Report on the “Friends of The Gambia” Session

Report | GFCE V-Meeting “Friends of The Gambia | 19 May 2020

This was a closed session for GFCE members and partners involved in the Clearing House Request of The Gambia to assess the current status of the Request and look at next steps for moving forward.

As moderator, Mr. Kamal Toure, Program Officer at the Global Program on Cybercrime, United Nations Office on Drugs & Crime (UNODC) opened the floor with some welcoming remarks. Whilst Mr. Toure represents the Global Program on Cybercrime in the West Africa region, UNODC undertakes activities across the world and since 2019 have conducted specific regional programs such as those in West Africa. The focus of this program is mainly on capacity building, raising awareness, strengthening frameworks and facilitating information exchange between public and private bodies. UNODC are in touch with many countries in the region to discuss how they can be supported and how UNODC can bring support to them. Regarding the Gambia, an assessment was undertaken 2 years ago in order to gain a better picture on the state of cybercrime in the country and their communication with The Gambia has shown that the challenges are similar to those affecting other countries in the region. UNODC stands ready to support and intervene in any area of the request that they have capacity and where the request meets their mandate.

Following this, Mr. Sanusi Drammeh, Principal ICT Officer at the Ministry of Information and Communication Infrastructure of The Gambia took the floor and gave an update on the status of the support request. The request was submitted to the GFCE in 2019 and covers five distinct areas, the latter two categories of which have already received a lot of support from GFCE members and partners. Currently, The Gambia’s cybercrime legislation has been validated and sent to the cabinet for adoption and this has been supported by the GLACY+ project of the Council of Europe. More information on these developments should be available in the next week or so. In addition, a data protection and privacy policy has also been validated and adopted, so this can now be enforced in The Gambia. After this session The Gambia was convening an e-validation workshop to validate the national cybersecurity policy strategy and action plan, which is in the final stages of completion. With regards the clearing house request, the first three areas remain under-supported right now though a number of activities are ongoing in these areas. The national CSIRT is currently being implemented by International Telecommunication Union (ITU), and The Gambia has been engaging with ITU together with Ernst & Young consultancy and the Gambian national regulator PURA on this project. Concerning awareness campaigns, The Gambia has also drafted an awareness implementation strategy which was approved in-house for implementation, however due to COVID19 some of the activities have been delayed. This is locally funded by the national government and The Gambia hopes that this can be supplemented by the GFCE community. 

Mr. Matteo Luchetti, Program Manager at the Cybercrime Program Office at the Council of Europe (CoE), joined in the congratulations of The Gambia on the great progress that has been made and on the commitment of The Gambia on this endeavor. CoE started working with The Gambia two years ago when a request was sent out to review the current legal framework on cybercrime and see if this could be harmonized with international standards. From there on it was a very close collaboration with the Gambian authorities, with the minister himself pushing for the law to be put in place as soon as possible. In 2018 a preliminary analysis was conducted, after which in 2019 CoE held a drafting workshop where a first draft on cybercrime legislation was discussed. Recommendations produced in that workshop were provided to the Gambian Attorney General’s office and the legal draft of the cybercrime bill was produced. In December 2019 Council of Europe joined forces with the Organized Crime: West African Response on Cybersecurity and Fight Against Cybercrime (OCWAR-C) project and revised the bill, providing additional recommendations to bring it in line with amongst others the Budapest Convention and international human rights & rule of law standards. This year in February 2020, the validation workshop took place and was the last workshop to discuss with stakeholders the final version of the draft bill, which has now been submitted to the cabinet and updates are expected soon. In parallel to this, CoE has started work with the Gambian authorities on data protection; last year a workshop was conducted where preliminary discussions took place on data protection national policy, which has since been adopted and is now the national policy of The Gambia. Council of Europe have received a further request to work on data protection legislation and this will very likely be the next step in this collaboration. This will all be supported under the GLACY+ program. 

