The National Cybersecurity Strategy 2023-2026 of Mauritius
October 2023
Strategies and Action Plans
Author: Ministry of Information Technology, Communication and Innovation
The National Cybersecurity Strategy 2023-2026 of Mauritius outlines a detailed plan to enhance the country’s cybersecurity posture, addressing evolving cyber threats while fostering a secure digital environment. The strategy is built upon the achievements of the previous 2014-2019 strategy and aims to ensure that Mauritius remains resilient, safe, and well-positioned to tackle new and emerging threats in cyberspace.
At its core, the strategy emphasises the importance of maintaining the integrity, confidentiality, and availability of information, acknowledging that Mauritius’s stability and prosperity depend on secure and reliable cyberspace. To this end, the strategy is structured around four main pillars: building resilient infrastructure, ensuring a safer cyberspace, promoting innovation alongside enterprise security and cybersecurity education, and strengthening regional and international cooperation.
The first pillar focuses on creating a resilient infrastructure, crucial for protecting critical services like utility plants, transportation networks, and hospitals from cyber-attacks. To strengthen this resilience, the strategy includes the enforcement of the Cybersecurity and Cybercrime Act 2021, which mandates critical infrastructure to regularly assess vulnerabilities, risks, and preparedness against potential cyber-attacks. This includes conducting periodic IT Security Risk Assessments and implementing incident reporting policies. Furthermore, the strategy encourages the development of dynamic legal frameworks that align with international norms, such as the Budapest Convention on Cybercrime, and aims to enhance response capabilities through a national Security Operations Centre (SOC).
The second pillar, ensuring a safer cyberspace, acknowledges the growing sophistication of cybercrime, particularly in the wake of increased digital connectivity post-COVID-19. It emphasises the need for a collaborative approach involving government, businesses, and the broader society. The strategy aims to bolster law enforcement’s technical capabilities, improve incident reporting mechanisms, and foster a culture of collective responsibility towards cybersecurity. By encouraging citizens and businesses to report cyber incidents and raising awareness about secure online behaviours, the strategy seeks to minimise the impact of cyber threats and create a safer online environment for all.
Promoting innovation, enterprise security, and cybersecurity education constitutes the third pillar. The strategy recognises that future economic growth in Mauritius is closely tied to digital trust and a secure online environment. To ensure the country remains an attractive destination for business and investment, it aims to cultivate a cyber-aware workforce through enhanced education at all levels, including primary, secondary, and tertiary education. The strategy encourages the development of local cybersecurity capabilities, partnerships with private sectors for scholarships, and Research and Development (R&D) initiatives. It also promotes the creation of a Cyber Smart Nation by raising awareness of cybersecurity risks and benefits, thereby empowering citizens and businesses to adopt best practices in online safety.
The fourth pillar emphasises strengthening regional and international partnerships. Recognising that cyber threats are often borderless, the strategy aims to foster collaboration with regional and international cybersecurity bodies. This includes expanding the network of the Computer Emergency Response Team (CERT) through Memorandums of Understanding (MoUs) with other countries, such as CERT-India and Singapore CERT, and contributing to global discussions on cybersecurity norms through participation in forums like the United Nations Open Ended Working Group (OEWG). The strategy also aims to position Mauritius as a leader in cybersecurity within the African region, leveraging its status as a hub for cybersecurity training and expertise.
The governance framework for the implementation of this strategy is structured through the National Cybersecurity Committee, which coordinates and oversees the execution of cybersecurity policies and initiatives. The strategy underscores the roles of different stakeholders, including government agencies, the private sector, academia, and civil society, emphasising a collaborative approach for a robust and secure cyber environment.