In the sinuous jumble of the Horn of Africa, where history considers heavily on present day politics, Ethiopia’s approach to diaspora engagement and border security presents a knotty inconsistency. Ethiopia maintains a relatively strict visa policy for foreigners, however its internal mechanisms for documenting contain vulnerabilities that could undermine national security. The much debated wider identification system is potential trouble spot in a region where historical mistrust among neighbouring nations runs deep. To ignore the gaps in this system is to risk a crisis that could destabilize Ethiopia’s internal security.

Ethiopia is actively pursuing a path of digital transformation and stronger border security, recognizing the modern threats to national stability. However, this very transition can create new points of weakness if not accompanied by comprehensive safeguards. A key prudent move has been the active transition away from international applications in favor of domestically developed alternatives. This initiative, led by the Information Network Security Administration, aims to safeguard sensitive national data and reduce reliance on foreign-owned technologies, thereby enhancing digital sovereignty.

This push for technological self reliance is an expedient response to digital vulnerability. Furthermore, the country’s security apparatus, particularly the National Intelligence and Security Service (NISS), has broadened its focus to include cyber security responding to the growing threat of digital attacks . Even with these efforts, a consequential gap remains. According to an INTERPOL report cited in regional analysis, Ethiopia was identified as the most targeted country globally for malware attacks in 2024. This ruffle statistic acme the extensive digital vulnerabilities within one of Africa’s rapidly digitizing economies, where critical infrastructure remains exposed.

The potential dangers of having a compromised identification system are not just theoretical. The experiences of neighbouring countries in the region offer a clear cautionary tale for what can happen when such systems are exploited.

In Kenya, a situation developed over decades where an estimated 40,000 Kenyan nationals of Somali ethnicity were incorrectly registered as refugees in the UNHCR database. This occurred when individuals including children were registered by adults seeking access to aid and services in refugee camps during times of hardship. The consequences were severe and long lasting. Because the Kenyan government cross-checks all national ID applicants against the refugee database, these Kenyans were systematically denied their citizenship documents.

While this primarily affected Kenyan citizens, the case illustrates how a database intended for managing a foreign refugee population can be misused, leading to a large-scale crisis of identity and belonging. A separate case from the United States further shows the national security dimension. A Somali national with familial ties to a high-ranking member of the foreign terrorist organization ISIS-Somalia was sentenced for asylum fraud after she intentionally failed to disclose this connection in her application. This example shows how individuals with ties to hostile groups can seek to exploit vulnerabilities in immigration and identity systems to gain a foothold in a country.

The historical and political mistrust among nations in the Horn of Africa acts as a force multiplier for these risks. In an environment of geopolitical strife, digital and bureaucratic vulnerabilities are not just accidental weaknesses but can be seen as strategic targets. The cyber domain has already become an extension of traditional geopolitical conflicts. For instance, in June 2020, the Ethiopian Information Network Security Agency  thwarted a cyber attack from an Egypt-based actor known as the Cyber-Horus Group, which was designed to exert economic, psychological, and political pressure on Ethiopia concerning the filling of the Grand Ethiopian Renaissance Dam. This demonstrates how cyber operations are weaponized in regional disputes. When such tensions exist, the incentive for state and non-state actors to probe, infiltrate, or manipulate a neighbouring country’s identification systems increases.

The goal could be to foster internal instability, enable espionage, or create a pool of individuals with legal status who can act on behalf of a foreign power. The result is that a domestic administrative issue transforms into a direct national security threat, blurring the lines between internal social cohesion and external defense.

Addressing this challenge requires move purely technical solutions towards a more holistic strategy that builds resilience in both digital systems and the social fabric. The core of the effort lies in viewing cyber resilience not as a technicality, but as a fundamental pillar of national security and sovereignty. This means that as Ethiopia continues its digital transition, commensurate investment in robust cyber security infrastructure, legal frameworks, and skilled human resources is paramount to protect critical government and identification systems from exploitation.

Simultaneously, building societal resilience is crucial. This involves initiatives to foster media literacy and social cohesion to counter the disinformation and hate speech that can exacerbate and create fertile ground for external manipulation. The establishment of a specialized, cross-agency task force dedicated to monitoring disinformation and deploying verified counter-narratives. Such a body could play a role in identifying and countering malicious narratives designed to erode trust in national institutions, including identity systems. Ultimately, the objective is to create an environment where digital tools empower citizens and strengthen the state, rather than creating vulnerabilities that can be weaponized by those who seek to undermine it.

By Samiya Mohammed, Researcher, Horn Review