Thursday, November 21, 2024

Tech News, analysis, updates, comments, reviews

The state of Cyber Security in Kenya

Cyber Security in Kenya
Cyber Security illustration

The regulatory authority responsible for ICT, and specifically CyberSec in Kenya is the Communication Authority (CA) of Kenya. It was founded in 1999. It’s the body mandated with developing our cyber security management framework.

Kenya’s national point of contact on Cyber Security matters is the National Kenya Computer Incident Response Team – Coordination Centre (National KE-CIRT/CC), a multi-agency collaboration framework which is responsible for the national coordination of cyber security.

In May 2018 the Kenyan government responded to cyber breaches and other high profile cyber attacks by signing the Computer and Cyber Crime Act into law. This seems a strange decision, since legislation already exists that deals with these issues.

The Kenya Information Communication Act and the Penal Code and its regulations already criminalized several cybercrimes. It might have been amended to, for instance, increase the penalties for certain crimes. Instead its provisions have been superseded by the Computer and Cyber Crime Act. 

The newly unveiled National Computer and Cybercrimes Coordination Committee (NC4) has been tasked with cracking down on misuse of social media especially as the country approaches the General Election in 2022.

The NC4 has its roots established within the legal framework of the Computer Misuse and Cybercrimes Act (CMCA). The CMCA designates offences relating to computer systems and provides a framework to enable timely and effective detection, prohibition, prevention, response, investigation, and prosecution of computer and cybercrimes. Initially enacted in May 2018, the CMCA was immediately challenged before court by the Bloggers Association of Kenya (BAKE) on grounds that the provisions of the CMCA were unconstitutional. In February 2020, the challenged provisions were determined to be constitutional by High Court Judge James Makau. Disconcertingly, the courts have failed to successfully prosecute any individuals suspected of committing offences under the CMCA, despite Kenya experiencing an 11.9% increase in cyber threats since February 2020.

Kenya boasts the third-highest number of internet users on the continent. As such, it is no surprise that cyberattacks are a relatively common occurrence in the country. During the first seven months of 2020, Kenya accounted for a massive 50 percent of the total cyberattacks in Africa according to Kaspersky, a cybersecurity firm.

As the Kenyan population becomes ever more reliant on internet and communications technology (ICT), so too does the country’s critical infrastructure. Although this trend dramatically increases efficiency, it also increases the vulnerability of critical infrastructure to “costly, disruptive cyber attacks.” Kenya’s Mombasa port, a linchpin of the economy, is an especially enticing target (as well as an increasingly vulnerable one) for cyberattacks launched by either criminal elements seeking a massive payoff or state-supported actors hoping to hobble the Kenyan economy.

Policy Recommendations

The objectives of Kenya’s national cybersecurity strategy rightly prioritize public-private cooperation and the need for coordination in developing and implementing cybersecurity protocols. However, the national cybersecurity strategy falls short in a significant area: There is not a standardized timeline for the regular renewal of the strategy. The current strategy states that it should be “refresh[ed] as required.” Although better than a static document, there is a real need for an established and time-specific process for reworking the strategy (perhaps every four to five years). This process is especially important given the constantly and rapidly changing cyber threat environment.

The Kenyan government should also provide incentives for private sector stakeholders involved in critical infrastructure like the port of Mombasa to prioritize cybersecurity as they continue to modernize. Although there is a natural incentive for companies to implement effective cybersecurity measures to protect against revenue loss, this can be outweighed by the rush to modernize (and thus increase efficiency and potential profits). As a result, it is important that the government work to ensure that companies overseeing critical infrastructure or working with the government adhere to cybersecurity protocols.

Given the constantly advancing cyber capabilities of both nation states and non-state actors, Kenya faces a major challenge in protecting its sensitive information and interests. There are a multitude of actions that the government could take to mitigate this constant threat. Particularly, the government should reduce the vulnerability of its supply chain to software and hardware that are especially well suited for cyber espionage. This could be addressed by conducting frequent supply chain risk assessments to identify products, services, and companies that may pose a risk to cybersecurity. These assessments should be shared with key stakeholders throughout the government.

#knowYourSecurity #cybersecurity #ca

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Get notified whenever we post something new!

spot_img

Migrate to the cloud

Make yourself future-proof by migrating your infrastructure and services to the cloud. Become resilient, efficient and distributed.

Continue reading

Concerns about the ICT Bill 2024 in Kenya

THis post has been updated after the attention it is gannering. The original post can be found here: https://web.archive.org/web/20240813033032/https://blog.blancorpsolutions.com/kenya/concerns-about-the-ict-bill-2024-in-kenya/ Kenya's tech industry has been a beacon of innovation and growth, thanks in part to a regulatory environment that has allowed...

What are the real intentions of tracking IMEI numbers?

Imagine if you had a magic map that could show you where all your favorite toys were at any time. Sounds pretty? Well, in Kenya, the government wants to do something similar, but with people’s phones. They plan to...

The Tor Project + Tails, A Game-Changing Merger for Privacy Advocates

In a significant development for digital privacy enthusiasts, the Tor Project and Tails have merged their operations, uniting two of the most trusted tools in the fight against online surveillance. This merger, announced this month, combines the power of...

Enjoy exclusive discounts

Use the promo code SDBR002 to get amazing discounts to our software development services.