In a landmark move driven by its active participation in the ICT Policy & Regulation – Institutional Strengthening (iPRIS) programme, the Information and Communication Technologies Authority of Mauritius (ICTA) has announced comprehensive cybersecurity guidelines for all licensed telecommunication operators. These guidelines are designed as robust self-assessment tools, enabling operators to critically evaluate and enhance their security preparedness. The guidelines are available here
ICTA delegates part of the second round of iPRIS
Three ICTA representatives, Mr. Trilok Dabeesing, Director of IT, Ms. Priya Chutoorgoon, Legal Officer, and Mr. Pralash Nahullah, Engineer, Licensing officer, are currently engaged in the 13-month-long iPRIS peer-to-peer learning programme as part of the second iPRIS Cohort (2024 A). iPRIS aims to bridge the digital divide by boosting the capacities of African telecommunications regulatory bodies through peer to peer learning.
In May 2024, they started the peer-to-peer learning programme by participating in an intensive three-week peer-to-peer learning session in Stockholm Sweden. The sharing of best practices among African and European peers during the iPRIS European Phase in May significantly inspired ICTA’s efforts to strengthen cybersecurity measures within the telecom sector.
The intensive session for the 2024 A cohort included participation by European (PTS and ILR) and African NRAs from Gambia, Lesotho, Rwanda, Tanzania, Uganda, and South Africa and regional regulatory bodies from West, East, Southern, and Central Africa.
The NRAs represented in the 2024 A cohort include The Gambia’s Public Utilities Regulatory Authority (PURA), Lesotho Communications Authority (LCA), Rwanda Utilities Regulatory Authority (RURA), Independent Communications Authority of South Africa (ICASA), Tanzania Communications Regulatory Authority (TCRA), and Uganda Communications Commission (UCC).
Strengthening the ICT security framework of Mauritius
These newly issued guidelines represent a pivotal step towards strengthening the security framework of Mauritius’ telecommunications infrastructure. They reflect the nation’s commitment to staying ahead of evolving cyber threats and ensuring resilient digital connectivity.
“In Mauritius, telecom companies have traditionally self-regulated their security standards. However, in response to the rapidly escalating cyber threat landscape inherent in IP networks, there is a need to mandate that telecom service providers better manage security risks. The guidelines will not only enhance the security and resilience of nationwide infrastructure but also improve the management of security risks within their supply chains, including third-party suppliers”, Mr. Trilok Dabeesing, Director of IT at ICTA.
The authority will use these guidelines as a benchmark to issue forthcoming regulations to all telecommunication operators. These regulations will be issued at least six months after the date of issuance of the present guidelines and will be grouped into the following categories:
- Technical Measures: These will include measures to strengthen the security of networks and equipment by reinforcing the security of technologies, processes, people, and physical factors.
- Strategic Measures: These will cover increased regulatory oversight by the ICT Authority to scrutinize network procurement and deployment, address risks related to non-technical vulnerabilities (e.g., dependency risks), and promote a sustainable and diverse supply and value chain to avoid systemic, long-term dependency risks.
“The current 5G rollout necessitates a robust security regulatory framework due to its software-driven and virtual nature. Initially, based on these guidelines and forthcoming regulations, the first Directive to be issued by the Authority will extend them to other licensees”, Mr. Trilok Dabeesing, Director of IT at ICTA.
The guidelines are based on 29 security objectives aligned with the work of the European Union Agency for Cybersecurity (ENISA). These objectives outline security measures and evidence for their implementation. By implementing these guidelines and forthcoming regulations, Mauritius aims to enhance the security and resilience of its telecommunication infrastructure in the 5G era.
-END-
About iPRIS
ICT Policy & Regulation – Institutional Strengthening (iPRIS) contributes to bridging the digital divide by boosting the capacities of African telecommunications regulatory bodies. Engaging 43 countries in Africa, iPRIS aims to enhance inclusive digital connectivity and drive social and economic prosperity using ICT.
iPRIS provides peer-to-peer capacity-building for African National Regulatory Authorities and Regional Regulatory Organisations. It stems from the recognition of the significance of ICT policies and regulation in promoting digital inclusion, equitable access to the Internet, consumer rights protection, and personal data safeguarding.
The iPRIS project is implemented by SPIDER (the Swedish Program for ICT in Developing Regions ), The Swedish Post and Telecom Authority (PTS), and the Luxembourg Regulatory Institute (ILR). SPIDER coordinates the project and offers its expertise in the digital international development sector and in Diversity, Equity, and Inclusion (DEI). PTS is regulation content and policy lead for the project. ILR brings its expertise in European regulation and policy for the French speaking countries.
iPRIS is funded by the European Union, Sweden, and Luxembourg as part of the Team Europe Initiative “D4D for Digital Economy and Society in Sub-Saharan Africa” (Code: 001).
For more information, please contact
Ms. Edna Soomre
Project Lead iPRIS
ipris@spidercenter.org