Cyber governance in Morocco: an Analysis of the Interne Status (Part II)

2 : Complexities and weaknesses against national cyberstability

Although Morocco is not below the international rankings, it remains essential to focus specific efforts to optimize its positioning. It is clear, according to various indications, that a country’s technological power and degree of digitization are intrinsically linked to its global economic, commercial, industrial, and diplomatic stature. Due to the many complex challenges faced by Morocco’s technological ambition, the country continues to occupy ranks that may seem precarious, despite undeniable legal and technical progress. That said, it is remarkable that Morocco, despite its initiatives, is positioned behind some Arab and Asian countries that started their digital reforms long after it.

According to ITU, Morocco ranks among the 77 nations in the digital maturity phase^[1]. Nevertheless, the country excels in certain specific areas; however, there is a clear deficit in several areas related to cybersecurity, as well as a flagrant lack of advanced technological innovations. These shortcomings can be explained, in part, by the absence of major technological projects and the fragility of existing cyber infrastructures, to which the growth of a robust and competitive national cyber security industry is undoubtedly an essential lever to propel Morocco to the rank of advanced nations in this field^[2]. Nevertheless, in order to ensure a successful transition, it is imperative to address some significant sectoral gaps and overcome persistent industrial lags^[3].

a- Sectorial protection and selective security

The National Cyber Security Strategy raises questions about the relevance of its exclusive appropriation by elite strategic circles. However, in line with the country’s limited resources and financial capabilities, the policy orientation appears to be underoptimal in view of the extent and sophistication of the risks arising from cyber space. The defensive architecture that we have described as pyramidal, sectoral and selective, has substantial limitations in terms of comprehensive safeguards. This finding calls into question the robustness of the newly established comprehensive strategic plan and highlights its vulnerabilities.

Problem of pyramidal and non-horizontal protection

In our critical assessment of the Moroccan cybernetic strategy, one of the major shortcomings lies in the adoption of a sectoral approach to protection, characterized by a hierarchy based on the vital importance of the objectives to be secured[4]. This national doctrine is notoriously lacking in qualitative analysis; it is limited to establishing general principles and prescribing a pyramidal defence at the expense of a horizontal structure, thus confining itself to a limited number of agencies and institutions under state tutelage[5].

The strategy almost completely ignores the involvement of the private sector and other entities whose cybersecurity concerns are substantial. This gap is all the more worrying as these entities, although smaller, do not have insignificant areas of activity according to the very criteria of this strategy^[6]. Therefore, centralization of solutions is contradictory to the country’s wider aspirations for international openness and collaboration. The state monopoly on cybersecurity initiatives thus generates a concentration of responsibilities and risks.

On the other hand, the absence of a private sector capable of constituting a serious competitive force further complicates the challenges facing the state as the sole guardian of cyber space. This scenario translates into increased vulnerability to a potentially considerable array of actors, including non-State, of which experts argue that this centralization of cyberpolicy places States in precarious positions when dealing with private actors dominating these technologies^[7].

Cybersecurity in the eyes of the United Kingdom, France and China

The United Kingdom, based on an inherent confidence in its private sector, explicitly recognizes its competence to regulate cyber dynamics, both nationally and internationally^[8]. At the same time, particular actors in this approach benefit from a valued position, actively collaborating in the promotion and defence of fundamental values relating to freedom and openness of cyberspace. The strategy wisely defines cyber boundaries, preferring ethical values to derogatory measures^[9].

The cyber strategy in France revolves around targeted strengthening of industrial vulnerabilities, in terms of data storage technologies and internal networks^[10]. This model postulates that the guarantee of cyber sovereignty and technological independence is based on the establishment of a robust national industry^[11]. The Cyber Defence Pact establishes the guiding principles of this strategy, incorporating intrinsically republican concepts and an imperative of national sovereignty^[12].

The third axis of this comparison concerns China, currently the world’s most competitive in terms of technological capacity development^[13]. China’s success in establishing a state-of-the-art industrial base has enabled it to effectively challenge the dominance of US technology companies^[14]. Strengthening the presence of national technology operators and their positioning in global competition^[15], And the “Great Firewall” project, designed to protect against external digital influences and to monitor activities on internal networks, turns out to be crucial to Chinese national security^[16].

