Mozambique’s national cybersecurity policy

December 2021

View the original document

Strategies and Action Plans

Mozambique’s National Cybersecurity Policy and its Implementation Strategy, approved by Resolution No. 69/2021 of the Council of Ministers, is a comprehensive strategy aimed at strengthening the country’s cybersecurity posture in response to increasing digital threats and the growing importance of digital technologies in public and private life.

Purpose

The strategy is grounded in the recognition that cyberspace is a shared and complex environment requiring collective responsibility. It is designed to:

  • Safeguard national critical infrastructure and digital assets.
  • Regulate the use of cyberspace.
  • Build institutional and operational cybersecurity capacity.
  • Promote best practices in the use of ICTs.
  • Coordinate and harmonise institutional efforts to respond to cyber threats.

The PENSC aligns with Mozambique’s broader digital development efforts, including previous policies such as the Política para a Sociedade da Informação and legal instruments like the Electronic Transactions Law, the Telecommunications Law, and regulations concerning digital certification and telecom network security.

Key components

Vision and mission

  • Vision: A secure and resilient national cyberspace with an informed society.
  • Mission: Develop institutional and operational capacity for a secure and attractive cyber environment.

Strategic objectives

  • Protect public and private information assets and critical infrastructure.
  • Foster coordination and cooperation across sectors.
  • Establish legal, technical, and operational cybersecurity frameworks.
  • Cultivate national cybersecurity awareness and research capabilities.

Guiding principles

  • Legality
  • Risk management
  • Accountability
  • Cooperation and collaboration
  • Inclusion

Strategic pillars

  1. Leadership and Coordination
  2. Protection of Critical Information Infrastructure (CII)
  3. Protection of Information Assets
  4. Legal and Regulatory Framework
  5. Capacity Building, Research and Innovation
  6. Cybersecurity Culture and Awareness

Implementation strategy

The PENSC includes 25 specific initiatives aligned with the six pillars. These initiatives include:

  • Establishing national cybersecurity governance bodies such as the National Cybersecurity Council (CNSC) and a National CSIRT.
  • Creating legal and regulatory tools, including new laws and ratification of international treaties.
  • Promoting public awareness campaigns and educational programs.
  • Mapping and protecting critical infrastructure.
  • Enhancing cooperation with regional and international partners.

Each initiative includes defined outcomes, impact indicators, timelines (2021–2025), and expected results.

Institutional coordination

Implementation is led by the CNSC, chaired by the Minister responsible for ICTs, and supported by representatives from defense, justice, finance, education, health, and regulatory agencies, as well as private sector, civil society, and academia.

Alignment with African and global standards

The strategy is aligned with the African Union’s Digital Transformation Strategy (2020–2030) and its Convention on Cybersecurity and Personal Data Protection. It aims to improve Mozambique’s ranking in ITU’s Global Cybersecurity Index and foster international cooperation to combat cybercrime.