The National Cybersecurity Strategy of Egypt (2023-2027)

Strategies and Action Plans

The National Cybersecurity Strategy of Egypt (2023-2027) aims to establish a robust, resilient, and secure cyberspace that contributes to the economic prosperity and national security of Egypt. The strategy is built on several core pillars designed to enhance the country’s cybersecurity capabilities across various sectors.

Importance of the Strategy

The importance of having a national cybersecurity strategy for Egypt lies primarily in addressing the increasing number and sources of cyber incidents and in creating opportunities for the Egyptian market by building human capacities and developing a national industry that contributes to the Gross Domestic Product (GDP). The strategy’s goal is to assess the current state of cybersecurity in Egypt and precisely identify the elements needed for the national cybersecurity strategy by evaluating threats, opportunities, strengths, and weaknesses.

Key Components of the Strategy

  1. Cybersecurity Threats: The strategy acknowledges the growing number of cyberattacks and their sources, which include cybercrime, cyber warfare, terrorism, insider threats, and threats from amateur hackers (script kiddies). These threats have caused significant economic losses globally and can lead to operational disruptions and reputational damage.
  2. Opportunities: Despite the destructive nature of cyber threats, there are opportunities to build a national cybersecurity industry that can employ many young people, develop and operate cybersecurity software, and raise awareness among the general public and critical infrastructure operators.
  3. Strengths and Challenges: The strategy highlights the high enrollment of students in telecommunications and information technology fields as a strength, along with the noticeable growth in the telecommunications and IT infrastructure. Challenges include the nascent stage of cybersecurity research, the need for coordinated efforts between government entities and critical infrastructure operators, and the lack of a binding framework to streamline these efforts.

Strategic Goals and Programs

  1. Vision: To create a secure and resilient Egyptian cyberspace that encourages economic prosperity.
  2. Mission: To lead national efforts in understanding and managing cyber risks.
  3. Legislative Framework: The strategy involves establishing comprehensive legislation to criminalize cyber offenses, enforce standards and regulations on institutions, and protect personal data. Key legislative measures include the Cyber Crimes Law No. 175 of 2018 and the Personal Data Protection Law No. 151 of 2020, with ongoing efforts to draft a comprehensive Cybersecurity Law.
  4. National Programs: The strategy outlines various national programs to build a resilient cybersecurity framework, including:
    • Building a Comprehensive Legislative Framework: Establishing laws and regulations to govern cybersecurity.
    • Enhancing National Partnerships: Developing frameworks for cybersecurity governance and establishing national and sector-specific cybersecurity centers.
    • Promoting Scientific Research and Innovation: Supporting small project incubators and increasing the number of cybersecurity service providers.
    • Changing Community Culture Regarding Cybersecurity: Implementing awareness programs targeting different societal segments.
    • Building Strong and Resilient Cyber Defenses: Enhancing the security of critical infrastructure and promoting national standards and policies.
    • Strengthening International Cooperation: Collaborating with international partners to set global cybersecurity standards and share best practices.

Performance Indicators

To monitor and ensure the successful implementation of the strategy, key performance indicators (KPIs) have been established across five main axes:

  1. Overall Indicators: Contribution of the cybersecurity industry to the national GDP, number of licensed cybersecurity service providers, and services offered in the Egyptian market.
  2. Growth and Innovation Indicators: Number of published research papers, representation in international forums, and the number of small projects integrated into incubators.
  3. Awareness Indicators: Number of awareness campaigns, social media engagements, and viewership metrics.
  4. National Talent Indicators: Number of training programs, participants, graduates, and licensed professionals in cybersecurity.
  5. National Partnership Indicators: Number of bilateral cooperation agreements with government entities and projects funded by the cybersecurity development fund.