-
Morocco's CNSS launches $4.4M tender for cybersecurity upgrade
-
Move follows major data breaches impacting millions of users
-
Project aims to modernize systems, ensure legal data protection
Morocco's National Social Security Fund (CNSS) has launched an international tender worth 40 million dirhams ($4.4 million) to strengthen its cybersecurity following a series of cyberattacks that compromised sensitive data. The initiative aims to modernize the institution's digital systems and secure the personal information of millions of employees and affiliated companies.
The tender is divided into two parts. The first, valued at 6 million dirhams, is for accelerating the institution's overall digital transformation. The second, estimated between 19.99 and 39.98 million dirhams, is for acquiring specialized expertise, implementing advanced technical solutions, and deploying security systems that comply with Law 09-08 on personal data protection.
The tender's specifications impose strict guarantees, including the destruction of files after contracts are executed, a ban on unauthorized data use, and the adoption of agile methodologies to ensure the effectiveness of the security measures.
This initiative comes amid the growing vulnerability of Moroccan digital infrastructure to cyber threats. A massive attack on April 8 by the group Jabaroot compromised the data of nearly 500,000 companies and two million employees. A second intrusion reported in September highlights the persistent system vulnerabilities and the lack of a robust, proactive security architecture, despite the CNSS's strategic importance to the country's social safety net.
The project is designed to significantly boost the CNSS's digital resilience and restore public trust. By securing its systems, the institution can ensure more reliable data processing and the continuity of essential services such as mandatory health insurance, which covers low-income households and non-working individuals. This effort will also supplement the government's ongoing legal and regulatory actions to protect public and private infrastructure from rising cyber threats.
Samira Njoya
