In an exclusive interview with Sanusi Drammeh, Director of Cybersecurity at the Ministry of Communications and Digital Economy in The Gambia, we delve into the pressing cybersecurity challenges facing the nation and the strategic initiatives being implemented to address them. Drammeh shares his insights on enhancing cybersecurity infrastructure, the role of international collaborations, and the Ministry's forward-looking priorities for the next five years.

What are the primary cybersecurity threats currently facing The Gambia, and how is the Ministry of Communications and Digital Economy addressing them?

The current threats we face include ransomware attacks, which sit at the top of the list. In 2023, we intercepted a ransomware attack on our Central Bank. As a ministry, we acted swiftly to contain the attack before it could spread to the payment systems. This highlights the significant risk ransomware poses, especially to the financial sector.

Another prevalent threat is phishing and spoofing attacks, typically targeting individuals. These attacks are rampant and often involve online extortion and fraud. Perpetrators collect intimate content, such as videos or audio, and use it to blackmail people, threatening to release the information publicly unless a ransom is paid. These attacks frequently occur on social media platforms like Facebook, where an individual's account can be hijacked, and the attacker uses another communication channel like WhatsApp, or clones the victim's personal account. Phishing attacks via email are also common; clicking on a malicious link can result in stolen credentials.

Last year, we also dealt with a cryptocurrency scam by the AL Group. They attracted investors by promising returns in exchange for a fee to join the platform. This was proven to be a fraudulent scheme, and the operators were apprehended after an investigation.

Additionally, we face the issue of sextortion, a form of extortion aimed at embarrassing or defaming prominent individuals by acquiring and threatening to release their intimate videos or audio.

Could you highlight some key initiatives or projects you've led to enhance cybersecurity infrastructure and policies in The Gambia?

When it comes to policy, The Gambia government, through the Ministry of Communications and Digital Economy, formulated the National Cybersecurity Policy Strategy and Action Plan 2022-2026. This policy aims to provide a sense of direction and commitment by the government, as well as relevant stakeholders within the ecosystem, to uphold cybersecurity principles. These principles are based on seven key pillars:

  1. Cybersecurity Industry
  2. Legal and Regulatory Frameworks
  3. International Cooperation
  4. Capacity Building, Education, and Awareness
  5. Institutional Framework and Governance
  6. Critical Information Infrastructure Protection
  7. Building Cybersecurity Capabilities

These Pillars are consistent with the Strategic objectives of the National Cybersecurity Strategy 2022-2026 and are further elaborated into an Action Plan, which will be implemented till 2026.

In terms of implementation, particularly related to capabilities, the ministry, together with relevant stakeholders, established the National or the Gambia Computer Security and Incident Response Team (GM-CSIRT) in 2020, after initial engagement started around 2015 with the ITU.

Another significant initiative is the establishment of the Digital Forensics Laboratory, which intersects with cybercrime. This laboratory is primarily focused on the investigation, collection, preservation, and handling of digital or electronic evidence to support cybercrime prosecution. This initiative was supported by ECOWAS through the Organized Crime West Africa Response on Cybersecurity and Cybercrime (OCWAR-C), a project funded by the European Union. The Gambia was selected among four countries to pilot this project, and we successfully established a fully operational laboratory.

However, challenges remain with the sustainability of these infrastructure components, particularly regarding the renewal of proprietary licenses and ensuring that personnel maintain the necessary capacity. Capacity building is an ongoing process, and we are actively seeking support from partners to address this need.

Furthermore, we have secured funding from the World Bank for the Western African Regional Digital Integration Programme, a five-year project running until 2028, which includes a cybersecurity component. As part of this project, we have incorporated several activities from the National Cybersecurity Action Plan 2022-2026. This includes developing a regulatory framework for critical information infrastructure protection, policies for child online protection, and establishing a government Security Operations Center (SOC). The project also focuses on capacity building and enhancing the capabilities of the Gambia Computer Security Incident Response Team.

These initiatives and projects represent significant strides in enhancing The Gambia's cybersecurity infrastructure and policies, positioning us to better address the evolving cybersecurity threats and challenges.

Could you outline how your leadership in e-commerce, cyber security, and ICT sector infrastructure has advanced digital infrastructure and cybersecurity in The Gambia, along with strategies for effective coordination across sectors?

Electronic commerce is already prevalent in The Gambia, but it remains somewhat weak due to the absence of a national e-payment gateway or an international payment gateway capable of accepting Visa or MasterCard, and other major credit card company payments inflows to native e-commerce platforms or entities from abroad to The Gambia. This limitation hampers the ability to procure equipment, services, and products within the country from outside, resulting in a lack of direct cash inflow or transactions.

To address this issue, we are collaborating with the central bank and other partners to establish an international payment gateway and forge partnerships with Visa. Recently, during Gitex Africa 2024, we signed a memorandum of understanding with Visa. This agreement focuses on partnerships in financial inclusion, electronic payments, capacity building, and more. Visa's support is crucial because they must license our payment gateway or switch to process incoming Visa transactions beyond our borders. Without these and similar initiatives, the digital economy will struggle.Also, ensuring the cybersecurity of this infrastructure is paramount, once fully commissioned. We are committed to deploying this payment system/gateway in compliance with PCI DSS (Payment Card Industry Data Security Standard), which is one of the cybersecurity standards for payment systems and cards. Compliance with PCI DSS is essential to safeguard transactions and protect sensitive information.

