Malawi Faces Cybersecurity Threats: Government Must Act to Protect Critical Information Infrastructure

Malawi is at risk of severe cyber attacks that could destabilize the country’s economy and stability, as well as inflict reputational damages to individuals. To mitigate this threat, the Government of Malawi must prioritize the cybersecurity of its critical information infrastructures (CIIs), which are essential for providing vital services to the nation.

Collaboration is Key

The protection of Malawi’s information infrastructure, including CIIs, requires collaboration between all relevant stakeholders, including public and private institutions that own or operate the information infrastructure. The Government will work with these stakeholders to identify and understand vulnerabilities and levels of cybersecurity in Malawi’s information infrastructure, particularly CIIs.

Six Objectives for Strengthening Cybersecurity

To achieve this goal, the Government has set out six specific objectives:

Objective 1: Identify and Protect Critical Information Infrastructure

Establish a National CII Register

Establish a comprehensive register to identify and track critical information infrastructures in Malawi.

Develop a National CII Governance Framework

Develop guidelines and frameworks for the governance of CIIs, including risk management and incident response.

Establish a National Risk Register and Regulations/Guidelines for Continuous Risk Assessment and Management

Create a national risk register to monitor and manage risks to CIIs.

Objective 2: Continuously Monitor and Manage Cyber Threats and Risks to Enhance Incident Response

Expedite the Establishment of a National CERT

Establish a national Computer Emergency Response Team (CERT) with clear processes, defined roles, and responsibilities.

Develop a National Incident Reporting, Information Sharing, and Coordination Mechanism

Develop a mechanism for reporting, sharing, and coordinating cyber security incidents in Malawi.

Create a Cyber Security Incidents Register and Assess Incidents

Create a register to track and assess cyber security incidents in Malawi.

Objective 3: Strengthen Malawi’s Legal and Regulatory Frameworks to Enhance Cybersecurity

Undertake a Gap Analysis of the Current ICT Security Legal and Regulatory Framework

Conduct an analysis of the current legal and regulatory framework for ICT security in Malawi.

Develop and Publish a Cybersecurity Policy and Standards

Develop and publish policies and standards for cybersecurity in Malawi.

Objective 4: Stakeholder Capacity Building for Law Enforcement and Judiciary

Identify Needs and Provide Training and Education to Law Enforcement Agencies, Judiciary, and Legal Fraternity on How to Interpret and Enforce Cybersecurity-Related Laws

Provide training and education to law enforcement agencies, judiciary, and legal fraternity on cybersecurity-related laws.

Objective 5: Enhance Technical and Procedural Measures for Implementing Cybersecurity for CIIs

Establish Mandatory and Minimum Technology and Security Requirements for CIIs

Establish minimum technology and security requirements for CIIs in Malawi.

Develop a National Government Programme to Deploy and Manage Government ICT Infrastructure

Develop a program to deploy and manage government ICT infrastructure.

Objective 6: Continuously Develop and Enhance Cybersecurity Technical Capacity in Malawi

Revise the National Research Agenda to Promote R&D in Cybersecurity

Revise the national research agenda to prioritize cybersecurity-related research and development.

Establish a National Centre of Excellence for Cybersecurity Training & Research

Establish a centre of excellence for cybersecurity training and research.

Conclusion

The Government’s efforts to strengthen cybersecurity will help protect Malawi from cyber threats, ensuring the continued provision of vital services and maintaining national stability.