Ethiopia: Information Network Security Administration issued ruling in cybersecurity investigation into infrastructure providers

On 28 October 2023, the Information Network Security Administration (INSA) issued rulings in the investigation into cybersecurity vulnerabilities affecting infrastructure providers operating in the domains of cloud computing, storage and databases, and internet and telecom services. The investigation identified 657 risk-level gaps across 123 institutions. Of these gaps, 187 were classified as high risk, 273 as medium, and 192 as low risk. The investigation attributed these vulnerabilities to a lack of financial resources, inadequate IT infrastructure, and insufficient expertise. The INSA stated that the government aims to mitigate these risks through enhanced cybersecurity regulations and risk-based approaches, aiming to support Ethiopia's resilience against cyber threats.