platform.  For example, according to Symantec data, more than one out of every seven mobile devices in Nigeria is currently infected with mobile malware. Africa also leads the world in money transfers using mobile phones, with 14% of all Africans receiving money through mobile transfers. And with some of the world’s largest mobile money transfer services, such as Kenya’s Mpesa, cybercriminals will continue to heavily target mobile devices in Africa. 

With a young population that is rapidly adopting new technologies, Africa is on the verge of an Internet boom. These advances also bring with them new risks. To keep pace, initiatives by African Nations should seek to combat cybercrime and improve their overall cybersecurity posture. It will take a concerted effort from international governments, industry, and civil society to reduce cybercrime and improve cyber protection and resilience so that Africa can reach its full potential in the global economy.

On the 15th and 16th of February 2016 the Capacity Building Workshop for Diplomats took place in Addis Ababa (Ethiopia) jointly organized by the African Union Commission (AUC) and ICT for Peace foundation (ICT4Peace). The workshop aimed to promote confidence in the use of ICTs among African diplomats and was focused on international cyber security consultations and negotiations. It was attended by 45 diplomats and government officials involved in foreign policy development and/or cyber security diplomacy from 28 African Countries as well as representatives from three Regionals and specialized organizations of the African Union.

Written by: Ms. Souhile Amazouz, Senior Policy Officer, Information Society Division, Infrastructure and Energy at the African Union.

Unlocking Prosperity and Freedom

The workshop provided an introduction to the subject of international cyber security policy and the current consultation and negotiation efforts and was an opportunity for the participants to be exposed to the context in which cyber security is being addressed in global, regional forums notably the United Nations Group of Governmental Experts (UNGGE), the Organization for Security and Cooperation in Europe (OSCE⁾ and the Global Conference on CyberSpace (GCCS). The workshop has familiarized African diplomats with the on-going international discussions to acquire a deeper understanding of the most important areas of diplomatic negotiations for a secure and open cyberspace, such as the application of the international laws for the Cyberspace, norms of responsible state behavior as well as confidence building measures in the cyberspace.

Addressing the participants Mr. Moctar Yedaly Head of Information Society Division, Infrastructure and Energy at the African Union Commission, underlined the importance of such workshops for Africa and policy makers. He argued that digital technologies and the internet are the backbone of our society and economies. He said that: “Digital technologies are key enablers of prosperity and freedom. As African countries expand their access to internet networks information systems, they are increasingly vulnerable to cyber-attacks“. 

Investing in Cyber Capacity Building

In his address Mr. Daniel Stauffacher President of the ICT4Peace foundation stated that over the past five years states have become increasingly engaged in a series of regional and international policy discussions and debates over cyber security issues. He also highlighted that we are now living in the world of hyper-connectivity and that many countries have already placed cyber security or information security under their national security agenda. The workshop on Cyber diplomacy was part of a series of capacity building workshops that ICT4Peace is organizing for diplomats to develop capabilities for international negotiations.

The participants agreed on crucial measures, including the importance of developing national cyber strategies, fostering domestic and regional coordination, developing CERTs, and signing and ratifying the African Union Convention on Cybersecurity and Personal Data Protection.

Sponsor

Bill & Melinda Gates Foundation

Duration

01/09/20 – 31/12/23

Project objectives

The primary outcome of the project is to enable a majority of African Countries to identify and address their national cyber capacity needs, in turn helping to strengthen their cyber resilience.

To achieve the primary outcome and to ensure these efforts can be sustained for the duration and after the project, the following secondary outcomes are envisioned:

• Coordination and cooperation between existing cyber capacity building projects and programs in Africa
• Identification of cyber capacity needs on a national and sub-regional level in African countries
• The growth of a trusted community of cyber leaders from the different African countries

Description

• The project will be split into four phases: ‘Preparing’, ‘Developing’, ‘Learning’, and ‘Sustainment’ – see below for more detail – spanning a two-year period.
• The project will build on and utilize existing cyber structures, plans, expertise and capacities within the AUC Information Society Division (ISD) in charge of Cyber Security in the Africa region, as well as within the multi-stakeholder and international GFCE Community. 
• The GFCE Secretariat and the Information Society Division of the AUC will be responsible for the coordination of the program. A GFCE regional liaison will be part of the AUC team to align the coordinating role of the AUC and the GFCE Secretariat. Below under each phase are the responsibilities explained for both the GFCE Secretariat and the AUC.

Sponsor

Federal Ministry for Foreign Affairs

Duration

15/02/22-15/07/22

Project objectives

In-depth interviews with each ECOWAS member states on their CCB needs. Increased participation of ECOWAS countries in GFCE initiatives, including the AUGFCE project and the CCB Coordination Committee.

Description

Through participation in GFCE workshops, ECOWAS countries are further engaged in identifying CCB needs, sharing knowledge and best practices, and setting CCB priorities. This will take the form of a White Paper that contains the following elements:

• Identifies CCB needs in the ECOWAS region, based on the workshop feedback, as well as from ongoing GFCE initiatives in the region (the AU_GFCE project and the KPMG produced report);
• Delivers recommendations for a 3-year West African – G7 CCB programme and the establishment of a ECOWAS – G7 CCB platform.

Sponsor

Global Affairs Canada

Duration

7-14 June 2023

Project objectives

The Executive course seeks to improve state capacity to effectively engage with the international community to develop the normative architecture governing cyberspace and state behavior, in particular public international law. The alumni course seeks to build the capacity of, and networks between, policy makers, legal experts and legislators who have previously undertaken CLI courses. The project will also be actively supported by the Commission of the African Union.

Description

In order to foster international peace and security, this project will work with state officials operating on the multinational level to better understand the international law implications of cyber activities and the complex nuances thereof. It will also work to foster better engagement from states in the continued development of a common understanding on how international law regulates states’ activities in cyberspace, protects human rights online, and prevents, and enables them to mitigate cyber threats.

Sponsor

Global Affairs Canada

Duration

14-18 November 2022

Project objectives

The scope of the Project is to examine the law applicable to cyber operations during peacetime and to focus on various specialized regimes of international law as applied in the cyber context.

Description

The course also includes two exercises to enable the application of the legal principles and rules examined to fictional, but realistic, scenarios. The training employs an interactive teaching style that encourages active student participation.

Sponsor

Global Affairs Canada

Duration

19-21 July 2023

Project objectives

The training seeks to improve state capacity to effectively engage with the international community to develop the normative architecture governing cyberspace and state behavior, in particular public international law, including for Women in International Security and Cyberspace alumni. The Exchange of views will discuss the draft statement by the AU on the Application of International Law. The project will also be actively supported by the Commission of the African Union.