Mr. Hein Dries, Key Cybercrime Expert at Expertise France, followed up on this discussion by highlighting that OCWAR-C is a project implemented by Expertise France in partnership with ECOWAS and funded by the European Union. Under this project two assessments have been conducted in the Gambia, which placed focus on two capacities: cybersecurity and cybercrime. Concerning the cybercrime component, an assessment in 2019 led to the development of several activities that also fall under the support request. Some of these activities are done in partnership with Council of Europe and have resulted in some good developments on cybercrime legislation. Currently they are working on training of law enforcement agencies as first part of the request, including the development of a trainer-to-trainer program and it is quite likely that OCWAR-C and UNODC will team up on first responders training. Progress on this has been good despite being slowed down and hopefully we can look forward to this sometime in 2020.

Mr. Perpetus Jacques Houngbo, Key Expert on Cybersecurity at Expertise France then spoke about cooperation on cybersecurity with The Gambia, explaining that the priority is on providing a response to the current pandemic and to deliver an awareness program to the region. In this area, they are also currently developing a training catalogue to provide training to professionals, which should be available by June 2020. Once this is complete the expectation is that OCWAR-C can come back to The Gambia with a more precise timeline on when they can deliver those trainings. On an institutional framework for cybersecurity, OCWAR-C is not directly involved in the development of the national gmCSIRT but in terms of implementation of the national cybersecurity strategy there are implications from the OCWAR-C regional policy and how this can be implemented at the national level. Due to limited resources, the roll out of tools and technical measures for specific countries is subject to a decision to be announced after consultation with ECOWAS and the OCWAR-C regional cybersecurity strategy is to be sent by ECOWAS to its Member States this week. The regional strategy on critical infrastructure protection is a little delayed but will hopefully be available in the next two months. Specifically regarding protection of critical information infrastructure, OCWAR-C is working closely with the Cyber Resilience for Development project to provide support to The Gambia.

Ms. Rabiyatou Bah, Project Coordinator for OCWAR-C, confirmed that there is an action plan for The Gambia and that next steps include a meeting with focal points to discuss implementation of the action plan. During this meeting stakeholders will also discuss the support request and confer with The Gambia on how they can respond effectively to their needs.

Ms. Folake Olagunju, Program Officer for Internet & Cybersecurity at ECOWAS, also confirmed that ECOWAS is at the stage of circulating the regional strategy for comments by Member States and that once this is complete the final process on validation by ICT ministers in the region will begin. Adopted by the ECOWAS Council will certify the strategy as an official regional document that will require implementation at national level.

During the discussion, the point was raised that it is important from a regional perspective to keep promoting south-south cooperation. Any lessons learned by The Gambia through bilateral and other relationships should be shared with all partners in the region, especially as the efforts of regional actors are focused on trying to build a level playing field for all countries and that project implementation is leading to the understanding that environments which are quite similar are learning a lot from each other. Regarding donor coordination, it is key that regional actors are kept abreast of whatever relationships are developing bilaterally so that they know how to manage available funds, especially as there are limited financial and technical resources available.

In addition to general expressions of a willingness to support The Gambia, a question was raised about the availability of equipment for cybersecurity & cybercrime particularly as this can be quite expensive. This could be a possible area that is highlighted for particular support of donors. Limited resources are allocated to equipment under ongoing projects and specific support in this area will be discussed with The Gambia in more detail separately.

Another comment highlighted the African Union Cybersecurity Experts Group as a potential source of additional support. There was also interest on involvement of local civil society and whether there are any capacity gaps for local civil society organizations to become engaged in the request of The Gambia, particularly regarding the awareness implementation strategy. The Gambia indicated that this will indeed be done in cooperation with local civil society, namely the Gambian Cybersecurity Alliance. The budget for this is very limited and the implementation of the awareness campaign will be done in phases; awareness raising is a continuous process and this will be done in piecemeal depending on the resources available. Additional funding was also welcomed – specifically for the awareness implementation – whilst The Gambian representatives highlighted that several cybersecurity strategy documents and an awareness implementation strategy were still open for comments and stakeholders were invited to share comments and insights with The Gambia directly.