1. Introduction

Every country has critical infrastructure that makes it function. These critical infrastructures vary between countries as they are identified based on a country’s national risk assessment. They include energy and water supply, telecommunications, financial systems, and government services. In Africa, these infrastructures are increasingly monitored and controlled through networks and systems connected to the Internet.  Cybersecurity threats exploit the increased complexity and connectivity of such infrastructure, placing a country’s security, economy, and public safety and health at risk.

These interconnected information and communication infrastructures are referred to as Critical Infrastructures (CIs) and Critical Information Infrastructures (CIIs). A cybersecurity incident impacting the CI and CII can disrupt social order, the delivery of essential services, and the economic wellbeing of a country.  It is therefore imperative that a nation puts in place strategies, policies and activities that provide for the identification, security, and protection of the CI and CII using a risk-management approach.