The Current Status of Cyber Security in

Ethiopia
Kibreab Adane*

The increase in cyber attacks in Ethiopia has become a crucial point. Ethiopia is a low-income
country and cannot afford the cost data breaches. Unless institutions in Ethiopia give careful
attention to the protection of their valuable assets such as people, information, technology and
facilities from evolving cyber attacks, their overall security, privacy and credibility will be a
question mark. The paper attempts to present the current status of cyber security in Ethiopia
and answers the following key questions: (1) Is there any research or experts report in relation
to cyber security in Ethiopia? (2) What are the significant contributions made by prior researchers?
and (3) What are re-searchability gaps in the reviewed research? Qualitative techniques are
used to analyze the data. The findings reveal that currently Ethiopia has no standardized legal
cyber security framework, strategy and governance at the national level. Only 11.6% of
government institutions in Ethiopia have legal frameworks which are being at their trial level,
while the majority or 87.4% of them have no recognized legal frameworks to prevent cyber
attacks. In addition, lack of awareness and lack of expertise in cyber security also contributed
to the increasing level of cyber attacks in the country. To address the aforementioned issues
and challenges, some local researchers are developing cyber security frameworks and strategies
for some sectors such as banks, railway industries, Ethiopian Electric Power, Ethiopian Eectric
Utility and Ethio Telecom. However, those frameworks were not rigorously tested. Moreover,
to overcome the acute shortage of cyber security professionals and lack of cyber security know-
how in the country, future researchers should be focusing on the development of virtual
training system or intelligent security tutoring system, so that stakeholders in various institutions
can learn cyber security basics by interacting with the machine.

Keywords: Cyber security, Cyber attacks, Threats, Legal framework, Ethiopia, Information
Network Security Agency (INSA)

Introduction
Africa is confronting various Internet-related challenges in relation to the security risk,
intellectual property right violation and protection of personal data. Even though cyber
criminals target people from both inside and outside their country, most African
governments have neither the technical nor the financial capacity to identify and monitor
electronic exchanges, thought to be sensitive for national security (ECA, 2014).
It is believed that the number of cyber crimes of Africa cost an estimated total of $3.5
bn in 2017. This was supposedly due to weak infrastructure security, lack of skilled
human capital and lack of awareness of the sector’s dynamics Mathe (2019).

* Faculty, Computing and Software Engineering, Arba Minch University, Arba Minch, Ethiopia.
E-mail: [email protected]

The
© 2020
Current
IUP. All
Status
Rights
of Cyber
Reserved.
Security in Ethiopia 1

Electronic copy available at: https://ssrn.com/abstract=3545189

 However, some African countries such as South Africa and Kenya have realized
the importance of cyber security and are actively working on their laws, while others
are putting their cyber security policy together. Some of the reasons are: (1) lack of
security awareness; (2) shortage of local cyber security experts; and (3) lack of funds.
There are a high number of unauthorized software users, which is aggravating the
region’s virus and malware miseries. Financial losses due to lack of cyber security
controls are rising to more than a billion annually (African Cyber Security Market,
2015).
Despite the fact that no country can be invulnerable to the threat of cyber crime,
there is no well-organized report that demonstrates the exact prevalence and impact
of cyber crime in Ethiopia and to what extent the Ethiopian people are vulnerable.
This is partially due to the fact that organizations and individual users do not keep
organized records, and in some cases, are not even aware that they are targeted by
cyber criminals (Halafom, 2015). However, after the new Ethiopian Prime Minister
came to power in 2018 and made Institutional reforms, specially in Information Network
Security Agency (INSA), the number of cyber crime reports in the country started
increasing. Those reports are clearly articulated as follows:
Ethiopia started celebrating cyber security week for the first time in November 4 to
10, 2019 aiming at strengthening the cognitive ability of human power on cyber security
in both government and non-governmental institutions (INSA report by EPA, on
November 2, 2019). Despite the growing trends of using technologies in the Institutions
of Ethiopia, the awareness and capacity to prevent cyber attacks are still poor, and this
makes the situation even worse. Increasing awareness and building the capacity of
citizens and institutions in cyber security are among the next directions to be prioritized
by the government and other stakeholders (INSA report by ENA, on November 4,
2019).
Currently, Ethiopia has no well-standardized legal framework at the national level.
There has been an increased level of cyber attacks from 479, 576 to 791 per annum
during the past three successive years in Ethiopia, of which cyber hacking attempts
accounted for 15% of the attacks during the last nine months of 2018/19. Only 11.6%
of government institutions in Ethiopia have legal frameworks which are being at their
trial level, while a majority or about 87.4% of these institutions have no recognized
legal frameworks to prevent cyber attacks. The employees, partners, well-organized
criminals, cyber terrorists and government and non-government sponsored are
considered as the main sources of cyber attacks. In addition, lack of awareness on
cyber security, lack of well-trained human resources and also poor cyber security
governance at the institutional level contributed to the increasing level of cyber attacks
(Expert’s report by ENA, November 6, 2019).
INSA recorded a total of 538 cyber attacks in Ethiopia over the past nine months
of 2019/2020. Out of the total, a majority 263 (48.9%) of the attacks were ransomware
attacks, 106 (19.7%) unauthorized hacking systems, 105 (19.5%) web attacks, 54

