By Mwendwa Kivuva,
For the past three years, the Communications Authority of Kenya (CA) has organised the conference as a way of commemorating October as cybersecurity month.
In his keynote speech, the CA Director General Ezra Chiloba assured participants that one of the greatest opportunities is ensuring all citizens are connected to the internet because the digital space is the future. In addition, the Universal Service Fund (USF) would be used to increase connectivity, especially for the marginalised. This vision by CA aligns with KICTANet’s mission of advocating for increased meaningful affordable internet access through the Community Networks program which provides complementary internet access for marginalised communities, peer learning, and knowledge management of what each network is doing.
Mr Chiloba also indicated that telecom providers had complied with the subscriber Sim Card Registration process, with Safaricom having a compliance rate of 92% from 55% in January 2022, and Airtel from 42% to 81%. The registration is expected to reduce the number of cyber crimes conducted through cellular networks.
One of the success stories for the 2022 General Elections – where KICTANet deployed tech observers in counties across Kenya – is that CA guaranteed 100% electronic transmission of presidential elections which was achieved. CA also guaranteed the security of the election systems and no cyber security breach was experienced.
Adam Lane of Huawei observed that sharing information and building capacity and increasing the skills of organizations and individuals are extremely important. He backed the multistakeholder model championing a holistic ecosystem approach in addressing cybersecurity challenges and sharing best practices.
Andy Chadwick, the head of Africa Cyber Network, at the UKAid (Foreign, Commonwealth & Development Office), one of KICTANet’s strategic partners, reaffirmed the UK government’s commitment to collaborate with all actors including in implementing the National cybersecurity blueprint. He called on all actors to cooperate, and build capacity and skills to counter cyber threats.
We should work on Cooperation, building capacity and skills to counter cyber threats. – @AndyChadwickUK, Head of Africa Cyber Network at the @FCDODigital pic.twitter.com/KEoE3msjOO
— KICTANet (@KICTANet) October 17, 2022
Dr Vincent Ngundi, the CA Ag Director, Cyber Security and E-commerce outlined the trajectory of attack vectors in Kenya. According to the KE-CIRT sector statistics, the most common attack vectors are Disinformation, Misinformation and Malinformation; Ransomware; Phishing attacks; Denial of attacks; IoT devices attacks; and Critical vulnerabilities in cloud-based systems. With KICTANet being a member of the KE-CIRT, the Network will continue the dissemination of the cybersecurity risks faced by society and mitigation measures that can be taken.
KICTANet highlighted the work it has done with UKAid, CA, ICTA, KFCB, APDK, and ACWICT in training marginalised communities on Cyber Hygiene. The program trained 144 Community Led Trainers who went ahead to train 30,000 members of the society ranging from farmers, traders, and county government employees in Nairobi, and Laikipia Counties (Nanyuki, and Nyahururu). The program disseminated the key messaging to over 3 million users in Kenya through several platforms including radio and TV programs, and different social media platforms. Dr Paula Musuva, a KICTANet consultant, while giving her keynote on the Cyber Shujaa program that she champions reminded participants of the mnemonics STICK – Stop Think – Check! employed by the Tatua Cyber Hygiene program to always be alert and on the lookout for cyber Hygiene threats.
Of the many keynote addresses and panels, KICTANet participated in a session on the Roles and Responsibilities of a Cyber Security team. Some of the challenges faced in implementing different cybersecurity roles were cited as budgets, leadership understanding of the technical needs, and technical roles under the business and strategic needs of the organisation. Others are Capacity – tools – processes and procedures, and hiring according to business needs. The different roles identified are:
- Chief Information Security Officer: responsible for defining and outlining the organization’s security operations. They are the final word on strategy, policies, and procedures, and managing compliance in all aspects of cyber security within the organization.
- Director of incident response/Director of threat intelligence: oversees and prioritizes actionable steps during the detection of an incident.
- Security Manager: manages team members and coordinates with security engineers. S/he is responsible for creating policies and protocols for hiring and building new processes and setting the scope of new security development projects.
- Incident response manager: oversees and prioritizes actions during the detection, analysis, and containment of an incident. Responsible for conveying the special requirements of high-severity incidents to the rest of the company.
- Security Engineer: maintains tools, recommends new tools, and updated systems. S/he documents requirements, procedures, and protocols to ensure that other users have the right resources.
- Security Analyst: the first responder to incidents or the soldiers on the front lines fighting against cyber attacks and analyzing threats. S/he detect threats, investigates those threats, and responds to them in a timely fashion. In addition, implements security measures as dictated by management assists with organizational disaster recovery plans, and is on-call to respond to incidents that arise outside of business hours.
Mwendwa Kivuva leads the Community Networks and Tatua Digital Resilience programs at KICTANet.
@MwendwaKivuva