Overview of threats: awareness-raising
Digital affairs have been developing exponentially; at the same time, cybersecurity issues have been emerging as a major challenge for West Africa since 2013. The nature of cybercrime in Africa has changed. In the past, it was mainly directed against northern countries via scams conducted through digital channels. Now, local companies and administrations are being directly attacked. For the Cameroonian economy in 2015, to name an example, the annual cost of cyberattacks was nearly 25 billion West African CFA francs (around €4 million).
The awareness of the African authorities has quickened, with the creation of dedicated platforms (Platform for the Fight Against Cybercrime [PLCC], Côte d’Ivoire, 2009) and national computer emergency response teams (CERTs) (Burkina Faso, 2013). These organisations were then gradually strengthened through the rise of national agencies responsible for cybersecurity (Cameroon National Agency for Information and Communication Technologies [ANTIC], Telecommunications/ICT Regulatory Body of Côte d’Ivoire [ARTCI]) and the development of genuine national cybersecurity strategies (Cameroon in 2016, Senegal in 2017). Nevertheless, these approaches are far from being taken in concert on a regional level. Different countries in the region continue to adapt their bodies of law to the challenges of cybercrime in different ways.
The protection of critical infrastructure remains a major challenge, with, on the one hand, the proliferation of major infrastructure projects (4,000-km optic fibre project in Guinea since 2014, roll-out of 3,000 km of optic fibre in Senegal in 2015-2017, etc.) and, on the other hand, the comprehensive digital transformation of administrations (establishment of a genuine digital identity as part of the provision of identity documents in Gabon, e-governance project in Senegal). Massive attacks in Senegal against its government websites (2015) and in Liberia against its Internet network (2016) testified to this. Unfortunately, it is still very difficult to precisely assess the number of cyberattacks due to a lack of reliable indicators. This explains the proliferation of requests for cooperation and calls for French expertise in general and the expertise of the French Network and Information Security Agency (ANSSI) in particular.
Major, growing needs
While West Africa is now taking the cyber dimension into account in its comprehensive security strategy and developing dedicated strategies, the protection of its economic interests largely has yet to be built.
At the level of a company or an international organisation, establishing operations in Africa requires the CIO or CISO to consider a number of factors to avoid potential disappointment. From a general point of view, criteria such as the quality of the electricity supply and the availability of dedicated infrastructure, the possibility of local data hosting, and even the quality and speed of telecommunications connections are determining factors.
From a security point of view, the suitability of legislation on cybersecurity and personal data protection (generally modelled on French legislation), the existence of a national CERT and the presence of a security ecosystem (auditing companies, penetration testing, distributors and resellers of security products, etc.) must be verified. This first step in risk analysis yields a more accurate vision of the measures to be taken. A session to raise awareness of or even provide basic training on ISS for local staff and partners will be required in all cases — just as in France!
In this regard, the African market offers strong potential and genuine opportunities for French companies. Apart from historic operators such as Orange and global players such as Atos, few are currently present and even fewer have incorporated the continent into their development strategy. Yet, the needs are enormous: auditing and consulting, penetration testing, e-mail security solutions, network security, hosting, data encryption, etc. Countless local distributors, resellers and integrators have all the expertise needed to become first-class partners for French developers and providers. For the moment, due to a lack of alternative products and ignorance of the technologies developed by French companies and SMEs (whose fault is this?), these developers and providers incorporate and resell only major products and market-leader solutions, mostly American.
Only Systemis, an SME of 80 people specialised in security technical expertise, has truly wagered on the African market. Armed with an extensive offer that includes consulting, encrypted telephony and secure collaborative extranet solutions, Systemis is enjoying a favourable reception with tangible results in just 12 months. These initial successes have bolstered the company as it establishes itself on the African market, with the Democratic Republic of the Congo, Senegal and Côte d’Ivoire as its priority targets. All the same, a local presence or relay remains an imperative in the short term. It is undoubtedly easier to export to Africa than it is to export to certain European countries. The single digital market is still far from a reality.
The French-speaking world: a strong axis of development
A 2014 report by Jacques Attali on the French-speaking world and Francophilia established a direct link between the sharing of a common language and the development of business opportunities. Indeed, working in the same language enables sharing values and a common culture, which considerably facilitates business relationships. This dynamic, which has greatly benefited the Commonwealth, could naturally benefit the French-speaking world. It is one of the main axes developed by the International Organisation of La Francophonie (OIF). The OIF has 84 member states and observers. Its mission is to promote the French language and cultures, and of course to develop economic ties within a linguistic space bringing together nearly 300 million speakers. Digital affairs are gradually emerging as an essential lever of its strategy.
Cybersecurity is conceived as a continuum between defence and security with a view to the overall stability of the digital space. However, this vision involves all players having a comprehensive understanding of challenges up to the highest level of decision-making. The generation gap between, on the one hand, young operations managers well versed in digital culture and generally well trained and, on the other hand, major decision-makers ill at ease with digital affairs, is still a reality. With this in mind, the OIF is working with the Agence Universitaire de la Francophonie (AUF), the ANSSI and AfricaCERT on large-scale awareness-raising and, in particular, development of training common to the entire French-speaking world. Specialised training programmes as at Université Cheikh Anta Diop in Dakar are proliferating throughout the subregion. Nevertheless, the shortage of a qualified workforce remains pressing and is slowing down the development of companies on the continent.
Africa is emerging, and its economies are now ready to integrate into the global digital economy. In this context, the OIF is fielding more and more direct questions from member states on cybersecurity issues, related both to governance and economic development. Thus the organisation is playing the role of a facilitator and a representative to build dialogue between the public sector and the economic world. The end goal of this intermediary and consultant role is to promote the emergence of local ecosystems and to create the conditions for a business climate favourable to companies.
The mission that the French Elements in Senegal (EFS) set for themselves four years ago through co-organising SecurityDays with CEIS goes beyond their traditional roles of military cooperation, and is as follows: to adopt a decompartmentalised approach between ministries (Defence, Interior, Post and Telecommunications, and Foreign Affairs) and the private sector, to promote feedback, to accelerate awareness-raising among decision-makers, and to build bridges between the burgeoning African ecosystems and the mature French ecosystems. The participation of the OIF in meeting these objectives is no coincidence.
French companies should now step into this dynamic market, which is much more mature than it was before, drawing on linguistic, cultural and legal ties related to the French-speaking world. Establishing a trusted Francophone digital ecosystem creates a win–win situation for companies, citizens and states. It could also be a means of sustainably counterbalancing Anglophone domination and a path to genuine digital sovereignty.
Read also > CEIS study: L’essor du numérique en Afrique de l’ouest (The Digital Boom in West Africa)