National Cybersecurity Strategy and Action Plan for São Tomé and Príncipe

Icon

São Tomé and Príncipe is a small island nation in the Gulf of Guinea, off the western equatorial coast of Central Africa. The Government of São Tomé and Príncipe, supported by the World Bank, has been undertaking an investment program under the Digital São Tomé and Príncipe project to strengthen its ICT sector. The project has several components, such as investment in telecommunications infrastructure, foundational digital government platforms, improvement of connectivity to schools and cybersecurity. The World Bank has provided funding from the World Bank Cybersecurity Trust Fund to help support the development of cybersecurity capacity in the country and prepare it for the investment in cybersecurity that is included under the project scope.

As the country’s cybersecurity capacity is nascent, one of the priorities under the project was to assist the government with developing a strong basis in legal framework in terms of cybersecurity. For this reason, NRD Cyber Security was engaged by the World Bank to support the Government São Tomé and Príncipe in developing a National Cybersecurity Strategy and Action Plan.

Specifically, the NRD Cyber Security had to:

Identify relevant stakeholders for engagement, as well as the establishment of the governance mechanisms for the development of the national strategy
Lead consultations and technical workshops to gather information and validate approaches with key stakeholders
Implement an assessment of the current cybersecurity landscape in São Tomé and Príncipe and associated risks and threat profile to the country
Develop the National Cybersecurity Strategy and Action Plan for the Government’s approval

During this process, the NRD Cyber Security was working closely with a wide range of stakeholders, involving them in various phases of assessment and strategy development. Some local authorities, such as the Institute for Innovation and Knowledge (INIC), the national telecommunications regulator (AGER) and the national data protection agency (ANPDP) and others, were particularly involved and helped the team clearly understand the national priorities.

Icon

Recent developments

Recently, the new government of São Tomé and Príncipe has approved the strategy which now enters the phase of implementation. The adoption of the strategy is a significant milestone in the country’s efforts to move towards a more cyber mature and resilient posture. Generally, national cybersecurity strategies boost nations’ defense postures, support economic growth and may even attract foreign investments due to increased trust in digital services, increase nations’ international reputation and position countries higher in the international cybersecurity rankings.

Expected impact

The implementation of the National Cybersecurity Strategy of São Tomé and Príncipe will deliver numerous benefits for the country – ranging from enhanced and centralized cybersecurity coordination, stronger capabilities to identify and respond to incidents, and the promotion of digital awareness and literacy, to the clear identification and regulation of critical assets and cybersecurity operators, as well as an improved national defense posture through the establishment of a CSIRT, among many others.

One of the major activities under the approved strategy is the national CSIRT establishment. Under a new World Bank project, the NRD Cyber Security is working with local authorities to assist them in establishing this new cybersecurity capability in the country and help São Tomé and Príncipe become an even more mature and resilient country.

São Tomé and Príncipe story in Portuguese.

“São Tomé and Príncipe is undergoing a significant digital transformation, with the potential to unlock a dynamic service-driven economy. As we work towards a centralized and coherent approach to key digital pillars – such as interoperability, digital identity, and electronic signatures – it is equally essential to address the foundational need to safeguard our national data, a strategic asset of growing importance. The adoption of a comprehensive National Cybersecurity Strategy and Action Plan reflects our commitment to strengthening the country’s cyber defense posture. This initiative aims to ensure the integrity, confidentiality, and availability of our digital infrastructure, while fostering a secure enabling environment for sustainable digital growth.”

Daniel Vaz, São Tomé and Príncipe Digital Project Manager

Icon

You can also read São Tomé and Príncipe story in Portuguese

São Tomé e Príncipe adota Estratégia Nacional de Cibersegurança

Other stories

CISO services for the ROIX crowdfunding platform
CISO services for the ROIX crowdfunding platform
CyberSOC managed SOC services in the Bank of Botswana
CyberSOC managed SOC services in the Bank of Botswana
Natrix and CyberSet deployed for CSIRTMalta
Natrix and CyberSet deployed for CSIRTMalta
Natrix threat monitoring platform for Egypt's financial sector
Natrix threat monitoring platform for Egypt's financial sector
Assessment of the technical and organisational security defences for the Central Bank of Botswana's infrastructure
Assessment of the technical and organisational security defences for the Central Bank of Botswana's infrastructure
Assessment of the technical and organisational security defences for the Bank of Guyana's infrastructure
Assessment of the technical and organisational security defences for the Bank of Guyana's infrastructure
Sectorial CSIRT for energy sector in Kosovo
Sectorial CSIRT for energy sector in Kosovo
Cybersecurity Fusion Centre Capacity Building for the Central Bank of Nigeria
Cybersecurity Fusion Centre Capacity Building for the Central Bank of Nigeria