2 The IUP Journal of Information Technology, Vol. XVI, No. 3, 2020

Electronic copy available at: https://ssrn.com/abstract=3545189

(10.04%) infrastructure targeted spying, 9 (1.67%) cyber infrastructure disruption and
1 (0.19%) internet fraud (INSA reports by FBC on May 2, 2020).
INSA has successfully thwarted cyber attacks initiated from Egypt. Egypt-based
hackers called Cyber Horus Group and AnuBis, have taken responsibility for the attack
attempts on 13 websites of public service institutions, security agencies and private
organizations in Ethiopia. If the agency could not prevent the cyber attacks, attempts
could cause significant economic, psychological and political damages in the country.
INSA insisted that both individuals and organizations have to take the necessary
safety measures to secure their websites (INSA reports by ENA, on June 23, 2020).
There is nonexistence of specific literature on the extent of cyber crime activities
in Ethiopia and insufficiency of the available statistics could lead to over- or
underestimation of the threat of cyber crime to Ethiopia (Halafom, 2015).
Hence, in order to alleviate the aforementioned issues and challenges, the researcher
rigorously reviewed the existing literature that focuses on cyber security in Ethiopia
and demonstrated the real picture of cyber security status in Ethiopia by extracting
the significant contributions and researchability gaps of the prior research.

2. Research Approach
In order to understand the contribution of different researchers in the world, this
study critically reviewed the available research papers, journal articles, theses
documents and INSA reports that are focused on cyber security in Ethiopia. After an
intensive search, the researcher found only eight research papers in the context of
cyber security in Ethiopia. Moreover, the research used qualitative techniques and
attempts to answer the following key questions:
• Is there any research in relation to cyber security in Ethiopia?
• What are the significant contributions made by prior researchers?
• What are the researchability gaps in the reviewed research work?
Table 1 shows the critical review of eight research papers in the context of cyber
security in Ethiopia including its significant contributions and researchability gaps.

2.1 Summary of Research Gaps and Future Research Directions

Balcha (2005) studied the case of Ethio-telecom. The findings revealed the
unavailability of formulated cyber security policy and standards; inadequate cyber
security training; and lack of legal framework for cyber security in Ethio-telecom.
Hence, design and development of legal cyber security framework and formulation of
cyber security policy and standards are required for further research. Moreover, the
researcher recommended cyber security training for Ethio-telecom stakeholders without
considering the acute shortage of cyber security professionals and training costs. So,
to alleviate the aforementioned issues and challenges, ‘design and development of

