France announces a 1 billion euro plan to strengthen cyber security. The US president signs an executive order on cybersecurity that provides for the establishment of a cyber incident review committee by creating a body that would investigate major hacks. Faced with the risks induced by the numerous digital transformation projects initiated by several African countries, the issue of digital security or even cyber security is more than ever a national security priority. In this interview, Didier SIMBA, Head of Information Systems Security (RSSI), President and Founder of the Club of Experts on Information Security in Africa (CESIA), explains the challenges of digital sovereignty for states African countries and takes stock of cyber security in Africa
First of all, can you tell us what made you want to create CESIA?
Didier SIMBA: The idea came to me from an experience that I had personally. While I was simply a security consultant, I was offered the position of Information Systems Security Manager (CISO), it is a job that is difficult to do alone in his corner, so I needed ” be in a network of peers to benefit from feedback from those who have been before me and especially to monitor technology. In the African environment, I did not find this kind of network, so I joined a similar club in France. Based on my experience in this association, I suggested to friends who are CISOs in companies in Africa to form a group in order to discuss with each other. Throughout the discussions, we have defined our operation and our ambitions. This is how CESIA was born, it is a club reserved exclusively for Information Systems Directors (DSI), Information Systems Security Directors (DSSI) and Systems Security Managers. Information (RSSI). We now have over 120 members in 18 African countries.
What are your cybersecurity goals for the African continent in the coming years?
Didier SIMBA: After a pilot phase in 2020 in 4 countries, we published last February the barometer of cyber security in Africa 2021, which is intended to be a qualitative study carried out directly with our members. We intend to repeat this experience each year in order to provide each time a state of the art of the evolution of cyber security on the continent. I would also like to take this opportunity to thank all of our members who do not count their time to participate in our work and in particular my office, which has been doing a remarkable job since the establishment of our club. On the other hand, we are already supporting companies and administrations in the public and private sectors in their projects related to digital security. We have set up internally what we call “colleges”, these are groups of a few members who work on awareness-raising deliverables both for decision-makers and business leaders, but also for all users of the system. cyberspace which in my opinion are the links in the security chain. Finally, our ambition is to support States in matters of digital security.
Cyber security, we talk about it more and more, Africa is sometimes presented as the continent where everything is to be done, what is your point of view on the state of cyber security in Africa?
Didier SIMBA: “Everything to do”, I don’t think so. The African continent represents 54 countries and presents a great disparity according to the regions. If the northern countries display a good level of maturity, we can see that West Africa is not left out and Central Africa is aligned very well according to the events that are organized in these regions and the major projects that are carried out there. That said, it remains very difficult to put forward figures to demonstrate the impact of cyber attacks on companies or governments, because no one comes to declare what they lost after a cyber attack or what it cost him. to rebuild his system after an attack and no regulations oblige us. But what we now know for sure is that no longer any entity is spared by cyber criminals. So there are two types of businesses: those that know they are under attack and those that don’t. Moreover, the barometer of cyber security in Africa 2021 demonstrates this fairly well, 82% of companies say they have been the victim of at least one cyber attack in 2021 against 65% in 2020 and 94% of these companies indicate consequences. important to the business of companies, including a loss of turnover.
Beside that, there are even more serious cyber criminal acts, with direct consequences on an entire country, I am thinking of disinformation (Fake-New) which can have direct consequences on the geopolitical balance of a countries, company or country spying, data theft, activism, etc. From all this, no African state is spared, for a fairly simple reason: our security architectures are based on solutions from countries in neighboring continents. It is clear that while some countries have already realized this and are considering workaround solutions, others are taking the measure very slowly. Data sovereignty or digital sovereignty must be a matter of national security and should be the subject of a country’s strategic defense plan. We are still far from the mark.
If you think that we are still far from the account, can we therefore envisage digital sovereignty in the near future?
Didier SIMBA: In my opinion, yes. Thanks to CESIA, I had the pleasure of visiting some African countries and I am approached more and more by publishers of African solutions. So I think that, as a first step, we can and we must consider investing more and more in infrastructures which are specific to us and which should allow us to host our data on the contains directly. Secondly, we need to strengthen legislation, where it exists, to allow us to have control over our own data. Finally, collaboration is an obligation, we must not forget that the digital world is not a closed world, there are hardly any borders. Also, we must think of frank cooperation both internally, that is to say between African countries and with the outside, that is to say with our foreign partners, in particular GAFAM. The objective of the Club of Experts on Information Security in Africa (CESIA) is to support states in this process, the horizon of which remains to be determined. That said, absolute sovereignty is utopian in my opinion, we are arriving with a delay compared to the actors who dominate cyberspace and being realistic, let’s say it, no power lets escape a colony without ensuring its control. In such a context, it is imperative that the States of the Hemisphere equip themselves with national mechanisms to combat the surveillance and exploitation policies conducted in cyberspace by state or private organizations driven by their own interests.