The Chief Product and Engineering Officer at Irembo, Patrick Ndjientcheu, on November 16, highlighted the challenges and strategic approaches to ensuring the security of critical national infrastructure in the era of digitized government services. He was speaking on a panel discussion as part of the African Cyber Defense Forum (ACDF) 2023, taking place in Kigali from November 14 to 17. Ndjientcheu said that Irembo prioritizes security in all aspects of their work and integrates it into their design process. “Monitoring their services continuously and being proactive in addressing potential threats are key practices in ensuring security,” he said. “We also ensure internal staff's adherence to security measures and implement a concept of ‘zero trust’ to avoid relying solely on intentions but rather on reliable functioning.” Discussing the top cyber security threats facing critical national infrastructure in Rwanda, Ndjientcheu underlined the Distributed Denial of Service (DDoS), a sophisticated attack that aims to flood a system with very high fake traffic in order to prevent legitimate users from accessing a certain platform. Irembo set up standard security controls to block them. According to Ndjientcheu, web application vulnerabilities and data leaks are other top cyber threats. “As digital platforms collect citizens' data, there is also a risk that compromised systems may leak data. As systems become more integrated, a vulnerability on one platform can be exploited to access data on another platform if the right protection mechanisms are not in place,” he explained. Ndjientcheu also highlighted the challenges to safeguarding critical national infrastructure in Rwanda, including the lack of highly skilled security talent. He said: “Systems are built by people, and when they are highly skilled in security, it improves the security posture of their applications.” Other challenges are related to processes and supply chain dependencies. “Designing and executing strong processes ensure that people consistently apply security controls,” said Ndjientcheu. “Supply chain dependencies are also a challenge because, today, companies rely on complex and interconnected third-party systems to build, ship, and run digital platforms. Therefore, securing the supply chain from design to deployment is crucial to maintain cyber resilience.” To ensure security at Irembo, Ndjientcheu said, the first pillar is to empower their security team with the right skills, processes, exposure, and tools to protect their digital platforms. “The second pillar is to embrace the principle of security by design. Security should not be an afterthought but a requirement that is taken into consideration when the product is being designed.” Collaborating with other stakeholders such as the National Cyber Security Authority (NCSA), threat intelligence providers, and the wider cyber security community is fundamental to protecting users against potential threats before they become security incidents, he added.