In this exclusive interview granted to Maroc Hebdo, the General Directorate of Information Systems Security (DGSSI) discusses the cybersecurity threats weighing on the kingdom, as well as the strategy put in place by Morocco to protect its strategic infrastructures from external information threats. For reasons relating to the duty of confidentiality, Maroc Hebdo, in conjunction with the General Directorate of Information Systems Security (DGSSI), will not reveal the identity of the manager who answered our questions.
Why is the security of information systems an important issue for national defense?
Information systems (IS) security is crucial to national defense because it protects critical infrastructure, sensitive data and vital state operations. Cybersecurity helps prevent cyberattacks that could compromise national sovereignty, public safety, and the country’s economy. Information systems manage data essential for defense and security, their compromise could have disastrous consequences on the ability of the State to function and protect its citizens.
How does Morocco protect itself from cyberattacks by its adversaries?
Since 2011, Morocco has been committed, under the Enlightened Leadership of His Majesty the King, on the path to strengthening its national information systems security capacities and consolidating digital trust. Morocco protects itself from cyberattacks through a series of legislative, regulatory and technical measures. Law 05-20 on cybersecurity establishes a binding legal framework to secure the information systems of public entities and infrastructures of vital importance. Key measures include regular audits, implementation of security policies, and mandatory reporting of security incidents.
In addition, Morocco is developing cyber threat monitoring and detection capabilities and working with national and international partners to strengthen its resilience against cyberattacks. To improve its cybersecurity, Morocco is focusing on several strategic axes. These include maintaining and strengthening the legal and normative framework, improving national coordination mechanisms, and promoting the implementation of cybersecurity standards and norms. It also involves strengthening national capacities for prevention, management and response to cyber incidents and crises, as well as consolidating the resilience of vital infrastructure information systems.
Developing a cybersecurity culture within society, strengthening human resources capacities in cybersecurity, and supporting the development of the national cybersecurity ecosystem and innovation are also priorities. Finally, Morocco aims to strengthen and promote active participation at the regional and international level on cybersecurity issues and to develop bilateral cooperation.
What is the Moroccan strategy regarding the security of its information systems?
For a reliable, secure and resilient national cyberspace, capable of supporting the digital transformation of the Kingdom, promoting economic prosperity and ensuring the well-being of citizens, Morocco is articulating its information systems security strategy around four main pillars, namely national cybersecurity governance, security and resilience of national cyberspace, capacity development and awareness and finally regional and international cooperation.
Technology is constantly changing and progressing. How does the general management of information systems security organize itself so that its staff remains at the forefront of the latest developments?
To stay at the forefront of technological developments, the General Directorate of Information Systems Security (DGSSI) sets up continuing training programs and simulation exercises. It also encourages research and development in cybersecurity. The DGSSI works in collaboration with national and international organizations to share best practices and the latest innovations in cybersecurity. Initiatives such as the certification of sensitive information systems and the establishment of SOC (Security Operation Center) services are also measures adopted to maintain a high level of technical competence.
What are the information threats that Morocco faces?
Morocco faces various information threats, including ransomware attacks, Advanced Persistent Threat (APT) attacks, and social engineering attacks. These threats aim to compromise the confidentiality, integrity and availability of information systems. Rapidly evolving cyberattack techniques, such as deepfakes, also increase the risks of fraud and misinformation. State-sponsored cyberattacks represent another growing threat, exacerbated by global geopolitical tensions.