This comparative analysis reveals that these nations have prioritized the specific strengthening of their infrastructure and the competitiveness of their domestic players before engaging internationally^[17]. They see domestic capacity development as a prerequisite for expanding external commitments, relying on existing agendas that promote the interests of cyber powers and the goals of their decision makers at the expense of international fairness[18].

As a result, these countries adhere to strategies that incorporate less transparent aspects, recognizing that the overall security of a nation depends primarily on the strengthening of specific capabilities in cyberspace. And they suggest that the guarantee of national security rests on the development of technological, industrial, and military potential. And finally, cybercapacities should not be the monopoly of certain industrial or administrative sectors^[19]. We, on the other hand, advocate a renewed Moroccan vision of cyberspace that shares the benefits among all actors and promotes global cybersecurity awareness.

Selective security in the face of rising global threat

We are addressing the ubiquitous and multidimensional nature of the cyber threat, while highlighting the selective and sectoral aspect of the Cyber Security Strategy in Morocco. Despite the ubiquity of cyber threats, this strategy presents a significant gap in homogeneity, evident even within the sectors identified as crucial. This selectivity is increasing due to budgetary constraints and human resources, hindering the progress of the digitization initiative in some key sectors^[20].

Paradoxically, while digitalisation offers substantial benefits, including in terms of efficiency and cost, it exposes these online services to an increased risk of degradation. It is therefore imperative to note that measures to improve cybersecurity will vary considerably from one functional area to another according to the criteria. This heterogeneity is evident even within a single sector, as illustrated by the case of the Ministry of the Interior. In fact, the various services under this institution do not enjoy a uniform level of protection, thereby creating structural vulnerabilities.

Major internal impacts

It should be noted that intra-sectoral dissonance fuels the observable decline in overall cybersecurity performance. Indeed, the locomotive model, where a highly secure and developed sector is supposed to stimulate the less advanced areas, is counterproductive. This approach exhausts already limited resources in cyber security and cyber defence, rather than fostering operational synergy. It is also believed that these impacts, coupled with territorial development inequalities in Morocco, hinder the expansion of cybersecurity at the national level, which we believe is inseparable from issues of territorial and social development, and cannot be reduced to a mere technological problem.

The legal sphere is not without challenges. There is a certain legal hegemony, where Moroccan legislation often neglects the jurisprudential innovation in favour of the adoption of majority Francophone paths. This approach inhibits the ability to anticipate and understand the ever-changing cyber challenges in Morocco. The digital space therefore requires a major reorientation of domestic policies in order to the desired objectives. Ultimately, recent economic and health crises have highlighted the crucial importance of digital as a resilience tool to global challenges^[21]. And so, in order to maximize its effectiveness, it is imperative to remove the sectoral, territorial obstacles that hinder its development[22].

b- The industrial, technological and educational policy in question

It becomes clear that Morocco’s industrial policy requires a critical reconfiguration in terms of its management of security and technological dependence. Indeed, cybersecurity now transcends the restrictive framework of a technical exercise and has become multisectoral in terms of impact and understanding. Instead, we should develop a holistic and more generalist perspective, in order to reposition our position, taking into account several aspects and factors and their strategic and geopolitical scope^[23].

The geostrategic importance of technology industries

In the first part, we identified the crucial importance of ICTs, and highlighted their adverse repercussions, thus raising their position in the strategic paradigms related to geopolitical confrontations and struggles^[24]. It must be reaffirmed that the military and security significance of these technologies has not grown in the political and strategic spheres without reason; instead, the global economy, and global industry, have become central players in this economic and industrial war for the acquisition and control of technological potential^[25].

According to some experts, the rivalry between China and the United States is not only a struggle for global supremacy, but also for economic, industrial and, above all, technological dependence. This country aspires, through this competition, to ensure the preeminence of its industries while guaranteeing technological cyber sovereignty^[26]. In this regard, China has changed tactics and mobilized the resources of cyber piracy to fill the gaps in its strategic plan to establish its technological autonomy and national sovereignty^[27].

The technology industry, the introduction to national cybersecurity

Nations with proven cyber power are fully aware that the robustness of their cybersecurity is determined primarily by the industrial growth of national security-related technologies. This element is the only guarantee of genuine independence and cyber sovereignty for which Morocco, in this context, aspires to capitalize on the economic rivalries between the great powers in the field of technology in order to attract the necessary investments for the development of its infrastructure and its technological sector.

