In recent months, several Moroccan public institutions have been targeted by cyberattacks of unprecedented scale. Data leaks, paralyzed institutional websites, intrusion attempts… In the face of this growing wave of digital threats, the Ministry of Economy and Finance is taking the initiative.

According to sources consulted by TelQuel, the department has entrusted the company CBI with the maintenance of part of its cyberdefense and real-time detection system for abnormal behavior and advanced attacks, for an amount exceeding 775,000 dirhams.

According to an authorized source at the Ministry of Economy and Finance, CBI is now among the companies responsible for maintaining the ministry’s digital shield, which encompasses several information systems across its various departments.

The service entrusted to CBI covers both the hardware and software maintenance of a critical ministry infrastructure dedicated to Network Detection and Response (NDR). This solution relies on two main devices: the GCENTER 8100-HW-FE, responsible for centralized management, and the GCAP 2200-HW-FE, which handles network incident detection and response.

In practical terms, it is a system capable of continuously analyzing traffic, identifying suspicious behavior, and triggering automatic containment or correction measures, according to the same sources.

Prevent and Cure

The contract provides for preventive maintenance through two visits per year, during which the service provider must check the proper functioning of the systems, propose necessary adjustments, and replace faulty components. In the event of an anomaly or breakdown, corrective maintenance applies, with an obligation for on-site intervention and repair within the prescribed time frame.

On the software side, CBI will be responsible for regularly updating the platform, correcting anomalies, and strengthening security through advanced functions such as hardening, real-time threat detection, hunting, alert visualization, and automatic incident response (Reflex functionality). The system also includes a module for detecting zero-day attacks and static malware analysis via 16 detection engines, offering an extended level of monitoring.

A remote assistance and online support service will be made available to the ministry, allowing internal teams to submit technical questions or report malfunctions in real time. The contract also provides for knowledge transfer to the administration teams responsible for the daily operation of the solution, in order to strengthen their autonomy and responsiveness to incidents.

Concluded for an initial duration of one year, the contract is tacitly renewable up to three years. The ministry retains the option to terminate it with one month’s notice, compared to three months for the service provider. This initiative is part of a broader policy to secure the state’s digital infrastructures, at a time when the digitalization of public services is accelerating.

Written in French by Younes Saoury, edited in English by Eric Nielson