98. Liberia 19.48

98th National Cyber Security Index
123rd Global Cybersecurity Index
N/A ICT Development Index
130th Networked Readiness Index
Population 4.6million
Area (km2) 111.4thousand
GDP per capita ($) 0.9thousand
NCSI FULFILMENT PERCENTAGE
NCSI Update Data source
17 Sep 2018 Public data collection
NCSI DEVELOPMENT TIMELINE 3 years All data

Version 17 Sep 2018

GENERAL CYBER SECURITY INDICATORS
BASELINE CYBER SECURITY INDICATORS
  • 5. Protection of digital services 4/5 80%
    4
    5 80%
    • 5.1. Cyber security responsibility for digital service providers 1
      1
      1
      Requirements
      Criteria

      According to legislation, digital service providers (except micro and small enterprises): (1) must manage cyber/ICT risks or (2) must implement established cyber/information security requirements.

      Accepted references

      Legal act

      Evidence

      Section 3.8. The LTA (Liberian Telecommunications Authority) shall perform the following regulatory tasks: (o) security and quality of every ICT service, and, to that end, determining the technical standards for those services and the connection of user equipment to communication networks (page 27)

    • 5.2. Cyber security standard for the public sector 0
      0
      1
      Requirements
      Criteria

      Public sector digital service providers must implement (1) cyber/ICT security requirements (defined by legislation) or (2) a widely recognised security standard.

      Accepted references

      Legal act

      Evidence
    • 5.3. Competent supervisory authority 3
      3
      3
      Requirements
      Criteria

      The government has a competent authority in the field of cyber/information security that has the power to supervise public and private digital service providers regarding the implementation of cyber/information security requirements.

      Accepted references

      Official website or legal act

      Evidence

      According to section 3.8 (page 26-27), LTA's (Liberian Telecommunications Authority) tasks include:

      (d) "delivering registration and verification certificates, for all those activities of operators and service providers that are subject to a requirement for declaration

      (f) "monitoring compliance with existing regulations and terms of license, authorizations and declarations granted in the ICT sector. To this end, the LTA shall receive and study all information and documentation required from the operators of telecommunication networks and services under the terms of their licenses and terms of reference, and request any additional information that may be needed"

      (n) "regulating the protection and security of data"

      (o) "security and quality of every ICT service, and, to that end, determining the technical standards for those services and the connection of user equipment to communication networks"

  • 6. Protection of essential services 0/6 0%
    0
    6 0%
    • 6.1. Operators of essential services are identified 0
      0
      1
      Requirements
      Criteria

      There is a legal act that allows to identify operators of essential services.

      Accepted references

      Legal act

      Evidence
    • 6.2. Cyber security requirements for operators of essential services 0
      0
      1
      Requirements
      Criteria

      According to the legislation, operators of essential services must manage cyber/ICT risks.

      Accepted references

      Legal act

      Evidence
    • 6.3. Competent supervisory authority 0
      0
      3
      Requirements
      Criteria

      The government has a competent authority in the field of cyber/information security that has the power to supervise operators of essential services, regarding cyber/information security requirements.

      Accepted references

      Official website or legal act

      Evidence
    • 6.4. Regular monitoring of security measures 0
      0
      1
      Requirements
      Criteria

      Operators of essential services must regularly (at least once every 3 years) provide evidence of the effective implementation of cyber/information security policies (e.g. audit result, documentation, specific report).

      Accepted references

      Legal act

      Evidence
  • 7. E-identification and trust services 4/9 44%
    4
    9 44%
    • 7.1. Unique persistent identifier 0
      0
      1
      Requirements
      Criteria

      The government provides a unique persistent identifier to all citizens, residents, and legal entities. For example, the identifier remains the same after document expiration and name change.

      Accepted references

      Legal act

      Evidence
    • 7.2. Requirements for cryptosystems 0
      0
      1
      Requirements
      Criteria

      Requirements for cryptosystems in the field of trust services are regulated.

      Accepted references

      Legal act

      Evidence
    • 7.3. Electronic identification 0
      0
      1
      Requirements
      Criteria

      Electronic identification is regulated.

      Accepted references

      Legal act

      Evidence
    • 7.4. Electronic signature 1
      1
      1
      Requirements
      Criteria

      E-signature is regulated

      Accepted references

      Legal act

      Evidence

      PART II. VALIDITY OF ELECTRONIC RECORDS AND DIGITAL SIGNATURES (page 10).

      §13.4. General rule of validity – signatures.

    • 7.5. Timestamping 0
      0
      1
      Requirements
      Criteria

      Timestamping is regulated.

      Accepted references

      Legal act

      Evidence
    • 7.6. Electronic registered delivery service 0
      0
      1
      Requirements
      Criteria

      Electronic registered delivery service between state entities, citizens and private sector entities is regulated. The service provides legally binding data exchange and guarantees the confidentiality and integrity of information.

