Reflection on the AU-GFCE Collaboration Project

Summary

In the two years since its inception in 2020 the Collaboration project between the African Union and the Global Forum on Cyber Expertise, sponsored by the Bill and Melinda Gates Foundation, has made a tangible mark in the cyber capacity building (CCB) landscape in Africa. With an active network of cyber experts (the African Cyber Experts Community) from over 30 African Union Member States (MS), a coordination network stretching over 25 multinational bodies, constant reflections and collection of information on African needs, and a body of Knowledge Modules setting a floor for future up-skilling, the project can be seen as a good foundation on which any number of CCB initiatives can be built. Now with the project drawing to a close, the GFCE reflects on its achievements and discusses where the project might go from here.

Objective and background

The AU-GFCE Collaboration Project has been implemented to enhance cyber capacity building knowledge, enable African countries to better understand cyber capacities, and identify and address cyber capacity needs to strengthen national cyber resilience. Further, the project enables the assembled national cyber experts to share views on how CCB gaps can be filled by conducting regional engagements, such as by identifying regional priorities, conducting geographically targeted initiatives, such as running the Germany – ECOWAS cyber capacity building workshops in 2022. Hence, the AU-GFCE Collaboration Project covered these six phases so far:

1. Validating Cyber Capacity priority needs for African countries;
2. Forming active communities that can define needs, participate in wider GFCE initiatives and participate in South-South capacity building;
3. Creating a coordination body made up of multi-national African organizations to provide strategic guidance for CCB in Africa, including through the production of an Africa CCB Agenda;
4. Designing and developing Knowledge Modules;
5. In-person engagement on Knowledge Modules, including collection of African best practices;
6. Connecting the African community to other GFCE pillars and expanding list of services available to ACE members.

Forming communities and defining needs

The most successful outcome of the AU-GFCE project was the creation of the African Cyber Experts (ACE) Community. It was created through national nominations made at the invitation of AUDA-NEPAD, grown through the GFCE regional meeting for Africa in the Hague in November 2021 and two project-based meetings in 2022, sustained through word of mouth and organically maintained by the authentic engagement of the community. Currently, 36 AU Member States have either nominated their representatives or are actively participating in all ACE Community meetings, while another 11 have either responded affirmatively in terms of interest or have acknowledged receipt of the AUDA-NEPAD letter. The GFCE intends to both continue growing the network, and to sustain the current membership in their professed desire to become “a network of experts for South-South cooperation”. The ACE Community has proven to be more than a community of experts, but also a source of unique knowledge and experience, and a forum for their sharing.

Also, the project has established the CCB Coordination Committee in November 2021 which is made up of over 20 multi-national organizations from the African Regional Economic Communities, the private sector and civil society, and chaired/co-chaired by the African Union Development Agency and New Partnership for Africa’s Development (AUDA-NEPAD) and the African Union Commission. The Committee seeks to provide oversight and feedback on key CCB projects, while also ensuring a great coordination and effective use of resources across the continent. In March 2022, the Committee met to discuss the CCB Agenda for Africa and the work plan for the establishment of a GFCE Africa Hub, both of which are intended to be presented to stakeholders by January 2023. Further, the Committee has acted as a force multiplier for the project, allowing Regional Economic Communities (RECs) to ensure greater participation and higher nomination numbers from their member countries.

Of particular importance for the sustained growth and engagement with the network were the two sustainment meetings of the Africa Cybersecurity Experts (ACE) Community, the first one taking place in Accra, Ghana, in March 2022, and the second conducted virtually in September 2022, with topics such as boosting cyber diplomacy, combatting cybercrime, cyber incident management, common internet and industry standards, awareness raising and enhancing gender equality on the table. The Accra meeting in particular was important as it saw the official launch of the series of nine Knowledge Modules and set a pattern for promoting local achievements by highlighting good practices of the Ghanian cyber security sector.

