Last week, government websites were hit and defaced by hackers. It wasn’t the first time, nor would it be the last time. This, unfortunately, is the nature of cyberspace.
During the last attack two years ago, I wrote about some of the interventions we could put in place to prevent or limit the damage arising from such attacks.
I am not in any position to tell if any of these interventions are in place. However, judging from the speed at which the affected websites were recovered and restored, it does imply some sense improvements.
The philosophy behind cyber security is that eventually one or two attacks will go through, however much you invest in preventive measures. So the idea is to ensure that you equally invest in containment and recovery strategies.
Resilience, a measure of how well an organisation or a country is able to recover from attacks with minimal loses, is actually more important than thinking you can block all existing threats.
The only system that can actually prevent or block all existing cyber threats is one that has been disconnected from the Internet, switched off and placed back into its original delivery boxes. In other words, a system that is not useful or functional.
So the true measure of cybersecurity is about how you can quickly spring back into operation after an attack that in any case will happen sooner rather than later.
Essentially, Kenya must have a standby team of cybersecurity experts that can be called to action to react and contain incidences as and when they occur. Pretty much in the same line as we have the elite Recce squad of the General Service Unit do deal with and neutralise terror attacks.
Such a cyber squad should have both defensive and offensive capabilities to go after repeat offenders – as it seems to be the case in this instance where we have been hit by hackers from Indonesia.
Essentially, we should be able to monitor and hit the hackers even before they hit us or at least follow them to their hideouts and serve some justice to them – technically and legally.
Kenya now has a Cybercrime Act that was enacted last year to provide a legal framework for pursuing international hackers through mutual assistance with foreign countries.
Whereas this is a good provision, legal processes tend to take their time and so Kenya must be in a position to return technical firepower to offending hackers or nation states.
We must send a clear signal to the world that if you attack the Kenyan cyber resources, whether public or privately owned you should expect a quick and possibly fatal response.
We cannot be investing heavily in creating a digital economy, without increasing both our defensive and offensive capabilities in cyberspace. The more digital our economy becomes, the more vulnerable we become to these cyber attacks.
The 2018 Cybercrime Act has a provision for the creation of the National Computer and Cybercrime Coordination Committee that sought to harness talent and cyber experiences across both private and public sector.
It is not clear if this institution is up and running but it would be best placed to start putting together what would eventually become our defensive and offensive capability in cyberspace.
Whereas we cannot avoid being hit the next time, we should at least show some measured firepower to whoever will hit us and provide a valuable lesson to those who plan to attack us in future.
Mr Walubengo is a lecturer at Multimedia University of Kenya, Faculty of Computing and IT.
Email: [email protected], Twitter: @Jwalu