      Accepted references

      Legal act

      Evidence
    • 7.7. Competent supervisory authority 3
      3
      3
      Requirements
      Criteria

      There is an authority responsible for the supervision of qualified trust service providers.

      Accepted references

      Official website or legal act

      Evidence

      §13.35. A Recognition Authority may issue a Code of Practice specifying standards and procedures for carrying out the functions of recognized certification authorities in respect of which he is the relevant Recognition Authority. (page 31)

      §13.43. 1. Requirement for a report. At least once in every 12 months, a recognized certification authority shall furnish to the Recognition Authority a report containing an assessment as to whether the recognized certification authority has complied with the provisions of this Law applicable to a recognized certification authority and any Code of Practice during the report period. (page 33)

  • 8. Protection of personal data 1/4 25%
    1
    4 25%
INCIDENT AND CRISIS MANAGEMENT INDICATORS
  • 9. Cyber incidents response 0/6 0%
    0
    6 0%
    • 9.1. Cyber incidents response unit 0
      0
      3
      Requirements
      Criteria

      The government has a unit (CSIRT, CERT, CIRT, etc.) that is specialised in national-level cyber incident detection and response.

      Accepted references

      Official website or legal act

      Evidence
    • 9.2. Reporting responsibility 0
      0
      1
      Requirements
      Criteria

      Digital service providers and operators of essential services have an obligation to notify appointed government authorities of cyber security incidents.

      Accepted references

      Legal act

      Evidence
    • 9.3. Single point of contact for international coordination 0
      0
      2
      Requirements
      Criteria

      The government has designated a single point of contact for international cyber security coordination.

      Accepted references

      Official website or legal act

      Evidence
  • 10. Cyber crisis management 0/5 0%
    0
    5 0%
  • 11. Fight against cybercrime 1/9 11%
    1
    9 11%
    • 11.1. Cybercrimes are criminalised 1
      1
      1
      Requirements
      Criteria

      Cybercrimes are defined by legislation.

      Accepted references

      Legal act

      Evidence

      76. Telecommunications and Computer Offences. No person shall:
      (b) intentionally, without right and with dishonest intent, access the whole or any part of a telecommunications network or computer system by infringing security measures, with the intent of obtaining telecommunications or computer data.
      (c) intentionally, without right and with dishonest intent, intercept by technical means a transmission not intended for public reception of telecommunications or computer data to, from or within a telecommunications network or computer system;
      (d) intentionally, without right and with dishonest intent, damage, delete, deteriorate, alter or suppress telecommunications or computer data without right, where this results in harm to any other person;
      (e) intentionally, without right and with dishonest intent, interfere with the functioning of a telecommunications network or computer system by inputting, transmitting, damaging, deleting, deteriorating, altering or suppressing telecommunications or computer data;
      (f) intentionally, without right and with dishonest intent, possess, produce, sell, procure for use, import, distribute or otherwise make available a device, including a computer program, designed or adapted primarily for the purpose of committing any of the offences established in subsections (1) (a), (b), (c), (d) or (e); or a computer password, access code, or similar data by which the whole or any part of a telecommunications network or computer system is capable of being accessed with intent that it be used for the purpose of committing any of the offences established in subsections (1) (a), (b), (c), (d) or (e);
      (g) use, or cause or suffer to be used, any telecommunications network or telecommunications service for the purpose of disturbing, annoying, irritating, offending or harassing any person, including by means of a call with or without speech or other sounds, data or video images;

    • 11.2. Cybercrime unit 0
      0
      3
      Requirements
      Criteria

      There is a government entity with a specific function of combatting cybercrime.

      Accepted references

      Official website or legal act

      Evidence
    • 11.3. Digital forensics unit 0
      0
      3
      Requirements
      Criteria

      There is a government entity with a specific function of digital forensics.

      Accepted references

      Official website or legal act

      Evidence
    • 11.4. 24/7 contact point for international cybercrime 0
      0
      2
      Requirements
      Criteria

      The government has designated an international 24/7 contact point for cybercrimes.

      Accepted references

      Official website or legal act

      Evidence
  • 12. Military cyber operations 0/6 0%
    0
    6 0%
    • 12.1. Cyber operations unit 0
      0
      3
      Requirements
      Criteria

      Military forces have a unit (cyber command, etc.) that is specialised in planning and conducting cyber operations.

      Accepted references

      Official website or legal act

      Evidence
    • 12.2. Cyber operations exercise 0
      0
      2
      Requirements
      Criteria

      Military forces have conducted a cyber operations exercise or an exercise with a cyber operations component in the country in the last 3 years.

      Accepted references

      Exercise document/website or press release

      Evidence
    • 12.3. Participation in international cyber exercises 0
      0
      1
      Requirements
      Criteria

      The country's military team has participated in an international cyber operations exercise in the last 3 years.

      Accepted references

      Exercise document/website or press release

      Evidence