The second ACE Community Sustainment Meeting not only sought to collect feedback of the ACE Community on the progress of the project, but also provided an opportunity to present the Study on ‘Advancing Cyber Security with Africa’, conducted by KPMG. The report’s results show that most AU member states are progressing incrementally in enhancing their cyber capacities in terms of awareness and skills, Legal and Legislation frameworks at national level. NCS development, Assessments, Cyber Diplomacy, Awareness and CNIP/CIIP, which remain among the focus areas to be addressed by most AU Member States.

Knowledge Modules

The ACE Community’s engagement was instrumental in defining CCB needs in Africa, including the topics to be taken up through a series of Knowledge Modules, which aimed to enhance the understanding of CCB among governmental and non-governmental stakeholders, and supporting AU member states in strengthening their national cyber resilience. Based on CCB priority analysis in the first phase of this project, the GFCE engaged with DiploFoundation in August 2021 to produce nine Knowledge Modules (also available in French) on these crucial topics:

• Introductory Knowledge Module (defining CCB and horizontal issues)
• Strategies, Regulations and Legislation;
• Cyber diplomacy;
• Protection of Critical Information Infrastructure;
• Cyber Incident Management;
• Combatting cybercrime;
• Child online protection;
• Cybersecurity awareness, skills and workforce development;
• Cybersecurity standards & certification

The Knowledge Modules contained the summaries of CCB information from the GFCE community, members and partners, and have been calibrated to serve as an introduction into the above-listed topics, and to eventually be enriched with best practices and lessons learned from Africa. Following the Accra meeting in March 2022, the GFCE has been gradually introducing the Modules to the ACE Community through GFCE CCB Enhancement Sessions, held approximately once every two weeks. The sessions were intended to list the reasoning behind why each topic was chosen, what major challenges Africa is facing, a run-down of the Module by DiploFoundation and an invitation to use/ review/ add materials to it, and an invitation to 4 – 6 AU Member States to comment on their experience with the Module topic.

Expanding CCB services for ACE members

The AU-GFCE project encouraged the ACE community to benefit from the GFCE Clearing House (CH) Mechanism and the Cybil Knowledge Portal. Enhancement Sessions and in-person ACE Community meetings have proven to be an invaluable tool for the delivery of national CCB needs and perspectives that can be addressed through the Clearing House mechanism. As a result, the GFCE will continue soliciting the ACE community for their views to develop future CH mechanisms and provide a matchmaking and financing service for African stakeholders. Already, this has borne fruit, with two new Clearing House in Africa cases making progress in 2022 and will continue this year.

Conclusion and going forward

The AU-GFCE Collaboration Project received positive reactions from the assembled ACE membership during the sustainment meetings, stressing that they are ready to become more engaged in South-South capacity building and that Africa is in a great need for law and training (plus capacity building of CERT) as well as national cybersecurity guideline/standards. As a matter of fact, the foundation for the GFCE Africa Hub has been laid, which will serve as a resource centre, a meeting place and knowledge database for our communities, and is intended to be established in Accra next year. We are looking forward to supporting Africa to leverage existing resources, share its best practices and further build its cyber capacities in 2023 and beyond.

Testimonials:

Kassaye Tafesse (Ethiopia): “We see the GFCE as a very good opportunity for us since it creates an opportunity to share amongst African nations and amongst the world so that we can learn from that experience of other countries, and it will still help us to minimize costs and be effective to our programs.”

Ms. Rorisang Molefe (Lesotho): “We need to stop keeping discussion about cybersecurity at high level and make it as accessible as possible to all age groups and communities.”

Ms. Nenna Ifeanyi-Ajufo (AUCSEG): “African voice in cyber diplomacy needs to be heard. We need to look at capacity building in terms of institutional perspective. Cyber diplomacy and cyber security need to be prioritised. We need to encourage African states to think beyond their national borders and promote looking at cyber governance from a regional angle.”