Cybersecurity Policy Brief: Kenya Told to Enhance its Detection, Response in Combating Cyber Threats

Cybersecurity Policy Brief: Kenya Told to Enhance its Detection, Response in Combating Cyber Threats

Grace Githaiga, Co-Convenor, KICTANet making a presentation on the ICT policy brief unveiled on Thursday.

The goal of this policy brief is to provide a snapshot of the current state of policy, legal and institutional framework for cybersecurity in Kenya, with a view to informing actions by state and non-state actors

With the increased adoption of ICT systems across almost every sector in Kenya presents significant cybersecurity threats to them.

“Unfortunately, and even as there is an upward increase in the adoption of ICTs, institutions have not prioritized cybersecurity as a risk,” according to the Kenya ICT Action Network (KICTANet).

The network says Kenya is yet to put in place an appropriate policy, legal and institutional framework to tackle the emerging cybersecurity threats.

A new policy brief from KICTANet authored by Grace Githaiga, Co-Convenor, KICTANet and Victor Kapiyo, Partner  Lawmark Partners LLP, calls for the establishment and implementation of an effective policy, legal and institutional framework to detect, respond and combat cyber threats and build resilience in the country.

The brief notes the government of Kenya has embraced digital finance and online self-service platforms as an avenue for service delivery. Since the adoption of its first National ICT Policy in 2006.

And despite increased attention to cybersecurity in the country over the last decade, the cybersecurity threats remain. They attribute this to firms relying on outdated technologies and obsolete systems and applications that are inherently vulnerable.

Lack of a comprehensive legal and policy framework; and continues to struggle with limited cybersecurity capacity, including in the coordination of key state and non-state actors on cybersecurity matters.

Further, the ever-increasing number of internet-enabled devices and security-related concerns around big data, data analytics, artificial intelligence, cyberwar or conflict, the internet of things and privacy in a borderless internet remain potent risks areas.

“The goal of this policy brief is to provide a snapshot of the current state of policy, legal and institutional framework for cybersecurity in Kenya, with a view to informing actions by state and non-state actors,” they state.

In the brief that will be validated during a round table meeting on Cybersecurity in Kenya on Thursday, they say Kenya’s global competitiveness and leadership in the region including as an ICT hub will depend on its ability to deploy ICTs in all aspects and sectors of its economy.

“Consequently, building confidence in the use of ICTs requires the acknowledgment by all stakeholders that cybersecurity is a shared responsibility. Policies and strategies alone will not guarantee the desired outcomes. The effectiveness of the measures will depend on how ICT policies are developed, implemented and progress monitoring.”

The roundtable meeting is being held in partnership with Global Partners Digital (GPD) with the support of the government of the United Kingdom.

The overall objective of the roundtable is to increase local stakeholder awareness of cybersecurity issues and to identify common cybersecurity priorities for Kenya in 2019. It is a follow-up to a similar meeting held in March 2019.