The Current Status of Cyber Security in Ethiopia 3

Electronic copy available at: https://ssrn.com/abstract=3545189

 4
Table 1: Reviewed Literature Including the Significant Contributions and Research Gaps
S.
Research Title Author (s) Significant Contribution Researchability Gaps
No.
1. State of Cyber Balcha (2005) The researcher determined the state of cyber The findings are relevant and it assessed the state
Security in Ethiopia security in Ethiopia in the case of Ethio-Telecom of cyber security in Ethiopia specifically in Ethio
and revealed the unavailability of cyber security Telecom but still the researcher suggested what
policy and standards; information security law, to do, but not how to do it. For instance, there is
ethics and relevant legislation and regulation; acute shortage of cyber security professionals in
the existing technologies are not fulfilling all- Ethiopia and as a matter of fact Ethiopia is a low
rounded national information security policy and income country. So how to give training to all
standards; acute shortage of information security stakeholders with a shortage of cyber security
professionals. professionals in the country and the training costs
are not addressed by the researcher.
The researcher suggested the following points as
a solution: Hence to address these issues and challenges,
design and development of advisory expert system
• Formulation of cyber security policy and
or intelligent security tutor system should be
standards.
considered as future research. This approach
• Cyber security training for all stakeholders in makes the user learn about security by interacting
the organizations. with the machine.
• Legal framework for cyber security. • Design and development of legal framework
for cyber security are also the main research
areas.
• This type of research shall be conducted in
other sectors in Ethiopia to conclude the
research findings at national level.

Electronic copy available at: https://ssrn.com/abstract=3545189

2. The State of Cyber Halafom (2015) The researcher determined the current state of The findings are relevant and it assessed the
Crime Governance in cyber crime governance in Ethiopia and revealed current state of cyber crime governance in
Ethiopia that cyber security governance in Ethiopia is at Ethiopia but still the researcher suggested what
its embryonic stage, inexistence of consolidated to do, but not how to do it. How to design and

The IUP Journal of Information Technology, Vol. XVI, No. 3, 2020

 Table 1 (Cont.)

S.
Research Title Author (s) Significant Contribution Researchability Gaps
No.
report that shows the exact prevalence and develop cyber security governance framework
impact of cyber crime in Ethiopia and to what or model, what are the main elements to be
extent the Ethiopian information society is included in the framework or model are not
vulnerable. addressed by the researcher.
The researcher suggested the following points as Hence design and development of the cyber
a solution: security governance framework are also the main
research areas.
• Strengthen cyber security governance in
Ethiopia; comprehensive legal frameworks on
cyber security and promoting cyber crime

The Current Status of Cyber Security in Ethiopia

awareness.
3. The researcher designed Cyber Security The findings are relevant and the researcher
Cyber Security Tesfaye (2015) Auditing Framework (CSAF) for banking sector designed a workable cyber security auditing
Auditing Framework in Ethiopia and revealed the low level of readiness framework based on ISO, NIST and ICT security
(CSAF) For Banking in cyber security audit; lack of policies, procedures readiness checklist. However, this framework
Sector in Ethiopia and processes for cyber security audit; lack of requires rigorous testing. Hence, proper testing
cyber security expertise in majority of Ethiopia of the framework shall be considered as future
banking industries. research.
The researcher designed the CSAF based on Even though, currently, there are about 20 both
ISO, NIST and ICT security readiness checklist private and government banks in Ethiopia, the
for banking sector in Ethiopia as a solution. researcher considered only the headquarters of
four Banks, viz., Nib International bank, Bank of
Abyssinia, Dashen Bank and Commercial Bank

Electronic copy available at: https://ssrn.com/abstract=3545189

of Ethiopia (CBE), as sample to collect data and
design the framework. Hence, inclusion of other
banks or financial institutions can improve the
designed framework and future researchers shall
address this issue.

5
 6
Table 1 (Cont.)

S.
Research Title Author (s) Significant Contributions Researchability Gaps
No.
Issues of acute shortage of cyber security
professionals in banking sectors in Ethiopia are
not addressed by the researcher. Hence, the
future researcher shall focus on the development
of virtual training system or intelligent security
training system to build the capacity of banking
stakeholders.
4. The Quandary of Temesgen The researcher found out the dilemma of cyber The findings are relevant and it assessed the
Cyber Governance in (2019) governance in Ethiopia and the findings revealed dilemma of cyber governance in Ethiopia but
Ethiopia that there are a number of legal, policy and still the research findings did not show why the
institutional initiatives designed to guide cyber Ethiopian Government excessively controlled
governance in Ethiopia. However, the overall the information access? Is it intentional or
aspects of cyber governance have posed a peril to unintentional? what type of information is highly
digital landscape; there is excessive control and restricted to access by the government? Why is
restriction of access to information in Ethiopian not articulated by the researcher? Future
digital landscape; institutional structures lack research is required to fill the aforementioned
transparency and coordination of tasks for gaps.
responsive service delivery.
The researcher suggested that the government
must focus on expanding the infrastructure to
assure accessibility and revising the policies and
legal instruments to ensure digital freedom so as
to get the maximum blessings that the digital

