Hertta-Maria Amutenja
Namibia’s cybersecurity resilience continues to rely on international threat intelligence systems as the country develops its own regulatory and incident response frameworks, the Communications Regulatory Authority of Namibia (CRAN) has said.
Responding to questions from the Windhoek Observer regarding the possible impact of global disruptions, such as the uncertainty surrounding MITRE’s CVE program in the United States, CRAN said Namibia’s approach to managing cybersecurity threats is supported by systems like the Common Vulnerabilities and Exposures (CVE) database.
“CRAN, through the Namibia Cyber Security Incident Response Team (NAM-CSIRT), enforces regulations to ensure cybersecurity resilience and consumer protection and encourages application service providers to rely on CVE alerts to manage cybersecurity threats,” CRAN spokesperson Mufaro Nesongano said.
CRAN said that while Namibia has taken steps to establish legal frameworks through the Cybercrime Bill and the Data Protection Bill, the country’s cybersecurity regulations remain relatively nascent compared to global standards.
Nesongano said Namibia’s policies are influenced by regional initiatives, such as the African Union’s efforts and collaborations with international standardisation bodies like the International Organisation for Standardisation (ISO), the National Institute of Standards and Technology (NIST), and the Centre for Internet Security (CIS).
Regarding safeguarding cybersecurity, if global databases like MITRE’s CVE become inaccessible, CRAN said that organisations in Namibia maintain internal vulnerability databases, use Extended Detection and Response (XDR) systems, and share threat information through platforms like the Malware Information Sharing Platform (MISP).
“It is important to note that the MITRE CVE database is not the only platform that provides CVE ratings, as CVEs are released by various credible international threat sources globally,” Nesongano said.
He added that it plans to strengthen domestic cybersecurity capabilities through NAM-CSIRT by implementing robust regulatory frameworks, improving incident response mechanisms, and fostering collaboration between government, the private sector, and international partners.
“While specific upcoming projects may not be publicly detailed, CRAN’s focus remains on creating a secure digital environment, aligning with global best practices, and ensuring Namibia’s resilience against evolving cyber threats,” he said.
Earlier this year, Namibia recorded approximately 1.1 million cyberattack incidents, including a significant breach at Telecom Namibia where 626GB of sensitive data was exposed. Cybersecurity experts have warned that these incidents target businesses, government entities, and individuals, involving fraud, phishing scams, and ransomware attacks.
The Cybercrime Bill has been under development for nearly two decades, with delays attributed to challenges such as aligning Namibia’s laws with global cybersecurity agreements like the Budapest Convention on cybercrime and concerns from civil society about data protection provisions.
