Enhancing Cyber Resilience for Malawi’s Education and Research Infrastructures
Funding Area: Community governance / Gobernanza comunitaria
Problem Statement: Malawi continues to make noteworthy investments in ICT including advancement on international and in-country fibre cables and establishment of a dedicated network for education and research institutions. Significant progress is made on expanding digital platforms in academic setting including (i) Management Information Systems at all levels (ii) Learning Management Systems (iii) digital platforms to enhance research. The policies and strategies in the education sector are currently enabling the digital developments. As the level of digitalization increases, the level of cyber-risk will continue to heighten. At present for education and research institutions, despite knowledge of the cyber threats, there is no central coordination unit to serve as a mechanism for proactively countering existing and potential vulnerability of research infrastructures to cyber-attack. The local academic institutions have limited and skills to counter cyber-attacks (MAREN, 2019, unpublished). These gaps exist amidst Malawi’s poor ranking on cybersecurity with an index of 36.83 (ITU, 2023). There is a need to act swiftly in establishing a coordination unit for cybersecurity operations for education and research as an Academic Computer Emergency Response Team (CERT).
Proposed Activities: The project will draw on collaborative approach for supporting the establishment of the Computer Emergency Response Team (CERT) for research and education in Malawi. The project will contribute to the development of the governance structure, charter and commissioning the host for the CERT in Malawi Research and Education Network (MAREN). The Academic CERT will align to Malawi CERT as a sectoral team to ensure linkage to the national cybersecurity strategies and regulations. MAREN plans to carry out the project through the following activities: Activity 1.1 Consultative Workshop – The activity will involve conducting 3 regional consultative workshops which will convene heads of convening education and research institutions, government ministry of Education, Science and Technology, E-government, Malawi CERT and Malawi Communication Regulatory Authorities. The Workshop will cover raising awareness on cybersecurity, data breaches, system vulnerabilities, and other critical technology emergencies. The workshop will involve planning, designing and building consensus on the establishment of an Academic CERT. Activity 1.2 Formulation of the Academic CERT and development of the CERT Charter – The project will facilitate series of follow-up and consultations on the establishment of the Academic CERT and meeting of Boards of the research and education Institutions for approval of the structure of the CERT. The Activity will also cover the collaborative development of a comprehensive charter for the CERT to provide collaboratively develop a comprehensive charter for the CERT to outline the purpose, structure, roles, responsibilities, procedures, and guidelines to ensure an effective and coordinated team. The charter will cover governance structure of the CERT, Operational Team structure, Services, sustainability model. Through the project the policies and standard operating procedures (SOPs) will be developed relating to information classification and protection; record retention, destruction, dissemination, open information access, appropriate usage of CERTs system; computer security events and incidents definition, incident handling, and joint response and monitoring. The activity will spun 8 months of project implementation. Activity 1.3 Launch of the Academic CERT - The CERT will be formally launched to set its official establishment. The activity will be used to raise public awareness on the CERTs operations and introduce the CERT's services to educational institutions and encourage them to start utilizing the CERT's resources and expertise for enhancing cybersecurity. The launch will involve representatives from research and educational institutions, Government officials and policymakers, IT administrators and cybersecurity professionals from educational institutions and Media representatives
Openness: The openness of the project activities and the resultant cyber resilience support system that will be operationalized through the Academic CERT will be integral to achieving the project goal for ensured participatory action on addressing cybersecurity vulnerability in research and education institutions. The openness of the project would be demonstrated in (a) The collaborative and collective process on the development of the CERT Charter, policies and related documents and establishment of the mechanism achieved through consultations and joint development. (b) The Academic CERT standards for Malawi will draw on open frameworks at international level particularly using RFC2350, hence the project will support application of the standards to localized and sectoral setting. (c) The Project will ensure that documentations for the CERT are publicly accessible through development of CERT Website and shared through IOI platforms. The project activities including consultations and stakeholder meetings and launch of CERT will feature in press articles, published in local papers, MAREN’s website, blog-post and social media including Facebook, twitter and LinkedIn. The project ultimately enhances open access to cybersecurity protection for all academic and education institutions in Malawi for safeguarding valuable data, intellectual property, and digital infrastructure.