Electronic copy available at: https://ssrn.com/abstract=3545189

world has brought to us.
Cybercrime in
5. Ethiopia: Lessons Iyasu (2018) The researcher examined the current shape of The findings are relevant but the researcher
to be learned from the Ethiopian legal system on cyber crime by never met key informants like Information
International and assessing the legislative efforts by entities like Network Security Agency (INSA) in Ethiopia

The IUP Journal of Information Technology, Vol. XVI, No. 3, 2020

 Table 1 (Cont.)

S.
Research Title Author (s) Significant Contributions Researchability Gaps
No.
Regional the Council of Europe and Africa Union to collect relevant information and no court cases
Experiences Convention on cyber security. The study are analyzed by the researcher to say there are
revealed that the expansion of telecom still some gaps that need improvement with regard
infrastructure in Ethiopia has not been matched to the proclamation including the right to privacy
with equal investment in the fields of security and the interest of the society as whole to be
and adequate legislation to govern the area; protected from cyber crime.
Ethiopia is one of the countries increasingly
Further research is required to reassess cyber
becoming victims of cyber crimes in Africa, and
crimes in Ethiopia by including the recent reports
until very recently, it did not even have adequate
of INSA and by analyzing court cases.
legislation to govern the matter.

The Current Status of Cyber Security in Ethiopia

6. Cyber Security Tewodros The author developd Tailoring Cyber Security This paper proposed a tailored cyber security
Practices and (2018) Framework by examining the practices and framework based on INSA’s Critical Mass Cyber
Challenges at challenges of cyber security at three selected Security Requirement Standard Version 1.0 and
Selected Critical critical infrastructure in Ethiopia, viz., Ethiopian NIST's Framework for improving critical
Infrastructure in Electric Power, Ethiopian Electric Utility and infrastructure cyber security version 1.1.
Ethiopia: Towards Ethio Telecom. The study revealed that the top However, implementation of framework for
Tailoring Cyber four challenges at selected critical infrastructure technical processes of cyber security at critical
Security are lack of in-house expertise, inadequate infrastructure requires further research. Despite
Framework enabling technology, difficulty in locating the the availability of several international standards
right security alert and evasion of preventive and cyber security frameworks; the author only
security controls by conducting survey. In followed INSA’s Critical Mass Cyber Security
addition, the selected critical infrastructure is Requirement Standard Version 1.0 and NIST’s

Electronic copy available at: https://ssrn.com/abstract=3545189

inadequately prepared to detect, prevent, and Framework to develop Tailoring Cyber Security
respond to cyber threats and breaches. Framework. Hence, future researchers shall
consider other international standards and
frameworks for improvement of this research as
well as its practical implementation.

7
 8
Table 1 (Cont.)

S.
Research Title Author (s) Significant Contributions Researchability Gaps
No.
7. Developing National Abenezer The researcher developed National Cyber This paper fills the gaps in national cyber security
Cyber Security (2019) Security Strategy for Ethiopia. The main argument in Ethiopia by developing cyber security strategy.
Strategy for Ethiopia of this study is national cyber security strategy is a In order to develop cyber security strategy, the
useful tool to solve cyber security problems at a authors followed the National Cyber Security
national level, and countries can learn from other Strategies of Canada, Germany, Singapore and
countries. The study revealed that despite the Rwanda. However, in terms of security culture,
existence of National Information Security Policy economy, political ideology and technological
in Ethiopia, there is an apparent lack of practical infrastructure; these countries are not similar with
and comprehensive strategy that addresses Ethiopia. Hence, future researchers shall use this
contemporary cyber security challenges. Lack of research as knowledge base and consider the
effective measures to fight against cyber incidents aforementioned gaps to improve this cyber
have resulted in the growth of cyber crime in the security strategy.
country.

