Critical Analysis of the Moroccan Cybersecurity Strategy and their Application to the Metaverse Era

At the practical level :

Morocco’s national strategy in cyberspace is based on several principles, one of which is the protection of vital critical infrastructures, making it an essential element. This vision is reinforced by in-depth collaboration with national institutions in the field of cybersecurity and cyber resilience; however, the metaverse, as we have presented, eludes what national efforts offer us as solutions to combat emerging cybercrime (National Cybersecurity Strategy, 2030). So, the question here is how to adapt national frameworks to the innovations presented by the metaverse, as the updating and renewal of national practices to consolidate national cybersecurity can no longer keep pace with cyber threats.

In the same vein, the national cybersecurity strategy also dedicates a significant portion of its objectives to the citizen and considers their role in national cybersecurity processes as a cornerstone. In this sense, citizen awareness is a major element of the national strategy, as individual awareness of cyber issues reduces technology-related risks, where human incidents based on ignorance of the secure use of technology constitute the majority of vulnerabilities and flaws exploited by criminals to achieve their objectives (National Cybersecurity Strategy, 2030). For this reason, national planning efforts aim to consolidate the standards and legal frameworks related to the deterrence of cybercrime, including the multiplication of awareness programs and plans for citizens and the training of individuals, particularly personnel from various sectors.

We observe that Morocco’s national cybersecurity strategy positions the country among the most relevant global indices in terms of cybersecurity. However, the adaptation of this cyber strategy to the new developments posed by the Metaverse is likely still far from the ambitions and requirements. To reinforce our idea, we noted that the level of cybersecurity in Morocco remains primarily focused on vital and especially public sectors, contrary to the requirements that this new space imposes on various actors (DGSSI, 2023). Efforts to counter innovations in the Metaverse regarding identity theft, cross-border cybercrime, and decentralized criminal interactions seem crucial, as these activities gain popularity and reputation in criminal circles due to the successes they achieve in terms of profit and profile (Chawki et al., 2024).

The national cybersecurity strategy does not take into account the decentralization of activities in the Metaverse, and its adopted measures are still far from the level of effective detection or the search for traceability paths of criminals’ transactions in the Metaverse. We found during our review of Morocco’s national cybersecurity strategy that it did not specifically address the topic of the Metaverse, as it did not allocate frameworks or standards directly and specifically discussing the challenges and issues arising from this new space. In this sense, Paulé’s (2023) argumentation can support our ideas by answering the question of why specific frameworks related to the Metaverse are still absent in our national cyber strategy, while it is well-defined and present in the national cyberspace strategy in France, and the chapters and paragraphs addressing the Metaverse in the national strategy have been present for years, which can serve as an incentive for Moroccan researchers and strategists to draw inspiration from it and take it into account when developing specific plans for the Metaverse.

We have noted in our analyses that Morocco is still in the initial development process of its infrastructure, which imposes particular priorities and privileges in terms of spending and financing. Morocco, in this regard, is dedicating efforts to basic infrastructure while postponing the challenges of advanced technologies and the specific threats of the Metaverse. Morocco is currently dedicating efforts to strengthening the newly established frameworks aimed at enhancing the enforcement of the law and institutional presence in the cyber domain, where the activation of specific devices and mechanisms to detect cyber threats in the Metaverse, particularly those fuelled by AI, are not yet priorities in Moroccan cyber agendas (CNDP, 2022). However, the increase in funding and the equitable distribution of resources in terms of training, detection, regulation, etc., are considered an asset to improve the country’s preparedness against evolving and innovative cyber threats in the Metaverse.

In the field of comparison, it can be said that Morocco’s cyber strategy in cyberspace is still far from addressing the challenges and issues arising from the Metaverse as a new space generating threats and dangers. At the European level, Metaverse users are increasingly protected by specific standards for accessing and verifying virtual data, and the United States has also begun to establish specific standards aimed at protecting users, whether they are economic actors or ordinary individuals in the Metaverse (European Commission, 2021). For this reason, Moroccan researchers, including decision-makers, are all invited to broaden their vision of the Metaverse not only as a space of enjoyment and pleasure but also as a space of dangers and perils. Moroccan strategists are also encouraged to innovate in the field of standards and frameworks aimed at regulating the use of the Metaverse’s potential, including the establishment of a cooperation framework regarding the issues and challenges arising from the Metaverse. In this context of debate, stakeholders must also develop specific frameworks of ethics and trust as essential elements to make access and transactions in the Metaverse safer.

In terms of dynamics:

We therefore know that the Moroccan cyber strategy suffers from several weaknesses in the face of developments in the Metaverse and can no longer cope by using traditional and general frameworks to address the challenges and issues arising within the Metaverse. We proceed in this regard, based on the elements we have identified, to highlight the difference between the challenges of the Metaverse and the rigidity of the frameworks in the Moroccan cyber strategy, by critiquing this strategy in terms of alignment, collaboration, awareness, and ethics.

