The government of Rwanda has embarked on developing a cyber security policy and strategy as response to the growing cyber threat and improving cyber security for individuals, businesses, critical national infrastructure and government.
Rwanda’s goal to be a regional ICT Hub, and considering current ICT industry growth trends, has made Cyber security a compelling priority for Rwanda. Cyber Security was identified as a key priority for the third phase of NICI, in order to ensure secure management of all deployed ICT assets that support Rwanda’s ICT goals. The cyber security policy for Rwanda shall create a framework for defining and guiding the actions related to security of cyber space. The policy framework should provide the foundation required to ensure that initiatives by public and private sectors continue to enjoy consistent and undiminished support throughout the coming years, up to realization of the visions encompassed in the afore-mentioned strategy documents. The cyber security policy is developed in line with national, regional and international recommendations on cyber security, including but not limited to, International Telecommunication Union (ITU), Africa Union (AU) and East Africa Community (EAC) recommendations
The goals and objectives of the National Cyber Security Policy are as follows:
- Build cyber security capabilities for detection, prevention and response to cyber security incidents and threats;
- Establish an institutional framework to foster cyber-security governance and coordination;
- Strengthen legal and regulatory frameworks, as well as promote compliance with appropriate technical and operational security standards,
- Promote Research and Development in the field of cyber security;
- Promote Cyber Security Awareness in all sectors and at levels in order to build a culture of security within country;
- Promote National, Regional and International Cooperation in the field of cyber security;
There are eight key policy areas:
- Cyber security capabilities;
- Institutional framework for cyber security;
- Cyber security legal and regulatory framework;
- Critical information infrastructure protection;
- Government cyber security enhancement program;
- Cyber security capacity building and awareness;
- Building a cyber security industry;
- International cooperation.
The Policy establishes an agency responsible for national cyber security and the development, implementation and coordination of the national cyber security initiatives. It also establishes the National Cyber Security Advisory Board which provides guidance.