8. Developing Cyber Mulualem The author developed cyber security risk This paper fills the gaps in Cyber Security Risk
Security Risk (2018) assessment framework for railways industry in Assessment Framework for Railways Industry in
Assessment Ethiopia by reviewing current state of cyber Ethiopia. However, “railways strategic and tactical
Framework for security risk assessment process, guideline, risk assessment process” and “railways cyber security
Railways Industry in standards in Ethiopia and other international risk management process” requires future research.
Ethiopia standards. Using this research as knowledge base future,
researchers are developing Cyber Security Risk

Electronic copy available at: https://ssrn.com/abstract=3545189

Assessment Framework for other sectors in Ethiopia
such as higher education, health sector and
financial sectors due to the fact that these sectors
are houses of sensitive or lucrative data.

The IUP Journal of Information Technology, Vol. XVI, No. 3, 2020

advisory expert system or intelligent security tutor system’, shall be considered as future
research. This approach makes the user learn about security by interacting with the
machine.
Halafom (2015) revealed that cyber security governance in Ethiopia is at its
embryonic stage. Inexistence of consolidated report shows the exact prevalence and
impact of cyber crime in Ethiopia and to what extent the Ethiopian information society
is vulnerable. Hence, Developing National Cyber security Governance for Ethiopia
shall be considered as future research.
Tesfaye (2015) revealed low level of readiness in cyber security audit, lack of policies
and procedures and processes for cyber security audit, and lack of cyber security expertise
in a majority of Ethiopia banking industries. Even though the author developed Cyber
Security Auditing Framework (CSAF) for banking sector in Ethiopia, this framework
is not rigorously tested. So, in future, researcher shall work towards its practical
implementation. The author only focused on four private and government banks in
Ethiopia. Hence, the inclusion of other banks or financial institutions can improve
the designed framework. Additionally, development of virtual training system or
intelligent security training system is required to build the capacity of banking
stakeholders.
Temesgen (2019) studied the existence of excessive control and restriction of
access to information in Ethiopian digital landscape, lack of transparency and
coordination of tasks for responsive service delivery in institutional structures. The
author suggested revising the policies and legal instruments by the government is
required to ensure digital freedom. His future study is, Why does the Ethiopian
Government excessively control the information access? Does it intentional or
unintentional? What type of information is highly restricted to access by the government
and why is it required?
Iyasu (2018) observed that the expansion of telecom infrastructure in Ethiopia has
not been matched with equal investment in the fields of security and adequate
legislation to govern the area; Ethiopia is one of the countries increasingly becoming
victims of cyber crimes in Africa, and until very recently, it did not even have adequate
legislation to govern the matter. To examine the current shape of the Ethiopian legal
system on cyber crime, the author followed the legislative efforts by entities like the
Council of Europe and Africa Union Convention on Cyber Security. However, the
researcher never met key informants like INSA in Ethiopia to collect relevant
information and no court cases were analyzed by the researcher to say Ethiopia did not
even have adequate legislation to govern cyber crime. Hence, reassessing cyber crime
in Ethiopia by including the recent reports of INSA and by analyzing court cases is
required by future researchers.
Tewodros (2018) selected three critical infrastructure in Ethiopia, viz., Ethiopian
Electric Power, Ethiopian Electric Utility and Ethio Telecom and revealed top four

The Current Status of Cyber Security in Ethiopia 9

Electronic copy available at: https://ssrn.com/abstract=3545189

challenges at selected critical infrastructure are: (1) lack of in-house expertise; (2)
inadequate enabling technology; (3) difficulty in locating the right security alert; and
(4) evasion of preventive security controls. In addition, the selected critical
infrastructure are inadequately prepared to detect, prevent and respond to cyber threats
and breaches. Despite the availability of several international standards and cyber
security frameworks, the author only followed INSA’s Critical Mass Cyber Security
Requirement Standard Version 1.0 and NIST’s framework to develop tailoring cyber
security framework. Hence, future researchers shall consider other international
standards and frameworks for improvement of this research including its practical
implementation.
Abenezer (2019) observed that despite the existence of National Information
Security Policy in Ethiopia, there is an apparent lack of a practical, comprehensive
strategy that addresses contemporary cyber security challenges. Lack of effective
measures to fight against cyber incidents has resulted in the growth of cyber crime in
the country. In order to develop cyber security strategy, the authors followed the
National Cyber security Strategies of Canada, Germany, Singapore and Rwanda.
However, in terms of security culture, economy, political ideology and technological
infrastructure, these countries are not similar to Ethiopia. Hence, future researchers
shall use this research as a knowledge base and consider the aforementioned gaps to
improve this cyber security strategy.
Mulualem’s (2018) findings revealed the non-existence of cyber security risk
assessment framework for railways industry in Ethiopia and developed cyber security
risk assessment framework for railways industry in Ethiopia. The “railways strategic
and tactical risk assessment process” and “railways cyber security risk management
process” are not included in this research, and it requires further research. Using this
research as a knowledge base, future researchers can develop a cyber security risk
assessment framework for other sectors in Ethiopia such as higher education, health
sector and financial sectors due to the fact that these sectors are houses of sensitive or
lucrative data.