In this regard, the deployment of infrastructure projects has been the subject of various initiatives, and the new scheme for building the country’s industrial and technological capacities includes in its corpus an ingenious strategy and an innovative plan, provided that it has the necessary resources to monitor and promote technological Small Business^[28].

Designed in collaboration with the private sector^[29], This plan represents a coherent national road map for the development of the national ICT industry and provides an opportunity for substantial private sector involvement in this transformation^[30]. The various construction sites that make up this strategy may seem excessively ambitious, and are not necessarily equipped with adequate funding mechanisms and governance structures. This is undoubtedly a significant milestone that professionals in the sector must take into account. Indeed, the challenges in the ICT sector are enormous and, despite some progress, our country has growing gaps compared to other nations.

As an example, Turkey allocates 1.7% of its national budget to IT, 2.7% of private spending, 11 engineers per 10,000 inhabitants, and has more than 15 companies generating a turnover of more than EUR 100 million, thus serving as a driving force for the ecosystem of IT actors. Morocco, on the other hand, presents figures of 0.8%, 1.4%, 3 engineers and no company exceeding the EUR 1 million threshold^[31].

The challenge is therefore tangible: it is imperative that Morocco equips itself with the necessary capabilities to elevate its position in accordance with the ambitions articulated in this new plan, and thus become the leading technological hub on the African continent^[32].

Revision of education policy

Depending on the viewpoint that states the existence of several strengthening or weakening elements of national strategies, the presence or absence of the educational element in a cyberstrategy constitutes a turning point in our analysis. Moroccan public policy in the field of cyber is still at risk of ignoring the role of education and the importance of the existence of specific plans in education or even outside educational institutions related to cyber issues[33].

We mean the absence of specific educational and awareness-raising programmes in relation to the study and analysis of cyber issues and from a broader perspective in understanding challenges and challenges. It is also an element to be feared, when the opening of courses dedicated to the instruction and teaching of cyber-games and technological challenges remains an elite privilege[34].

[1] «Le livre blanc : les enjeux de la cybersécurité au Maroc», 2018, in: https://www.ausimaroc.com/wp –content/uploads /2018/10 /LB –Les –enjeux –de –la –cybers –au –Maroc.pdf (Consulté le 10 Septembre 2023).

[2] LAAROUSSI (N.), «Cybersécurité : menaces et enjeux», L’Opinion, 2020, in: https://www.lopinion.ma/Cybersecurite menaces –et –enjeuxa.html (Consulté le 10 Septembre 2023).

[3] MOBARAK (L.), Diagnostic Stratégique de l’émergence économique du Maroc, Éd, The Policy Center for the New South, Rabat, Note d’analyse, 2019, p. 19.

[4] «Global cybersecurity index», op, cit., p. 343.

[5] Ibid.

[6] MOBARAK (L.), op, cit.

[7] HUYGHE (B. F.), La composantes politico-militaire, op. cit., p. 127.

[8] «The UK cyber security strategy protecting and promoting the UK in a digital world», 2011, in: https://www.gov.uk/ government /news/protecting-and-promoting-the-uk-in-a-digital-world–3 (Consulté le 10 Septembre 2023).

[9] Ibid.

[10] DELURE (F.), «A close look at France’s new military cyber strategy», Éd, Center of Security Studies, 2019, in: https://www.Isnblog.ethz.ch/a –close –look –at –frances –new –military –cyber –strategy (Consulté le 10 Novembre 2022).

[11] COUSTILIÈRRE (A.), “Maîtriser le combat dans l’espace numérique et contribuer à la sécurité numérique nationale”, Revue de la Géoéconomie, n° 75, 2015, p. 3.

[12] HUYGHE (B. F.), Composantes politico-militaire, op. cit., p. 46.

[13] BLOCKH (L.), «Géopolitique du cyberespace, nouvel espace stratégique : l’internet, vecteur de puissance des Etats-

Unis?», Diploweb, 2017, in: https://www.diploweb.com/–L –Internet –vecteur –de –puissance –des –Etats –Unis – (Consulté le 10 Septembre 2023).

[14] DOSHI (R.), & BRUYERE (E.), DOSHI (R.), China as a ‘cyber great power’: Beijing’s two voices in telecommunications, Éd, Foreign Policy of Brooking edu, China Initiative Strategy Report, 2021, p. 5.