Challenges: MAREN is aware of potential challenges associated with the project and provides mitigation measures. Firstly, the cybersecurity landscape is an upcoming and highly evolving area hence requires thorough understanding by policy makers, however few stakeholders understand it. This limitation may lead to resistance in adopting and advancing initiatives of cybersecurity. The project incorporates awareness for policy makers and makes use of relevant case studies and best practices in cyber governance for instance making reference to the current cyber-attack in Kenya and prevailing challenges with mobile money fraud in Malawi to demonstrate the need for enhancing cybersecurity and compel stakeholders in academia to adopt the CERT. The limited understanding of linkages between cybersecurity being both technical and policy, leading heads of institutions to delegate the participation in the processes to junior ICT officers. The importance of managerial and policy position on cyber security across the research and education institutions including the Ministry of Education is recognized; The project will ensure that key heads of institutions are at the forefront of processes to setup the academic CERT including ensuring that they understand the need for prioritizing cybersecurity. Lastly, the challenge relating to limited technical capacity on cybersecurity among the academia in Malawi which will require the support from MAREN along with Industry Experts from mwCERT and other NRENs.
Neglectedness: Currently there is limited initiatives related to infrastructure, skilled personnel, and advanced technologies particularly on cybersecurity enhancement in Malawi and MAREN has not come across funding opportunities for establishment of CERT for research and academic institutions. Considering the level of developments and evolving area, it would be of paramount importance to secure resources to operationalize the CERT for the research and education sector in Malawi which would contribute to governance.
Success: MAREN through the project will undertake reviews and monitoring to establish the positive results of the project which will be measured among other things by (i) achieving consensus and recognition among relevant stakeholders, including universities, research institutions, and government bodies, on the necessity and value of establishing an academic CERT which will be documented in agreements, official endorsements, and active participation from key players in the consultation and development processes for the CERT formulation. (ii) Obtaining formal approval for the Academic CERT Charter from the MAREN and other any relevant governing body including Malawi CERT. (iii) Increased level of awareness among research and education institutions on CERT’s role and support on cybersecurity demonstrated by the number of research and education institutions participating in the processes is perceived as a valuable asset for academic institutions. (iv) The documentation and Press articles on the Academic CERT and its services and (v) initiation of the operations for the academic CERT staffed, trained, and equipped with the necessary tools and resources to effectively respond to cybersecurity incidents.
Total Budget: US$24998
Budget File: pdf
Affiliations: The proposal is affiliated with the Malawi Research and Education Network (MAREN), the National Research and Education Network (NREN) for Malawi and which is recognized as such by the Government of Malawi.
LMIE Carveout: The project fits well with LMIE CarveOut based on MAREN work location in Malawi as part of LMIE where the Project will be implemented. The increased levels of digitalization in Malawi for research and education sector increase the risks of cyberattacks and for a coordinated response, communities need to come together to form CERTs as coordination points for cybersecurity response. Currently, Malawi falls into the category of highly cyber vulnerable countries as such the proposed academic CERTs in Malawi could significantly enhance the cyber-resilience in academia and better prepare institutions to address the growing challenges posed by cyber threats. The CERTs approach which would build a dedicated team would be a more economically viable cybersecurity measure suiting Malawi as LMIE.
Team Skills: MAREN commits a diverse team of 7 experts to implement the project. The project will be led by Solomon Dindi who has over 17 years’ experience in community mobilization including connectivity for Higher Education, Malawi Open Learning Initiative, Integration of MISs in Government, Development of Higher Education Management Information System, constitutional review for MAREN (2) Christopher Banda (head of mwCERT) - an enthusiast of Cybersecurity. Has been instrumental in the establishment of mwCERT (3) Zanga Chimombo has over 20 years’ experience having led successful ICT transformation projects in diverse sectors including insurance and telecom paying special attention to cyber-resilience. (4) Alex Chipalamwazani has been working with corporate and academic networks for more than 8 years. His skills include designing and implementing robust network security measures and managing complex network infrastructures. (5) Jones Kumwenda is a seasoned software developer with over 7 years of experience in developing MISs. He is skilled in cloud security practices and in secure coding principles and standards. (6) Grace Dzoole is a seasoned finance professional with over 20 years’ experience in both private and public sectors, including audit. She has previously managed the financial resources of over USD 2 million revenue firm and adequately managed the reporting requirements. (7) Trot Makasu is a skilled telecom engineer with interest in fibre technologies and network security.
How Did You Hear About This Call: Word of mouth (e.g. conversations and emails from IOI staff, friends, colleagues, etc.) / Boca a boca (por ejemplo, conversaciones y correos electrónicos del personal del IOI, amigos, colegas, etc.)
Submission Number: 114
Loading