Posted on: 28th October 2019
Cybersecurity meeting calls for expedition of Data Protection Bill and investments in more professionals
Increased investment in professionals with cybersecurity skillsets and expedition of the Data Protection Bill is needed to enhance the fight against cybercrime in the country.
Various speakers made the observations during the opening of a three-day National Cybersecurity 2019 Conference organized by Communications Authority of Kenya (CA). The summit is part of the ongoing Global Cybersecurity Awareness Month this October.
Lack of cybersecurity skillsets was cited as a major risk that makes government institutions, individuals and Kenyan businesses easy target for both local and international hackers by hampering the cybercrime analysis, prevention, detection and prosecution, which is a big hurdle.
Several researches have put the number of cybercrime professionals in the country between 16,000 and 17,000, against 52 million mobile subscriptions, 49 million data subscriptions and 32 million registered mobile money users.
The need to expedite the enactment of the Data Protection Bill, currently undergoing public hearing comes on the backdrop of increased cyber threats in the country. According to CA’s quarterly sector statistics for three months to June 2019, the number of cyber threats increased to 26.6 million up from 11.25 million translating to 136.4 per cent increase.
“You may be aware that the Data Protection Bill is under discussion and once enacted into law, it will help ensure consumer data is safeguarded against misuse. This will mark a big step in enhancing consumer confidence and trust in the use of ICT services, which we as a government greatly rely on to serve ‘mwananchi,” Dr Fred Matiang’i, the CS Ministry of Interior and Coordination of National Government said in a speech read on his behalf by Jerome Ochieng, the PS, State Department on Innovation and ICT.
CA acting Director General Mercy Wanjau said the growing number of threats must be checked.
“The situation calls for a paradigm shift in how organizations model their security strategies in a manner that gives increased priority to the security of their ICT ecosystems. If not well protected they stare at a huge risk of reputational damage, operational downtime and massive recovery costs associated with cyber attacks,” she noted.
The collection of data continues to rise with the fast industry developments, including Big data, Internet of Things, and many other emerging technologies.
At a policy level, the government is committed to creating enabling laws and regulations that will guide the sector. Most recently, the Government enacted the Computer Misuse and Cyber Crimes Act, although some aspects of the Act have been challenged in court, this law will go a long way in protecting Kenyans from misuse of ICT infrastructure and services.
The government also continues to enhance its collaboration framework with various local and international partners in order to strengthen the cybersecurity regulatory framework, and ultimately to facilitate the expeditious resolution of cybercrime and related activities.
Efforts are always on to harmonize Kenya’s Policy and Legal framework on Cybersecurity with international instruments. The government is currently reviewing the ICT Policy, National Cybersecurity Strategy and legislative instruments to align to international standards.
In order to enhance the security of Kenya’s cyber space, the government through CA has continued to operate the National Kenya Computer Incident Response Team – Coordination Centre (KE-CIRT/CC) for coordination and response to cyber threats in the country.
The National KE-CIRT/CC is also Kenya’s national point of contact for cyber security matters. Given the nature of the cyber space, the National KE-CIRT/CC works in collaboration with various stakeholders at the national level including law enforcement, the private sector, academia, the financial sector, and civil society, among others.
Kenya was ranked second in the Africa region, and 44th globally by the Global Cybersecurity Index (GCI). The GCI measures the commitment of countries to cybersecurity at a global level using four dimensions, including Capacity Building; Technical; Organizational Legal and Cooperation. The country has four sector CIRTs and one National CIRT.