Cybersecurity in Kenya: Priorities for a Post Covid-19 World

Thursday, 25 November 2021, Zoom
Theme: Building Back Better.

Introduction

The Kenya ICT Action Network (KICTANet) in partnership with the UK Government Digital Access Program is pleased to host a Roundtable meeting on Cybersecurity in Kenya: Priorities for a Post COVID-19 World, whose theme shall be Building Back Better. The event shall take place on Thursday, 25 November 2021, from 10.00 am – 12.00 pm, on Zoom.

Meeting Objective and Expected Outcome

The main objective of the meeting is to identify common cybersecurity priorities in a Post-COVID-19 world. Therefore, we will review the cybersecurity priorities identified in the previous roundtable meeting. The second objective is to consolidate stakeholder priorities to inform the country’s cybersecurity strategies. The expected outcome is an updated and shared understanding of Kenya’s cybersecurity priorities for the coming years.

Background and Context

In 2019 and 2020, KICTANet hosted roundtable discussions on Kenya’s cybersecurity priorities. Besides, we published a Policy Brief on Kenya’s Cybersecurity Framework in late 2019. Although the latest meeting was only one and a half years ago, we find ourselves in a different world today. The still ongoing COVID-19 pandemic accelerated the digital transformation to an extent hitherto unimaginable: Wherever possible, people started to work remotely from home, education went online, and digital tools were applied to curb the spread of the virus.

Since the pandemic struck Kenya, the number of Data/Internet subscriptions increased by 18.6 %, according to the sector statistics published by the Communications Authority. Not only did the exposure to cyber threats increase with the additional online communication, but much of these transformations happened in an ad hoc manner. Many employees had to work on their personal devices (BYOD) or using out-of-date Virtual Private Networks (VPNs) and, certainly in the first weeks, did not receive the necessary training to be aware of common cyber threats.

According to the latest Cybersecurity Report by KE-CIRT/CC, the top cybersecurity threats are ransomware, malware and phishing attacks. The most common attack mechanisms are malware (59.5 %), botnet and Distributed Denial of Service (DDoS) attacks (29.1 %), and web application attacks (6.6 %). These attacks result in data breaches, theft of proprietary information, financial loss, reputational loss, destruction of equipment, distributed denial of services, unauthorized access to critical systems, as well as theft of Personally Identifiable Information (PII). More than half of the digital investigation requests received by the KE-CIRT/CC concerned impersonation (57 %), followed by Online Abuse (24.4 %) and Online Fraud (18.3%).

The institutional and policy levels, the Kenyan cybersecurity landscape witnessed some changes in the past months. Very recently, the National Computer and Cyber Crimes Coordination Committee (NC4) was launched and tasked with strengthening the detection, investigation and prosecution of cyber crimes. Some days earlier, the Office of the Data Protection Commissioner (ODPC), which will conclude its first year into operation on November 15th, presented its three year Strategic Plan. In Mai 2021, parliament adopted the Computer Misuse and Cybercrimes (Amendment) Bill, 2021, whose suggested amendments to the Computer Misuse and Cybercrimes Act (CMCA) infringes internationally and nationally protected rights and freedoms. Adding to this wrap up of current events, we note that the review of the National Cyber Security Strategy is long overdue.

The international level of the cybersecurity landscape, furthermore, saw developments that need to be taken into account due to the borderless nature of cyberthreats. Already in December 2019, Kenya supported a Russian-sponsored resolution (A/RES/74/247) that called for the creation of a “comprehensive international convention on countering the use of information and communications technologies for criminal purposes.” In March 2021, the Open-ended Working Group (OEWG 2019-2021) managed to conclude a substantive report which mainly reaffirms the acquis achieved by the UN Group of Governmental Experts (GGE) on the matter in 2010, 2013 and 2015. The body was established by the UN General Assembly through resolution A/RES/73/27 and open to all UN member states. Just two months later, the GGE 2019-2021, in which Kenya was one of the 25 members, published an advance copy of its consensus report. At the beginning of this month, the states that sponsored the partially competing OEWG and GGE processes managed to integrate them in the new OEWG (2021-2025). Complementing the UN’s work on cybersecurity, the Security Council held a high-level open debate on cybersecurity, chaired by Estonia, in June 2021. On this occasion, Kenya, as a non-permanent council member, was able to contribute to the discussion.

These developments clearly have implications for Kenya’s cybersecurity. The purpose of the meeting is to gather stakeholders of Kenya’s cybersecurity landscape and to reflect on the implications of Covid-19-related developments for Kenya’s exposure to cyberthreats in greater detail. The discussion is structured by the recommendations provided in the 2019 Policy Brief “Kenya’s Cybersecurity Framework” and focuses on the 6 Ps: Priorities, Policies, Political Will, Partnerships, Preparation, and People. Speakers will provide input on each of these aspects, according to her/his focus.

Attendees
Attendees will include 40 relevant local actors drawn from government, including key agencies and departments, private sector companies and groups, the technical community, academia, civil society groups and other non-governmental actors.

About the Organizers
The Kenya ICT Action Network (KICTANet) is a non-profit organization, which acts as a multi-stakeholder platform for individuals and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT-enabled growth and development. The meeting is made possible with the support of the government of the United Kingdom’s Digital Access Program.

Programme 2021
Time Session Facilitators
1000 – 1005 Welcome & Introduction Grace Githaiga, KICTANet

Charles Juma, FCDO

1005 – 1010 Overview of Workshop Objectives/Structure of the webinar. Victor Kapiyo, KICTANet
1010 – 1120 Speakers’ Input: Priorities in 2021 (10 mins each)

  1. What has been achieved or implemented so far?
  2. What should we prioritise moving forward (next 3 years)
Preparation – Dr. Catherine Getao,

People –  Dr. Paula Musuva

Partnerships – Mutheu Khimulu

Priorities  – Philip Irode, ICTA

Political Will – Hon. William Kisang, National Assembly

Policies – Joseph Nzano, KE-CIRT, Communications Authority

1120 – 1140 Plenary Session Victor Kapiyo, KICTANet
1140 – 1150 Recommendations and Way Forward
1150 – 1200 Closing Session
Translate »
Share This