[15] BATX est un sigle formé sur le modèle de GAFAM (Google, Amazon, Facebook, Apple, Microsoft) en juxtaposant les initiales des quatre entreprises du Web chinois dans les années 2010, Baidu, Alibaba, Tencent et Xiaomi.

[16] JINHUA (L.), «What are China’s cyber capabilities and intentions?», Center of Security Studies, 2019, in: https://www. isnblog.ethz.ch/defense/what-are-chinas-cyber-capabilities-and-intentions (Consulté le 10 Septembre 2023).

[17] STAUFFACHER (D.) & WEEKES (B.), «The challenge of protecting critical infrastructure against Cyber-Attacks», Éd, International Relations and Security Network, Note of Analysis, 2012, p. 3.

[18] Ibid.

[19] IRAQUI (F.), «Télécoms: le Maroc perd le fil», Le 360, 2014, in: https://fr.le360.ma/economie/telecoms –le –maroc perd –le –fil –26197 (Consulté le 10 Septembre 2023).

[20] Enquête annuelle sur le marché et l’évolution des TIC, «Marché des Technologies de l’Information», in: http://www .anrt.ma/indicateurs/etudes–et –enquetes/enquete –annuelle –marche –des –tic (Consulté le 10 Septembre 2023).

[21] Rapport complémentaire, «Adaptation, innovation, agilité, créativité et efficacité : Les 5 piliers de la relance et de la construction du modèle de développement national Post-Covid-19», Éd, Institut Amadeus, 2020, p. 127.

[22] COUSTILIERRE (A.), op, cit.

[23] PARTIK (S.), & MISHRA (V,), «Democracy, Technology, Geopolitics», Observer Research Foundation, 2022, in: https://www.orfonline.org/expert –speak/democracy –technology –geopolitics/ (Consulté le 10 Septembre 2023).

[24] MUSSINGTON (D.), «Strategic Stability, Cyber Operations and International Security», Éd, Center For International Governance & Innovation, 2021, in: https://www.cigionline.org/articles/strategic –stability –cyber –operations –and –intern ational –security/ (Consulté le 10 Septembre 2023).

[25] Ibid.

[26] DUFOUR (F. J.), «Entre la Chine et les Etats-Unis, la guerre technologique a toutes les chances de se poursuivre», LE Monde, 2021, in: https://www.lemonde.fr/idees/article/entre –la –chine –et –les –etats –unis –la –guerre –technologique –a –toutes les –chan ces –de –se –poursuivre.html (Consulté le 10 Septembre 2023).

[27] GRENDON (G.), «Les semi-conducteurs : clé de l’autosuffisance technologique chinoise», Éd, Chroniques des nouvelles conflictualités, Note d’analyse, 2021, p. 5.

[28] IDRISSI (J. I.), “La transformation digitale des PME au Maroc : enjeux et perspectives”, Éd, Revue Repères et Perspectives Economiques, Vol, 4, n° 2, 2020, p. 202.

[29] WALIDI (B.), «Étude digitale état des lieux du digital au Maroc », Media Marketing, 2020, in: https://www. médiamarketing .ma/article/aetude-digitale-aetat-des-lieux-du-digital-au-maroc/ (Consulté le 10 Septembre 2023).

[30] BELKAZIZ (S. K.), «La création de l’Agence nationale pour le développement numérique suscite beaucoup d’espoirs chez les professionnels marocains», Intervention lors d’une réunion au ministère de l’industrie et de l’économie numérique, 2016, in: https://www.apebi.org.ma/docs –presse/creation –de –lagence –nationale –pour –le –developement.pdf , (Consulté le 10 Septembre 2023).

[31] Ibid.

[32] NAJAH (R.), «Le cyberespace Africain : un état des lieux», Policy Center for the New South, 2020, in: https://www .Policycenter.ma/opinion/le–cyberespace –africain –un –etat –des –lieux (Consulté le 10 Septembre 2023).

[33] «Global cybersecurity index», op, cit., p. 344.

[34] YOANN (N.), «Pourquoi l’éducation à la cybersécurité est-elle importante?», Cybersecurity Guide, 2019, in : https://www .cybersecurity-guide.com/pourquoi-leducation-a-la-cybersecurite-est-elle-importante/ (Consulté le 10 Septembre 2023).