National Cybersecurity Strategy of the Republic of Rwanda 2024-2029

The National Cybersecurity Strategy of the Republic of Rwanda 2024-2029 is a comprehensive plan developed to enhance Rwanda’s cybersecurity posture in response to the growing digitalization of the country.

The Government of Rwanda (GoR) has heavily invested in Information and Communications Technology (ICT) as a cornerstone for national economic growth. Recognising the increasing sophistication and prevalence of cyber threats, the GoR has prioritised the need for a resilient and secure ICT infrastructure. This second National Cybersecurity Strategic Plan (2024-2029) aims to enhance trust and confidence in Rwanda’s ICT facilities while ensuring national security.

2. Objectives

The strategy outlines seven overarching objectives to be achieved between 2024 and 2029:

1. Consolidate the national cybersecurity framework: Enhance the roles, responsibilities, and legal obligations of national entities.
2. Increase Rwanda’s cyber risk management capability: Equip Rwanda with tools and techniques for monitoring, assessing, and mitigating cyber risks.
3. Prepare Rwanda for cybersecurity challenges: Improve operational capabilities to respond to cyber incidents.
4. Protect critical national infrastructures and essential services: Safeguard essential services and critical infrastructure to maintain national security and citizens’ well-being.
5. Embed cybersecurity in the national culture: Integrate cybersecurity education at all levels to promote an informed and responsible populace.
6. Build a cybersecurity industry: Develop a national cybersecurity industry to drive innovation and economic growth.
7. Promote international cooperation: Engage with international and regional partners to enhance Rwanda’s role in global cybersecurity.

3. Current State of Cybersecurity in Rwanda

• Cyber Threats: Rwanda’s increasing digitisation exposes the nation to various cyber threats, particularly to critical national infrastructures. The country faces rising challenges from cybercriminal activities, including ransomware, phishing, online scams, and identity theft.
• Policies and Governance: Rwanda’s journey toward digitalisation began in 2001, with subsequent policies such as the National Cybersecurity Policy (2015) and Vision 2050 laying the foundation for the current strategy. These documents have guided Rwanda’s approach to integrating cybersecurity into the national framework.
• Guiding Principles: The strategy aligns with principles from the National Cybersecurity Policy of 2015, emphasising national leadership, public-private collaboration, risk-based management, and international cooperation.

4. Vision

Rwanda’s vision for cybersecurity is encapsulated in the motto: “cyber resilience, digital trust.” The strategy is aligned with Vision 2050, aiming to support Rwanda’s economic and social aspirations while ensuring that the country is protected from cyberspace threats. The strategic pillars include promoting cyber resilience, building a cybersecurity industry, and enhancing cooperation and collaboration.

5. Strategic Pillars

The strategy is built on three main pillars:

Pillar 1: Promote Cyber Resilience and Trust

• Objective 1: Protect National Critical Information Infrastructure and Essential Services
  • Identify and protect critical infrastructures and essential services.
  • Establish baseline security measures for these entities.
  • Protect strategic sectors vital to national growth.
• Objective 2: Enhance the Legal, Regulatory, and Governance Framework
  • Assess and refine the national cybersecurity landscape.
  • Introduce granular governance frameworks at the sectorial and local levels.
  • Embed cybersecurity obligations in the normative framework to ensure compliance and accountability.
• Objective 3: Prepare Rwanda for Cybersecurity Challenges
  • Develop national cyber risk management capabilities.
  • Strengthen reactive and proactive capabilities against cyber threats.
  • Establish cyber contingency plans for national emergencies.

Pillar 2: Build the Rwandan Cybersecurity Industry

• Objective 1: Develop a Cybersecurity Culture
  • Implement national cybersecurity awareness programs tailored to different population segments.
  • Build cybersecurity capabilities for Small-to-Medium Enterprises (SMEs).
• Objective 2: Develop Cybersecurity Education and Capacity Building
  • Create national cybersecurity education programs from primary school to university.
  • Establish capacity-building programs for the workforce, focusing on public officials, law enforcement, and critical infrastructure operators.
• Objective 3: Foster Public-Private Partnerships
  • Promote inter-sectoral and intergovernmental collaboration to strengthen national cybersecurity efforts.

Pillar 3: Enhance Cooperation and Collaboration

• Objective 1: Promote International Cooperation
  • Establish cross-border capacity-building initiatives and cyber contingency plans.
  • Develop a standing cyber-diplomacy capability to represent Rwanda’s cybersecurity interests internationally.
  • Encourage Rwandan entities to participate and take leadership roles in regional, African, and international cybersecurity communities.

6. Implementation of the Strategy

• Leading Implementation Authority: The National Cyber Security Authority (NCSA) will lead the strategy’s implementation, monitor progress, and report to national leadership.
• Adoption and Monitoring: The strategy will be formally adopted into Rwanda’s national legal framework. The NCSA will establish a monitoring mechanism, including the creation of Key Performance Indicators (KPIs) to measure progress and ensure alignment with the national cybersecurity vision.

This strategy positions Rwanda to not only secure its digital infrastructure but also to become a leader in the cybersecurity domain, both regionally and internationally. By focusing on resilience, industry development, and collaboration, Rwanda aims to create a robust cybersecurity ecosystem that supports its broader national development goals.