On Thursday, 25 November 2021, KICTANet, in partnership with the UK Government’s Digital Access Program, held a Roundtable meeting on Cybersecurity in Kenya on priorities for a Post COVID-19 World. The theme of the meeting was Building Back Better.
The online meeting attracted over 80 attendees including those from government key agencies and departments, private sector companies, technical community, academia, and civil society.
It was a highly engaging session featuring expert speakers from academia, government agencies, ICT parliamentary committee, and multilateral bodies. The speakers present were: Dr Paula Musuva, Forensic Information Technology, Lecturer USIU; Dr Katherine Getao, CEO, ICTA; Mutheu Khimulu, Legal Specialist in Cyber security; Philip Irode, Deputy Director, Information Security and Cyber, ICTA; Hon. William Kisang, MP, National Assembly; Joseph Nzano, KE-CIRT, Communications Authority; Dr Martin Koyabe, Senior Manager AU- Global Forum on Cyber Expertise (GFCE).
Current Status of CyberSecurity and Cyber Hygiene.
One of the main objectives of the meeting was to identify common cybersecurity priorities in a post-COVID-19 world. The speakers reviewed the cybersecurity priorities identified in the previous roundtable meeting held by KICTANet.
In her presentation, Mutheu Khimulu, a Legal Specialist in Cyber Security, presented on the state of Kenya’s people and Cyber hygiene status in 2019 and that of 2021 onwards. In 2019, there was a lack of public awareness, outdated laws, weak standards in key institutions and government agencies, weak internal security practices etc. Mutheu Khimulu noted that there has been progress from 2019 in the Cybersec space, but there is still much to be done. She emphasized the need for advocacy and cyber awareness, cyber hygiene guidelines, and more Cybersec training facilities in Kenya post-Covid-19 world.
Dr Paula Musava reiterated this and pointed out that there was a cybersecurity skill gap in Kenya and Africa at large.
What has been achieved or implemented so far?
Regarding what had been achieved so far in the Cybersecurity space in Kenya, it was quite notable that strides have been made. There is the adoption of the Computer Misuse and Cybercrimes Act, Data Protection Act, a Data Protection office and officer in Kenya. There was also a discussion of the ICT practitioners bill, and Critical infrastructure bill Hon. William Kisang, MP mentioned that it was still one of the pending issues for the ICT parliamentary committee.
The second objective was to consolidate stakeholder priorities to inform the country’s cybersecurity strategies. Dr Katerine Gateo said that the best way to strategize cybersecurity is to prioritize it. She further mentioned that this was the right time to measure ICT contributions, CyberSecurity risk assessment, and understand current status. Furthermore, she pointed out a need to use modern applications when strategizing. She also recommended the creation of functional governance organs, institutionalization, monitoring and reviewing Cybersec KPIs.
From the speakers’ presentations, it was notable that there is a need for increased public awareness of cybersecurity and cyber hygiene starting from the grassroots level. Dr Martin Koyabe emphasized the need for public awareness on cybersecurity, having cybersecurity accreditation and certifications in our institutions and ensuring the skillset is compensated well.
There was also mention of building critical cybersecurity and data-sharing framework in the country. For the legislation already in place, there is a need to ensure they abide by other conventions and treaties in place. Lastly, Joseph Nzano, emphasized the need to put in place robust, operational, and sustainable policies.