Definition of Data

Main Focus of Document

Strategies to respond to cyber threats and measures to protect cyber security

Target Beneficiaries or Sector

government, citizens, businesses

Key Elements

The National Cyber Security Strategy defines Mauritius' main goals, guidelines and action plans to respond effectively to cyber threats. It also recognises the need to balance measures intended to protect security. The Strategy emphasises the importance of a collaborative partnership between government, corporate and private stakeholders to safeguard Mauritius' information infrastructure. To this end, the Strategy sets out the following roles for different stakeholders within a collaborative framework for cyber security:
- Ministry of ICT: Project owner and responsible for establishing the necessary legal framework for strategy implementation;
- National Cyber Security Committee: Decision-making body to oversee and monitor implementation, lead activities and escalate functions to resolve important issues and emergencies;
- National CERT: Advisory body for information security issues, responsible for implementing outputs generated by the cybersecurity committee, handling and coordinating cyber security incidents, monitoring and analysing the information security situation nationally, preventing the occurrence or recurrence of cyber incidents, promoting the adoption of best practices in information security and compliance, and interacting with government agencies, industry and the research community;
- Law enforcement: Prevention, investigation and prosecution of cybercrime;
- Regulatory bodies: Establish, control and enforce regulations related to cyber security and encourage organisations to adopt security best practices and guidelines;
- Critical sectors: To facilitate identification, prioritisation, assessment and protection of critical information infrastructure;
- Prime Ministers Office: Advise and support implementation of the strategy;
- IT Security Unit: Establish IT security best practices and promote implementation of security standards within the civil service;
- Data Protection Office: Advisory body on data protection and privacy issues;
- Academia: Encourage R&D, collaborate with industry in frontline technologies, develop education and training programmes for students and information security professionals;
- Private sector: Advise on products/services critical to information infrastructure operators, provide strategic insight on security architecture, operations and risk management approaches, provide patches and mitigation strategies.

A Strategic Action Plan for the period 2014-2019 guides implementation of the Strategy, with specific projects under four main goals:
Goal 1 - To secure Mauritius' cyberspace and establish a front line of defense against cybercrime
- set up a Cyber Threat Monitoring System;
- set up a content filtering system to block illicit materials in ICT devices;
- establish a mechanism for removal of illegal contents;
- conduct cyber security drills;
- enhance law enforcement capability on cyber security;
- international and regional cooperation on cybercrime;
- enhance the security of cyberspace through PPPs and collaborative engagement;
- assess the legal framework to develop a dynamic framework, review periodically.

Goal 2 - To enhance Mauritius' resilience to cyber attacks and ensure the country is able to defend against the full spectrum of threats
- develop and implement a Critical Information Infrastructure Protection framework;
- develop and implement a Cyber Crisis Management Plan;
- provide fiscal schemes and incentives;
- create a national test-bed for network security;
- adopt a Cyber Security Controls Scheme for protection against cyber threats.

Goal 3 - To develop an efficient collaborative model between authorities and the business community to advance national cyber security and cyber defense:
- promote information risk management at national level;
- promote universal adoption of information security standards at national level;
- promote secure software development;
- promote designation of senior information security personnel within organisations;
- promote implementation of information security standards in the civil service;
- prmote e-government initiatives and ensure conformance to security best practices;
- adopt guidelines for procurement of ICT products;
- conduct mandatory information security audit;
- collaborate with industry for R&D;
- establish a collaborative framework with vendors and service providers to improve the visibility, integrity and security of ICT products.

Goal 4 - To improve cyber expertise and comprehensive cyber security awareness across all levels of society
- promote security certifications and training from renowned international organisations;
- establish cyber security training programmes for SMEs;
- improve education involvement with cyber security at all levels through curriculum development and research;
- improve cyber security awareness and education in the civil service;
- organise international cyber security annual events.

Policy/Regulation Mirrors

n/a