Blockchains, cryptocurrencies, transactions, and decentralized organizations characterize and constitute the Metaverse, and inherently impose additional challenges on national cybersecurity strategies, particularly for states and their cybersecurity capabilities. This requires the permanent presence and continuous renewal of cybersecurity frameworks and mechanisms, as well as regular reviews of the national cybersecurity organizational chart to harmonize internal efforts with advancements and innovations in cybercrime within the Metaverse. Although Morocco is fully integrating into relevant initiatives for collaboration and improving cybersecurity levels. However, the vigilance of users and stakeholders still seems to be at risk during immersive experiences (VR/AR) and requires the presence of robust frameworks to protect the virtual identities and digital assets of stakeholders and users (Ibahrine, 2004). Drawing inspiration from European frameworks, Morocco should support the alignment of its cybersecurity strategy with the latest developments in this field by strengthening protocols and updating regulations and frameworks that specifically organize access and use of the Metaverse, rather than treating it as a component of the entire digital space.

The experiences of developed countries also provide us with an example of the necessity of cooperation and its role in building trust within this space that is still being composed and created. As part of Morocco’s national cybersecurity strategy, the country has concluded several agreements and conventions of various natures with international and regional organizations to strengthen its presence and confidence in its cybersecurity measures on the international stage. However, we have observed that specific agreements concerning the Metaverse and decentralized and cross-border transactions are still absent from the agendas of Moroccan decision-makers, and the country’s efforts in this area remain limited. Cooperation with private sector actors also seems very relevant and important to strengthen these processes, not only through coordination with public organizations, where international companies mastering these Metaverse technologies can play an important role thanks to their experiences in the organization and governance of these emerging technologies, as well as their technical expertise in combating cybercrime (El Amrani, 2023).

Awareness is also an essential issue to reconsider, although Morocco emphasizes the aspect of user education and awareness in its national cybersecurity strategy to avoid the impacts of cybercrime and strengthen trust in this space (National Defense Administration of the Kingdom of Morocco, 2020). However, the efforts at this time, despite the multiplication of initiatives and decisions, are not able, due to the lack of initiatives specifically directed towards the Metaverse, to counter the transformative and innovative criminal expertise in the Metaverse. This also requires specific initiatives in the field of education and awareness to strengthen the cyber awareness of citizens and all other users and actors regarding the impacts of cybercrime in the Metaverse and to enable the adoption of preventive measures against emerging threats in the Metaverse (Benmouss et al., 2024).

The Metaverse also exposes problems and demonstrates its weakness in protecting privacy and the secure flow of data, as the methods of receiving, circulating, and storing data within the Metaverse raise many questions and challenge the ability of traditional frameworks and internal laws to regulate and manage the situation. The contemporaneity of the Metaverse and the novelty of its emergence raise questions about its capabilities and potential for security in managing fundamental, massive, and diverse data stored within the infrastructures of this space, far from the turmoil in the digital space and the emerging professionalism in the field of cybercrime. Based on our perspective in this study, we believe that Morocco should develop agile frameworks in this regard, where privacy, data security, and the assurance of fundamental freedoms and rights should also be taken into account, while not missing the international race for technological advancements to acquire technological potentials. This means that the development of frameworks and standards should no longer be an obstacle to the adoption of innovative technological devices or a delaying factor in Morocco’s integration into related global initiatives. It can also be agreed that this must respect Morocco’s commitments to its global partners regarding the protection and respect of access, circulation, and expression rights, or it must in no way disrupt the responsible and ethical use of this technology.

REFERENCES

Chawki, M., Basu, S., & Choi, K. (2024). Redefining Boundaries in the Metaverse: Navigating the Challenges of Virtual Harm and User Safety. Laws, 13(3), 33. https://doi.org/10.3390/laws13030033

Directorate General for Information Systems Security (DGSSI). (2023). Annual Report on National Cybersecurity Initiatives. Rabat: DGSSI Publications. https://www.dgssi.gov.ma/en/publications

CNDP. (2022). Report on Digital Privacy and Data Protection Initiatives in Morocco. Rabat: National Commission for the Control of Personal Data Protection. https://www.cndp.ma/traitement-des-donnees-personnelles-au-maroc/

Ibahrine, M. (2004). Towards a national telecommunications strategy in Morocco. First Monday. http://dx.doi.org/10.5210/fm.v9i1.1112

Benmoussa, K., Laaziri, M., Amrani, A. E. a. E., & Diouri, M. (2024). The Transition of the Moroccan University to a Digital and Intelligent University: An Overview. In Lecture notes in networks and systems (pp. 435–445). https://doi.org/10.1007/978-3-031-54664-8_37