Another critical component is the establishment of a National Public Key (PKI) Infrastructure (PKI). Currently, The Gambia does not have a national PKI, but we are working with the Tony Blair Institute to towards developing a national PKI policy. Implementing a PKI requires a minimum investment of $2 million  on top of  the necessary regulatory and enabling environment. We are working with partners to establish achieve this feat, as it is vital for the security of electronic transactions.

Once we have a secure international payment gateway system, compliant with PCI DSS, and a national PKI in place, electronic commerce in The Gambia will thrive. Additionally, we must ensure secure websites and web applications for these payment systems. Service providers must adhere to a minimum level of security for their systems, especially when they are deemed essential services or critical information infrastructure. For critical information infrastructure, we are formulating a policy and regulation, which will help strengthen enforce and strengthen the security of such essential services by holding service providers accountable to maintain cybersecurity standards.

In conclusion, by addressing these challenges and implementing these measures, we can significantly enhance electronic commerce in The Gambia, fostering a secure and robust digital economy.

How do your international engagements contribute to cybersecurity collaboration, and what lessons have you brought back to implement in The Gambia?

The Gambia has greatly benefited from its international collaborations, both bilateral and multilateral. These partnerships have been instrumental in advancing our cybersecurity and ICT initiatives.

For instance, the cybercrime bill currently under consideration by Parliament was supported by the Council of Europe. They drafted the initial version, which we then adapted to fit our national context while adhering to international best practices. The cybersecurity policy, on the other hand, was developed internally, reflecting our local needs and conditions.

The Data Protection and Privacy Bill is another example of the benefits of international cooperation, highlighting our commitment to align with global standards. The establishment of the Digital Forensics Laboratory was facilitated by the Economic Community of West African States (ECOWAS) with support from the European Union.

Moreover, our collaboration extends to the private sector, as seen in our recent memorandum of understanding (MOU) with Visa, which focuses on financial inclusion, electronic payments, and capacity building. Another notable MOU is with Presight, a G42 company based in the UAE, known for its expertise in data analytics, data science, AI, and big data. Presight will support the Ministry in implementing its five key pillars: connectivity, the national data center, an additional submarine landing cable, digital governance, and digital ID. They will also assist in establishing a national Security Operating Center (SOC),distinct from the government SOC, planned under the WARDIP project, which is funded through international cooperation with the World Bank. And finally, Presight will help implement, as part of the MOU, a Digital Supply Chain Security Lab for The Gambia.

These collaborations have taught us that the government cannot tackle these challenges alone. Cybersecurity, cybercrime, and ICT issues transcend borders, making international cooperation essential. The fluid nature of the internet, where borders are defined by IP addresses that can be easily spoofed, underscores the need for global collaboration. For example, an individual in The Gambia could use a VPN to appear as though they are accessing the internet from the a foreign country, complicating efforts to delineate borders based on IP addresses.

Most of our capital-intensive projects are funded through international partnerships, while those that are not fully funded involve cooperative efforts. Internally funded projects are typically low-budget and less capital-intensive, focusing mainly on raising awareness, developing policies, and capacity building in the realm of cybersecurity.

In conclusion, our international engagements have been pivotal in enhancing our cybersecurity infrastructure and policies. By collaborating with global partners, we are better equipped to address the dynamic and borderless nature of cyber threats, ensuring a secure and resilient digital ecosystem for The Gambia.

Looking ahead, what are the key priorities and goals for the Ministry's cybersecurity efforts over the next five years?

Over the next five years, our primary focus will be on addressing the remaining objectives from our five-year cybersecurity strategy, as two years have already passed since its inception. Our key priorities include developing and implementing national cyber contingency and crisis plans, establishing a national Security Operating Center (NSOC), and creating a digital supply chain security lab to safeguard digital transactions.

By 2027, we aim to update our cybersecurity strategy to align with modern realities, recognizing that cybersecurity technology evolves rapidly. Continuous capacity building is essential, introducing advanced capabilities and enhancing our workforce's skills. Strengthening both international and internal collaborations is vital, as is fortifying our institutional and regulatory frameworks. Adequate resource allocation is crucial for sustaining and advancing our cybersecurity efforts, and establishing a National Cybersecurity Authority is necessary for more effective governance.

However, achieving these goals requires significant funding and partnerships, as The Gambia, being a low-developed country (LDC), relies heavily on international donors. Sustainability is key; any support must help us generate revenue to ensure long-term self-sufficiency. While we have a clear roadmap, the realization of these objectives hinges on continued international support, adequate funding, and continued strong political will within our country. We are committed to enhancing our cybersecurity landscape and look forward to collaborating with global partners for a secure and resilient digital future for The Gambia.

Pin It