KICTANet Cybersecurity round table

Introduction

The Kenya ICT Action Network (KICTANet) in partnership with Global Partners Digital (GPD) with the support of the government of the United Kingdom held a well-attended Roundtable meeting themed Cybersecurity in Kenya: Priorities for 2019, which took place on Tuesday, 19 March 2019 at the Sarova Panafric Hotel in Nairobi.

Meeting Objective and expected Outcome

The overall objective of the roundtable was; to increase local stakeholder awareness of Cybersecurity issues, and to identify common Cybersecurity priorities for Kenya in 2019. The discussions also included a broad overview of the current state of play in Cybersecurity globally, regionally and in Kenya; while providing space to identify stakeholder common priorities and to make recommendations for the year ahead.

Context

Cybersecurity continues to be a concern not only for the government, but also is an important issue for private sector companies and groups, the technical community, academia, civil society groups and other non-governmental actors given its enormous implications for information security, critical infrastructure, economic prosperity, public safety as well as their relations with other countries.

From a policy and legal perspective, Kenya has enacted the 2006 ICT Policy, the ICT Master plan, 2014 - 2017 and the National Cybersecurity Strategy, 2014, the Kenya Information and Communications Act, and the Computer Misuse and Cybercrimes Act, 2018. There is also a Senate Data Protection Bill – 2018, a draft National Broadband Strategy 2019, and a draft Data Protection Bill and Policy currently under development. Further, the draft ICT Policy developed in 2016 is yet to be adopted.

Despite this progress, the country continues to experience challenges in the realm of cybersecurity. Key concerns include: third-party misuses or shares of confidential data; malware attacks and disruption of business processes; data breaches; and attacks on IT infrastructure resulting in downtime. The key challenges include among others: insufficient technical, investigation, prosecutorial and judicial capacity of law enforcement agencies; low levels of public awareness on security; outdated laws, policies and strategies; weak internal security practices and standards in key institutions; poor detection and reporting of attacks; and, weak coordination among relevant agencies, industries and institutions.

Across the globe, cybersecurity is gaining traction and countries are taking strides to address the emerging challenges. Measures being adopted include the development of policies, strategies and legislation; establishment of response teams for cybercrimes; formation of multi-agency institutions to promote collaboration; providing funding for cybersecurity programs and initiatives; implementing enhanced security practices and standards; enhancing penalties for cybercrimes; addressing threats to critical infrastructure; investing in workforce capacity building; and, promoting end-user education on cybersecurity.

Kenya therefore needs to develop and promote forward looking and responsive policy and legislative environment with cutting edge strategies, designed to promote confidence and integrity of its information systems. Cybersecurity is everyone’s responsibility. Guaranteeing cybersecurity is a role that cannot be left to the government alone, as all relevant stakeholders have a role to play based on their respective mandates. Therefore, the development and implementation of policies, laws and strategies on cybersecurity can only be effective when done through multistakeholder approaches. A multistakeholder approach recognizes the essence of public participation, and is designed to ensure that cyber-policy making processes are open, transparent, inclusive and value-based.

This roundtable provided a platform for discussion, streamlined stakeholder inputs and refined national priorities to ensure Kenya becomes a regional ICT hub.

Attendees

KICTANET Cybersecurity roundtable stakeholder distribution

Meeting outcomes:

The key note speech was given by Hon William Kipsang, Member of Parliament for Marakwet West, and Chairman of the Communication, Informational and Technology committee of National Assembly. He encouraged government security organs to attend such forums to gain knowledge. He urged participants to engage in public participation when enacting laws, instead of challenging legislation once it has been passed. He gave an example of the  Computer Misuse and Cybersecurity Act of 2018 where a Judge suspended 26 clauses, while such issues could have been resolved earlier. He also stated the need to operationalized Article 10 of the Kenyan constitution, where a law needs to be enacted on public participation.

He also challenged the government to operationalize the draft ICT policy 2016. He stated that Parliament Priorities for 2019 were enactment of the Data protection law, and the critical infrastructure law.

He challenged KICTANET to be a leader on emerging issues to protect the public from cybersecurity threats through sensitization, and advocacy. This will lead to better policies. The MP ended by giving commitment that Parliament is open to engagement from all stakeholders.

A full report on the meeting will follow shortly.