U.S. Department of State and ECOWAS Partner to Promote Cyber Due Diligence in West Africa
Author: Johanna Vazzana, Lead Cybersecurity Engineer, The MITRE Corporation
The growth and diffusion of Internet-based technology globally has created new economic, social and political opportunities in every region of the world. It has also presented new challenges to countries that seek to harness the Internet for economic development while also addressing threats in and through cyberspace. Cyber strategies act as a tool to help nations navigate activities in cyberspace. The Department of State-sponsored ECOWAS Cyber Strategy Workshop was designed to help national leaders do just that –plan strategically for cyber as an enabler for national objectives.
Cooperating Across Borders to Address Challenges in Cyberspace
International cooperation is critical in achieving national objectives. The Economic Community of West African States (ECOWAS) together with the U.S. Department of State (DoS) recognize the importance of regional cooperation to advance mutual interests in cyberspace. To assist in meeting regional goals ECOWAS, the DoS’ Office of the Coordinator for Cyber Issues (S/CCI) and Bureau of International Narcotics and Law Enforcement Affairs (INL) supported MITRE, a U.S. federally funded research and development center, to co-host a cyber strategy workshop for senior leaders from all 15 ECOWAS Member States.
The four-day workshop, held June 12-15 and hosted by the U.S. Embassy in Abuja, sought to strengthen regional understanding of cyber threats and opportunities; identify areas of mutual interest for regional cooperation; inform development of national cyber strategies and plans; and promote more effective international legal cooperation in the sharing of electronic evidence.
The workshop enjoyed the maximum attendance of 60 participants representing each of the 15 ECOWAS Member States. Subject matter experts from international organizations and industry attended as well, including representatives from the Council of Europe, the Commonwealth Telecommunications Organization, the U.K. Foreign and Commonwealth Office, the Dutch Embassy in Abuja, the European Union, the African Union Commission, the ECOWAS Commission, local industry partners, and from the governments of Cape Verde, Cote d’Ivoire, Nigeria, and Senegal.
Promoting Cyber Strategies
S/CCI directed MITRE to create the National Cyber Strategy Framework to assist in executing this workshop and other State Department missions related to developing and implementing national cyber strategies. This tool framed all activities throughout the week and encouraged Member States to think strategically under a common lexicon and framework. Participants drafted national “strengths and challenges” statements; a preparatory exercise to help determine national readiness to engage in strategic cyber planning; a table top exercise to help illuminate process gaps in responding to a cyber incident; specific national goals for cyberspace and implementable tasks and subtasks; and a sample public service announcement to raise citizens’ awareness of the opportunities and threats in cyberspace.
Collaboration and discussion were rich; participants engaged across national boundaries, asking questions, sharing information and extending offers of assistance. Some of the most significant takeaways included:
- The provision of best practices for national cyber strategy development and implementation that provide a tool to communicate and mandate national goals for cyberspace.
- The exposure provided to assist Member States in harmonizing their legal frameworks in line with ECOWAS Community Acts and the Council of Europe Convention on Cybercrime (Budapest Convention).
- The presentation of a clear visual of regional goals and aspirations in cyberspace as compared to current regional capacity, as defined by Member States themselves. This visual clearly represents the region’s level of cyber capacity and where efforts should be focused to meet self-identified regional aspirations.
In addition, a prioritization exercise utilized the gathered data and led participants through a process that resulted in a focused list of possible next steps for the region that reflected Member States’ opinions of the most pressing concerns for cyber capacity building. Key issues from the prioritization exercise included: the need for all member states to publish national cyber strategies; the desire to establish national Computer Security Incident Response Teams (CSIRTs) with a regional coordination mechanism among them; and the importance of raising leadership understanding of the criticality of planning for cyber.
Workshop activities provided participants with individual national next steps and take-home worksheets for further development. In addition, briefings, activities and discussions were used to draw out regional priorities, leveraging the discoveries made during the workshop and from pre-workshop surveys. The activities culminated with participants discussing and debating potential regional priorities that could help advance cyber strategy and cybersecurity in West Africa.
The results of workshop activities provided a solid foundation for regional strategic cyber planning. Secure information and communication technologies have the potential to strengthen business confidence and enhance good governance throughout the ECOWAS region thus enabling new prospects for economic growth and development. Workshop activities reinforced that national leadership has an important part to play by establishing thoughtful strategic and legal frameworks that create an enabling environment for these technologies to grow and remain secure. Through regional cooperation and the necessary frameworks, a digital economy can be nurtured that facilitates investment and industry growth. In this economy, cyber capacity and cybersecurity are valuable and necessary. The ECOWAS Cyber Strategy Workshop reinforced this concept and provided attendees with the tools to view cyber capacity and cybersecurity as enablers to national objectives, to think strategically about cyber issues, and to promote more effective international legal cooperation.
This article first appeared in the fourth issuse of the Global Cyber Expertise Magazine - November 2017