Project

Sierra Leone National Cyber Risk Assessment (NCRA)

In 2019 the UK Home Office engaged with the Ministry of Information and Communications (MIC) in Sierra Leone as part of its Commonwealth Cyber Programme.  Sierra Leone had not undertaken a CNI cyber risk assessment before.

 

The local NCRA team (made up of both government and private sector representatives) bought together multiple key critical national infrastructure sectors to establish a baseline of risk to their critical information infrastructure. UK Government provided expert guidance and analytical training to build the capability within Sierra Leone. The UK team also supported analysis of the results enabling the local team to develop a list of key priorities for future investment.

This process took 5 months August 2019-January 2020 and MIC has committed to repeating the process periodically; Sierra Leone now has a national capability. A results report was developed with an agreed list of recommendations. The local team also committed to working with each sector/organisation to share and further analyse the individual results in order to take forward the prioritised capability gaps.

From the UK team’s perspective, the key outcome from the process was the improved relationship between the host Government and their private sector. The activity was the catalyst required by the host Government to bring the various private sector stakeholders together for the first time. As a testament to bringing people together and the hard work by the local teams to build relationships, any initial distrust was transformed into strong relationships being built as the process went on. For example, a telecoms company reported a cyber-attack to the Government of Sierra Leone which they openly admitted they would not have done prior to the NCRA process.

Training a hybrid team demonstrates the value of the NCRA and how it brings stakeholders together to build strong and trusted relationships; but it also showcases that cyber security is not just an issue for government. It is everyone’s responsibility.

Within the 3-workshop NCRA approach, the UK team has embedded an immersive cyber exercise. They delivered the exercise with the assistance of the local team at the NCRA Results briefing with the sector stakeholders in order to highlight the dependencies between sectors and the importance of building resilience.


The Cybil project repository is being continuously updated, and the information it contains is either publicly available, or consent for publication was given by the owner. Please contact the portal manager with any additional information or corrections. Whilst every reasonable effort is made to keep the content of this inventory accurate and up to date, no warranty or representation of any kind, express or implied, is made in relation to the accuracy, completeness or adequacy of the information contained in these pages.