TANZANIA ranks highly in all five pillars of measuring global cybersecurity commitments. It ranks among the top 5 African and 46 role-modelling countries in Global Cybersecurity Index (GCI) 2024, according to the International Telecommunication Union (ITU).

“The role-modelling countries have an overall GCI score of at least 95 per cent by demonstrating a strong cybersecurity commitment to coordinated and government-driven actions that encompass evaluating, establishing and implementing generally accepted cybersecurity measures across all five pillars or up to all indicators,” says the GCI report.

A country score is calculated out of 20 points per pillar and Tanzania’s performance is as follows. 1) In relative strength, Tanzania scores 20/20 in legal measures, 20/20 in cooperation measures, and 20/20 in organisational measures. 2) In potential growth, it scores 19.69/20 in technical measures, and 19.57/20 in capacity development measures.

The report says this fifth edition of the GCI explores the current level of cybersecurity commitment among 193 member states and Palestine and the progress made since the last edition. “It examines the implications of the results for governments and policy-makers as they navigate national and regional circumstances, as well as global developments, while planning cybersecurity measures and initiatives.”

In Africa, role-modelling countries (in descending order) are Ghana, Kenya, Mauritius, Rwanda and Tanzania. “The results of this edition of the GCI highlight significant improvements made by countries such as adding foundational legislation, establishing incident response efforts, developing clearer national plans, training people across society, and working together with national and international partners,” says ITU Director of Telecommunication Development Bureau International Telecommunication Union, Dr Cosmas Zavazava.

In particular, Dr Zavazava adds that many countries have been increasingly targeting their cybersecurity efforts towards vulnerable and underrepresented populations.

ITU launched GCI in 2015 to help countries identify the areas of improvement and encourage them to act in building capacity and capabilities under each pillar. The GCI has been adapted across editions to respond to changing risks, priorities and resources to provide a more relevant snapshot of cybersecurity measures undertaken by countries.

The ITU framework for international multistakeholder cooperation in cybersecurity aims at building synergies between current and future initiatives. It focuses on the five pillars, which are the building blocks of a national cybersecurity culture.

In relation to legal measures (laws and regulations) on cybercrime and cybersecurity, 177 countries have at least one regulation on either personal data protection, or breach notification in force or in progress, 151 countries have data protection regulations in force and 104 countries have critical infrastructure regulations. “Fundamentally, the objective is to have sufficient legislation in place to harmonize practices at the regional/international level, strengthen cybersecurity systems, and simplify international frameworks to combat cybercrime,” the report says.

In relation to the imple­mentation of technical capabilities through national and sector-spe­cific agencies, 139 countries have active computer incident response teams (CIRTs), 83 countries have engaged with a regional CIRT association and 110 countries have frameworks to adopt cybersecurity standards.

According to the report, countries should have technical capabilities and capacity to be able to effectively identify, detect, protect and respond to cyber-risks and cyberthreats, and to recover from attacks, as well as to promote information-sharing and evaluate and implement standards, good cybersecurity practices, and schemes for secure information communication technologies (ICTs).

In relation to organisational measures (national strat­egies and organisations implementing cybersecurity), 132 countries have national cybersecurity strategies, 161 countries have cybersecurity agencies and 94 countries have child online protection strategies and initiatives reported. The report says broad strategic targets and goals should be set by the state, as well as a comprehensive plan for implementation, delivery and measurement.

“National agencies must be present to implement the strategy and evaluate outcomes. Without a national strategy, governance model or supervisory body, efforts in different sectors become conflicted, undermining efforts to obtain an effective harmonisation in cybersecurity development.”

In relation to capacity development measures - awareness campaigns, training, education and incen­tives for cybersecurity capacity development – 152 countries have conducted cyber-awareness initiatives, 153 countries have cybersecurity at some levels of national curricula and 99 countries have cybersecurity capacity-development incentives.

In this way, the report says, cybersecurity is most often tackled from a technological perspective even though there are numerous socioeconomic and political implications. Moreover, it says human and institutional capacity development is essential to increasing awareness, knowledge and know-how across sectors for systematic and appropriate solutions and to promoting the development of qualified professionals.

In relation to cooperation measures (partnerships) between agencies, firms and countries, 108 countries have engaged or will be engaged in domestic or international cybersecurity public-private partnerships, 166 countries have international cybersecurity agreements and 122 countries have reported inter-agency collaboration. The report says greater cooperation can enable the development of much stronger cybersecurity capabilities, helping to mitigate cyber risks and enable better investigation, apprehension and prosecution of malicious agents.