Tuesday, May 21, 2024

Tech News, analysis, updates, comments, reviews

The state of Cyber Security in Kenya

Cyber Security in Kenya
Cyber Security illustration

The regulatory authority responsible for ICT, and specifically CyberSec in Kenya is the Communication Authority (CA) of Kenya. It was founded in 1999. It’s the body mandated with developing our cyber security management framework.

Kenya’s national point of contact on Cyber Security matters is the National Kenya Computer Incident Response Team – Coordination Centre (National KE-CIRT/CC), a multi-agency collaboration framework which is responsible for the national coordination of cyber security.

In May 2018 the Kenyan government responded to cyber breaches and other high profile cyber attacks by signing the Computer and Cyber Crime Act into law. This seems a strange decision, since legislation already exists that deals with these issues.

The Kenya Information Communication Act and the Penal Code and its regulations already criminalized several cybercrimes. It might have been amended to, for instance, increase the penalties for certain crimes. Instead its provisions have been superseded by the Computer and Cyber Crime Act. 

The newly unveiled National Computer and Cybercrimes Coordination Committee (NC4) has been tasked with cracking down on misuse of social media especially as the country approaches the General Election in 2022.

The NC4 has its roots established within the legal framework of the Computer Misuse and Cybercrimes Act (CMCA). The CMCA designates offences relating to computer systems and provides a framework to enable timely and effective detection, prohibition, prevention, response, investigation, and prosecution of computer and cybercrimes. Initially enacted in May 2018, the CMCA was immediately challenged before court by the Bloggers Association of Kenya (BAKE) on grounds that the provisions of the CMCA were unconstitutional. In February 2020, the challenged provisions were determined to be constitutional by High Court Judge James Makau. Disconcertingly, the courts have failed to successfully prosecute any individuals suspected of committing offences under the CMCA, despite Kenya experiencing an 11.9% increase in cyber threats since February 2020.

Kenya boasts the third-highest number of internet users on the continent. As such, it is no surprise that cyberattacks are a relatively common occurrence in the country. During the first seven months of 2020, Kenya accounted for a massive 50 percent of the total cyberattacks in Africa according to Kaspersky, a cybersecurity firm.

As the Kenyan population becomes ever more reliant on internet and communications technology (ICT), so too does the country’s critical infrastructure. Although this trend dramatically increases efficiency, it also increases the vulnerability of critical infrastructure to “costly, disruptive cyber attacks.” Kenya’s Mombasa port, a linchpin of the economy, is an especially enticing target (as well as an increasingly vulnerable one) for cyberattacks launched by either criminal elements seeking a massive payoff or state-supported actors hoping to hobble the Kenyan economy.

Policy Recommendations

The objectives of Kenya’s national cybersecurity strategy rightly prioritize public-private cooperation and the need for coordination in developing and implementing cybersecurity protocols. However, the national cybersecurity strategy falls short in a significant area: There is not a standardized timeline for the regular renewal of the strategy. The current strategy states that it should be “refresh[ed] as required.” Although better than a static document, there is a real need for an established and time-specific process for reworking the strategy (perhaps every four to five years). This process is especially important given the constantly and rapidly changing cyber threat environment.

The Kenyan government should also provide incentives for private sector stakeholders involved in critical infrastructure like the port of Mombasa to prioritize cybersecurity as they continue to modernize. Although there is a natural incentive for companies to implement effective cybersecurity measures to protect against revenue loss, this can be outweighed by the rush to modernize (and thus increase efficiency and potential profits). As a result, it is important that the government work to ensure that companies overseeing critical infrastructure or working with the government adhere to cybersecurity protocols.

Given the constantly advancing cyber capabilities of both nation states and non-state actors, Kenya faces a major challenge in protecting its sensitive information and interests. There are a multitude of actions that the government could take to mitigate this constant threat. Particularly, the government should reduce the vulnerability of its supply chain to software and hardware that are especially well suited for cyber espionage. This could be addressed by conducting frequent supply chain risk assessments to identify products, services, and companies that may pose a risk to cybersecurity. These assessments should be shared with key stakeholders throughout the government.

#knowYourSecurity #cybersecurity #ca


Please enter your comment!
Please enter your name here

Get notified whenever we post something new!


Migrate to the cloud

Make yourself future-proof by migrating your infrastructure and services to the cloud. Become resilient, efficient and distributed.

Continue reading

Google I/O 2024 Unveils the Future?

Google I/O 2024 was an impressive showcase of how Google continues to push the envelope with artificial intelligence. This year's event introduced significant advancements across multiple services and platforms, demonstrating Google's commitment to an AI-first future. Below, I try...

On-Premises vs. Cloud Security

As usual, we begin by championing cybersecurity. It stands as the foremost concern for organizations striving to safeguard their sensitive data and digital assets. Among the many strategies available, two dominant paradigms have emerged: on-premises security and cloud security....

Regulation Insights from Starlink’s in Zimbabwe

In recent times, the journey of Starlink, Elon Musk's ambitious satellite internet venture under SpaceX, has been marked by regulatory challenges, particularly in Zimbabwe. Meanwhile the Posts and Telecommunications Regulatory Authority of Zimbabwe (POTRAZ) issued a directive instructing Starlink...

Enjoy exclusive discounts

Use the promo code SDBR002 to get amazing discounts to our software development services.