The National Sovereign Authority for Cybersecurity in Sudan — Objectives, means, challenges and future prospects for digital sovereignty ✍️ Dr. Abu Al-Tayeb Adam Hassan Suleiman
The current situation in Sudan: –
Sudan has a 2007 cybercrime law that covers crimes related to information systems, networks and data.
-There are government statements and initiatives indicating that cybersecurity is now a priority in government policies and digital development. For example, the Prime Minister highlighted the importance of integrating digital security concepts into government policies and programs. .
But it now appears that the government is making broad and rapid efforts to translate these declarations into reality and establish a clear body (the Minister of Communications and Digital Transformation) which defines itself as the “Sovereign National Authority for Cybersecurity” with all its legal and regulatory qualities, as in some countries. Considering the sensitivity of the issue and its importance in the current circumstances, we present some ideas and proposals, which are as follows.
First: the proposed objectives for a sovereign body for cybersecurity in Sudan.
If the Authority is created or reorganized as a sovereign body, these objectives are logical and important:
1. Protect critical infrastructure
-Securing electricity, water and communications networks and systems which, if disrupted, would greatly affect national security and stability.
2. Digital sovereignty
Reduce external dependence on technical infrastructure, software, data management and hosting of critical services.
3. Fight against cybercrime
Modernize the law, strengthen security services, digital forensic investigations and rapid response to cyber incidents.
4. Cyber risk management at national level
Threat analysis, early warning, damage assessment and contingency plans.
5. Promote awareness and build human capacity
Train engineers, security personnel, government officials and educate the public about the dangers of digital security.
6. Legislative and regulatory framework
Adopt clear legislation, safety controls and standards, and smooth cooperation between government and private agencies.
7. International and regional cooperation
Exchange information, cooperate with global organizations and monitor cross-border threats.
8. Guarantee confidentiality and data protection
-Achieve a balance between digital security and human rights, citizen privacy and lack of…
Violation of freedoms.
Second: the means that the Authority can adopt to achieve these objectives.
-Develop new legislation, or amend existing laws, to incorporate the latest threats and technologies and ensure there are clear sanctions and enforcement mechanisms.
-Creation of a Cyber Incident Response Center (CERT/SOC) which will be a national technical reference for the management, coordination and investigation of incidents.
-National controls and standards that government agencies and vital services are required to implement, for example data encryption, access control and vulnerability assessment.
-Capacity building: training programs, professional certificates, universities teaching cybersecurity specializations, cooperation with private and international sectors.
-Monitoring and early warning systems: attack monitoring, risk analysis and immediate response networks.
-Community awareness: awareness campaigns aimed at users, schools and institutions, to promote a culture of digital security and how to protect data.
-Technical infrastructure: support investments in data centers, local cloud computing, secure networks and communications infrastructure.
-Institutional coordination: Cooperation between the ministries of Interior, Defense, Communications, Justice and other regulatory bodies to ensure integration of efforts in Sudan.
Third: the challenges that the Authority may face
1. Lack of specialized financial and human resources:
The number of qualified cybersecurity personnel may be low, and equipment and technology may be expensive.
2. Political and security stability:
Conflict and division affect digital infrastructure, and internet outages are sometimes a tool of conflict.
3. Weak public infrastructure:
-Low connectivity, low network coverage and weak technical protection in some areas.
4. Lack of precise or updated legislation:
-Old laws may not keep pace with modern threats such as artificial intelligence, the Internet of Things (IoT), and cross-border digital crime.
5. Low public awareness
Unsafe internet use, neglect of personal protection and lack of training in small and medium-sized businesses:
6. Privacy and freedoms
There is a risk that censorship powers will be used in the name of security to exert unwarranted surveillance of users or to stifle free speech.
7. Coordination between agencies
The presence of overlapping powers, institutional differences or lack of coordination between security and civilian authorities.
8. Sustainable financing
Where does the money come from? Does the central government provide it? Or through cooperation with the private sector or international organizations?
9. Technical challenges
Continuously update systems, monitor evolving threats, secure cloud computing and international or cross-border threats.
Fourth: Future prospects for digital sovereignty:
If the authority is well established and activated, here are some of the opportunities and possibilities:
-Digitize government services securely, increasing government efficiency and making it easier for citizens and the private sector.
-Attract investments in information technology and cybersecurity and stimulate emerging companies in this area.
-Build digital trust among citizens and investors, which supports digital transformation and economic growth.
-The possibility of Sudan becoming a regional cybersecurity center in Africa, if infrastructure and personnel are strengthened.
-International partnerships with institutions such as the African Union, Internet Organization and international companies to follow the latest methods and receive technical assistance.
-Include Sudan in global cybersecurity indicators, which could improve national reputation and open opportunities for cooperation and exchange.
-Invest in research and development, universities and colleges to produce local research adapted to the local cyber threat context.
God is the Giver of success, payment and lasting success