Conclusion
The paper presents the current status of cyber security in Ethiopia by rigorously reviewing
the existing literature. It attempted to excavate the main gaps and future research to
repel the evolving cyber attacks in Ethiopia.
The finding revealed that there is an increasing level of cyber attacks in Ethiopia
due to the fact that currently Ethiopia has no well-standardized legal framework to
tackle cyber attacks both at institutional and national levels. Only 11.6% of government
institutions in Ethiopia have legal frameworks which are at their trial level, while a
majority or about 87.4% of these institutions have no recognized legal framework to
prevent cyber attacks. The employees, partners, well-organized criminals, cyber
terrorists and government and non-government sponsored are considered as the main

10 The IUP Journal of Information Technology, Vol. XVI, No. 3, 2020

Electronic copy available at: https://ssrn.com/abstract=3545189

sources of cyber attacks. Apart from the lack of standardized legal frameworks, lack of
awareness and lack of expertise in cyber security as well as poor cyber security
governance at the institutional level also contributed to the increased level of cyber
attacks in the country and needs special attention.
Some local researchers developed cyber security frameworks and strategies for some
sectors such as banks, railway industry, Ethiopian Electric Power, Ethiopian Electric
Utility and Ethio Telecom, but they were not rigorously tested. Hence, there is a need
to have a well-standardized national cyber security policy, strategies, governance and
legal frameworks and its appropriate implementation. In addition, the current cyber
security awareness level of stakeholders in different institutions in Ethiopia is in its
infancy. So, unless the governments and private institutions in Ethiopia seriously focus
on the cyber security capacity building among their stakeholders, the overall security,
privacy and credibility of the institution will be questioned.
Moreover, to overcome the acute shortage of cyber security professionals and lack
of cyber security know-how in the country, researchers should focus on the development
of virtual training system or intelligent security tutoring system in future, so that
stakeholders in various institutions can learn cyber security basics by interacting with
the machine.

References
1. Abenezer Berhanu (2019), “Developing National Cybersecurity Strategy for
Ethiopia”, Master’s Thesis, Tallinn University of Technology, School of Information
Technologies, Department of Software Science, pp. 12-65, available at:
digikogu.taltech.ee › Download, 06ef8980905c4c0894d17918a42e80a0%20(3).pd
2. African Cyber Security Market (2015), “Africa Cyber Security Market by Solution
(IAM, IDS/IPS, Risk & Compliance, Encryption, Antivirus, Firewall, DLP, UTM,
SVM, Disaster Recovery & Business Continuity, DDOS Mitigation, Web
Filtering)”, by Service, by Verticals, by Country-Forecast to 2020, available at:
https://www.marketsandmarkets.com/Market-Reports/africa-cyber-security-
market-201727948.html
3. Balcha Reba (2005), “State of Cyber Security in Ethiopia”, Ethiopian
Telecommunications Agency Standards and Inspection Department Head,
Standards Division, Ethiopian Telecommunications Agency, pp. 2-6, available at:
http://www.itu.int/osg/spu/cybersecurity/contributions/Ethiopia_Reba_paper.pdf
4. ECA (2014), “Tackling the Challenges of Cybersecurity in Africa”, Policy Brief,
NTIS/002/2014, pp. 1-6, available at: https://www.uneca.org/sites/default/files/
PublicationFiles/ntis_policy_brief_1.pdf
5. ENA (2019), “INSA Alarmed by Increase in Cyber Attacks, Calls for Swift
Actions”, Addis Ababa, November 4, 2019, Ethiopian News Agency Report,
The Current Status of Cyber Security in Ethiopia 11

