It is very interesting that President Uhuru Kenyatta’s Twitter account was compromised during the same week that KICTAnet, a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation, held a workshop on the state of play of cyber security in Kenya.
In a workshop attended by high-level dignitaries from the government, Parliament, operators, regulators, academia, media, judiciary, info-security professionals amongst others, KICTAnet sought to map out the cyber security landscape in Kenya.
Very interesting insights arose and we shall go through some of them to get a feel of what is happening in Kenya in as far as cybersecurity is concerned.
From a legal point of view, Parliament passed the Computer Misuse and Cybercrime Bill 2018 to provide a legal framework to handle cybercrime. Whereas several sections were contested and are now in court for adjudication, the Cybercrime Act sets a baseline from which Kenya can begin to deal with cyber-related criminal acts.
Participants however noted that having cyber laws was not enough, particularly in light of the fact that the capacity of the judiciary to adjudicate cyber related crimes is still wanting.
Even the investigation and prosecution of cybercrime still needs a lot of capacity building.
Several members cited cases where police consider cybercrimes such as cyber bullying, identity-theft amongst others as being 'low priority' compared to the more traditional offline crimes such as burglary, robbery or terrorism.
In terms of securing the public sector services, it was noted that there was a national cyber security strategy in place and several information security standards under development that inform and guide public sector cyber security practices.
Additionally, there are several Computer Incident & Response Teams (CIRTs), one operated by the regulator and the other by Telco operators to actively respond to attack within the Kenyan cyberspace.
However, participants felt that the 2014 National Cyber security strategy maybe outdated given the rapid developments in the nature and profile of cyber threats.
Furthermore, a more coordinated approach between the government-run CIRT and the private sector run one would have presented a stronger framework for protecting the Kenyan cyberspace.
The capacity and number of personnel within the information security sector was also discussed, out of which the question of who is a Cyber security professional - particularly from the perspective of presenting authoritative evidence in a court law arose.
Whereas several universities have started offering specialized courses in cyber security and forensics, it was noted that the discipline is forever evolving and requires research-oriented graduates to address this dynamic.
Consequently, an info-security employee who graduated ten years ago and is not actively researching to upgraded their skills will be of no value to an organisation that continues to face emerging arrays of cyber threats.
Kenya therefore needs to up its game in order to address a myriad of legal, institutional and capacity challenges within the cyber security domain.
Additionally, as one panellist noted, there is need to inculcate the ethical values within the Kenyan population. This way, we also include pre-emptive strategies to cybercrime rather than focusing purely on the traditional re-active strategies.
Mr Walubengo is a lecturer at Multimedia University of Kenya, Faculty of Computing and IT.
Email: [email protected], Twitter: @Jwalu