Reassuring investors on Kenya’s cyber security strategy
The adoption of digital technologies has also seen an increase in cybersecurity threats and risks. This has been largely due to the rapid adoption of the digital systems, remote working without adequate attention being paid to the security of computer systems as well as increasing awareness of people on the appropriate measures to protect themselves online from cyber threats and risks. Further, cyber criminals have exploited vulnerabilities in systems leading to rising cases of cybercrimes, online child sexual exploitation, online terrorism and violent extremism, technology-based violence against women.
Kenya is one of the African countries where digitalization is on the rise, especially in the financial sector where digital financial services are being taken up rapidly. Digitalization in the country has enabled inclusion and access to financial services. For example, Safaricom’s M-Pesa stands out as a prominent mobile money success story. Moreover, Fintech’s have been able to establish creative business models using payments systems or platforms hosted by commercial banks thanks to digitization. However, even with this success, there is still the possibility that weaknesses in the systems resulting from technical breakdowns or malfunctions, human error, or cyber-attacks, could lead to widespread losses.
Since the start of the COVID-19 pandemic, cybersecurity risks in the financial sector have increased, with cybercriminals targeting banks, financial institutions, and fintech companies. Accordingly, the importance of cybersecurity in the Fintech sector cannot be overstated. It is therefore increasingly important for all relevant stakeholders to be prepared to counter cyber risks and threats and ensure cybersecurity for people accessing digital financial services. More importantly, measures to promote cybersecurity should not ignore the critical role of human beings. Human rights should feature in tackling cybercrime and promoting cybersecurity. Hence, there is a need to mainstream meaningful consideration of human rights into cyber security programmes and shift the dynamic towards a human-centered security.
The Republic of Kenya identifies cybersecurity as a national economic and security challenge. The most prevalent cybersecurity challenges in Kenya include exploitation of the new operating environment by adversaries to conduct war like activities such as disruption of operations of critical infrastructure. Most ICT infrastructure and users in the Republic of Kenya have prioritized efficiency, cost and convenience and overlooked security during development and implementation. Interconnected ICTs have inherent vendor/manufacturer vulnerabilities that can be exploited by adversaries and expose Kenyan citizens, businesses and government to global threats.
Despite a growing number of incidents, governance of cyberspace has remained uncoordinated with no clear structure. While Kenya has enacted various policies and laws, regular review and update is necessary in order to effectively address emerging risks and threats. Further, cybersecurity awareness of government employees and the general public is assessed to be low thus increasing susceptibility to cybersecurity threats. On the other hand, Kenya increasingly continues to face cybersecurity threats leveraging on the above-mentioned challenges. Nation states and corporate entities have used cyber spying to gain access to sensitive data for financial gain, political reasons and to gain competitive advantage.
As Information Communication Technologies become more interconnected, systems become susceptible to sabotage through deliberate and malicious acts that may disrupt normal processes and functions or destroy equipment and information. Similarly, Cyber subversion through propaganda, fake news and misinformation may undermine trust in the government, authority and competence of leaders thus posing a threat to Kenya’s stability. In addition, terror groups continue to leverage on ICTs (virtual private networks, internet, global applications, social media platforms and websites) for recruitment, radicalization, incitement, financing, training, planning and execution of attacks. Also, there has been an increase in cyber fraud cases through banking, sim swaps and online scams such as digital Ponzi schemes, job scams, fake websites & lotteries, Crypto and Forex Scams, “Tuma kwa Hii Namba” syndicates among others
To facilitate actualization of the government’s cybersecurity initiatives, and address the above challenges and threats, this Strategy aims to enhance institutional framework for cybersecurity governance and coordination; strengthen cybersecurity policy, legal and regulatory frameworks; enhance the protection and resilience of Critical Information Infrastructure; strengthen cybersecurity capability and capacity; minimize cybersecurity risks and crimes and foster national and international cooperation and collaboration. The government will spearhead its main responsibility of defending the Republic of Kenya’s cyberspace from all threats, to protect Kenyan citizens and the economy from harm, and to establish domestic and international frameworks to safeguard national interests, protect fundamental rights, and prosecute offenders.
Critical Information Infrastructure owners and operators, businesses and organizations in Kenya have the obligation of implementing measures to protect their critical systems and services by adopting a risk-based approach towards cybersecurity, managing vendor cybersecurity risks, adopting minimum cybersecurity baseline standards and supporting the government through reporting and response to cybersecurity matters
Kenya Cybersecurity Strategy 2022 development and implementation process entailed five phases; initiation, stocking and analysis, production, implementation and Monitoring and Evaluation in line with Kenya’s public policy formulation approach and international best practices. National Computer Cybercrimes and Coordination Committee (NC4) initiated the Strategy formulation by establishing the National Cybersecurity Strategy Steering Committee who developed a work plan with major steps and activities, key stakeholders, timelines, human, and financial resource requirements. During stocking and analysis, the national cybersecurity capacity status was used to collect data on the strategic national cybersecurity posture and risk landscape that informed drafting of the Strategy.
The following are the goals of the Strategy:
1. Enhance Kenya’s institutional framework for cybersecurity governance and coordination.
2. Strengthen cybersecurity policy, legal and regulatory frameworks.
3. Enhance the protection and resilience of CIIs.
4. Strengthen cybersecurity capability and capacity.
5. Minimize cybersecurity risks and crimes.
6. Foster national and international cooperation and collaboration.