Electronic copy available at: https://ssrn.com/abstract=3545189

 available at: https://www.ena.et/en/?p=10542
6. ENA (2019), “Ethiopia Needs Legal Cyber Security Auditing Framework: Expert”,
INSA Export Report by Ethiopia News Agency on November 6, 2019, available at:
https://www.ena.et/en/?p=10576
7. ENA (2020), “INSA Foils Cyber Attacks from Egypt”, Addis Ababa, June 23, 2020
Ethiopian News Agency Report, available at: https://www.ena.et/en/?p=15454
8. EPA (2019), “Agency Foils 80 Percent of Attempted Cyber attacks Last Year”,
Ethiopian News Agency, November 2, 2019, available at: https://www.press.et/
english/?p=15020#
9. FBC (2020), “Nation Foils 538 Cyberattacks in Nine Months”, Fana Broadcasting
Corporate News on May 2, 2020, available at: https://www.fanabc.com/english/
nation-records-538-cyberattacks-in-nine-months/
10. Halafom Hailu (2015), “The State of Cybercrime Governance in Ethiopia”, Article
published on ResearchGate, available at: https://www.researchgate.net/
publication/322234805_THE_STATE_OF_CYBERCRIME_GOVERNANCE_
IN_ETHIOPIA
11. Iyasu Teketel (2018), “Cybercrime in Ethiopia: Lessons to be Learned from
International and Regional Experiences”, A Thesis Submitted to the School of
Graduate Studies of Addis Ababa University in Partial Fulfillment of the
Requirements for the Masters of Law (LLM) in Public International Law Stream
Pia: Lessons to be learned from International and Regional Experiences, Addis
Ababa University, pp. 1-65, available at: http://etd.aau.edu.et/bitstream/handle/
123456789/12648/Iyasu%20Teketel.pdf?sequence=1&isAllowed=y
12. Mathe A (2019), “The Misunderstood World of Cybersecurity in Africa”, Policy-
Center for New South, available at: https://www.policycenter.ma/opinion/
misunderstood-world-cybersecurity-africa#.Xx6wfp4zZPY
13. Mulualem Eyuel (2018), “Developing Cyber Security Risk Assessment Framework
for Railways Industry in Ethiopia”, A Thesis Submitted to the Department of
Computer Science of St. Mary’s University in the Partial Fulfillment of the
Requirements for the Degree of Master of Science in Computer Science, St.
Mary’s University, pp. 1-76, available at: http://repository.smuc.edu.et/bitstream/
123456789/5298/1/Eyuel%20Mulualem- converted%282%29- converted-
converted.pdf
14. Temesgen Aschenek (2019), “The Quandary of Cyber Governance in Ethiopia.
Institute of Governance, Humanities and Social Sciences, Pan African University,
Cameroon, Yaoundé”, Journal of Public Policy and Administration, Vol. 3, No. 1,
pp. 1-7. doi: 10.11648/j.jppa.20190301.11
15. Tesfaye Asfaw (2015), “Cyber Security Auditing Framework (CSAF) for Banking
Sector in Ethiopia”, A Thesis Submitted to the Faculty of Informatics, St. Mary’s
12 The IUP Journal of Information Technology, Vol. XVI, No. 3, 2020

Electronic copy available at: https://ssrn.com/abstract=3545189

 University, in Partial Fulfillment of the Requirements for the Degree of Master of
Science in Computer Science, pp. 1-74, available at: http://repository.smuc.edu.et/
bitstream/123456789/5183/1/Final%20thesis%20document.pdf
16. Tewodros Getaneh (2018), “Cyber Security Practices and Challenges at Selected
Critical Infrastructures in Ethiopia”, A Thesis Submitted to School of Graduate
Studies of Addis Ababa University in Partial Fulfillment of the Requirements for
the Degree of Master of Science in Information Science, pp. 1-93, available at:
http://etd.aau.edu.et/bitstream/handle/123456789/19110/Tewodros%20Getaneh%
20%202018.pdf?sequence=1&isAllowed=y

Reference # 35J-2020-09-0x-01

The Current Status of Cyber Security in Ethiopia 13

Electronic copy available at: https://ssrn.com/abstract=3545189

Electronic copy available at: https://ssrn.com/abstract=3545189