The government is strengthening the country’s cyber security infrastructure and developing up-to-date cyber security policies that are geared towards safeguarding Kenya’s e-commerce and digital ecosystems as more citizens tap into the niche space.
The state is further responding to increasing global cyber security threats through building partnerships with both the public and private sectors, foreign governments, and organisations.
Cabinet Secretary for Information, Communications, and Digital Economy Eliud Owalo said while cyber technology has brought unprecedented levels of connectivity and altered various aspects of life, from financial transactions to education, agriculture, and health care, the innovation needed to be safe for people to benefit from it.
By adopting a proactive and multi-faceted approach to cybersecurity, Owalo said the government was protecting its online infrastructure, such as the e-Citizen platform, and maintaining the stability of essential services, ensuring the safety and well-being of citizens and businesses.
“Currently, we have 13,382 government services on the e-Citizen platform. To prevent attacks, we conduct periodic security audits and penetration tests, implement remediation actions to address vulnerabilities, strengthen infrastructure and networks, and ensure continuous monitoring of network traffic,” stated the Cabinet Secretary.
Speaking when he officially inaugurated the National Security Symposium at the National Defence University-Kenya in Lanet, Nakuru County, Owalo said the government is a strategic player both regionally and globally in the area of cybersecurity due to the continued investments in robust ICT infrastructures and digitization in both the private and public sectors in the quest to achieve the digital economy blueprint.
“We have recognised the gravity of cyber security challenges and have accordingly devised cyber security strategies that prioritise national security and development. Our strategies encompass threat anticipation and prevention, detection, response, and recovery. We are working on this with the private sector and academia,” the Cabinet Secretary pointed out.
He stated that the country is within timelines for harnessing the opportunities brought about by the 4th Industrial Revolution, where cybersecurity is a cross-cutting issue in the five pillars of the country’s digital economy, which include digital government, digital business, infrastructure, innovation-driven entrepreneurship, and digital skills and values.
The event was also graced by Defense Cabinet Secretary Aden Duale.
A cyberattack is an intentional effort to steal, expose, alter, disable, or destroy data, applications, or other assets through unauthorised access to a network, computer system, or digital device.
Hackers launch cyberattacks for all sorts of reasons, from petty theft to acts of war. They use a variety of tactics, like malware attacks, social engineering (where a hacker plays on victims’ psychology, deceiving them into divulging confidential information), scams, and password thefts, to get unauthorised access to their target system.
A Distributed Denial of Service (DDoS) attack is a malicious tactic aiming to overwhelm a targeted network or service by flooding it with an excessive volume of traffic, thereby disrupting normal functioning and rendering it inaccessible to legitimate users. Such attacks, when targeted at government services and telecommunication infrastructure, can have severe consequences, crippling the delivery of essential public services and causing communication breakdowns that affect businesses and citizens’ access to crucial information.
Some of the most prominent cybercrimes in Kenya are false publications, phishing attacks, malware, money transfer fraud, credit card fraud, and cyber-terrorism.
From non-governmental organisations, government agencies, e-commerce platforms, financial institutions such as banks, and SACCOs, cyber threats are proving to be a common menace for all.
In his presentation, Owalo also disclosed that the State was in the process of establishing 25,000 free Wi-Fi hotspots and 1450 digital hubs across the country to empower the youth with digital skills and enable them to exploit opportunities in e-commerce.
The theme of the launch event, ‘Enhancing Cyber Security for National Development’, was a reflection on the evolution of the cybersecurity industry, how external factors affect the growth of the sector, and the impact of cyber-attacks on Kenyan institutions and businesses.
The government, Owalo added, was further rolling out 100,000 kilometres of fibre-optic to enable Kenyans to access reliable and stable internet connectivity.
He indicated that, as a way of facilitating internet connectivity for more citizens, the government had entered into public-private partnerships with local telecommunication companies to roll out the first locally assembled, affordable, and high-quality smartphones.
October 2023 marks the 20th anniversary of Cybersecurity Awareness Month, a milestone highlighting two decades of dedicated efforts to promote digital safety and vigilance.
Cybersecurity Awareness Month has been designated to heighten digital security awareness and empower individuals to safeguard their data from the perils posed by hackers and other digital threats.
Owalo observed that a multi-stakeholder cybersecurity roundtable team unveiled in July was actively addressing cybersecurity challenges in the country.
The team comprises actors from both the public and private sectors who are tasked with collaboratively coming up with innovative ways to deal with cyber threats and ensure cyber security is amplified even as the digital space evolves.
The team is also expected to come up with cybersecurity policies that will protect them from emerging and current threats.
“In today’s digital world, cyber threats are a global and local concern for individuals, businesses, and nations alike. It is in this spirit that the ministry has put together a multi-stakeholder cybersecurity roundtable with membership from the Government and private sector to discuss cyber threats management,” he added.
The involved parties in the multi-stakeholder cybersecurity roundtable team will share information on emerging cyber threats and come up with swift cyber incident response and mitigation strategies.
CS Owalo added, had also published, for public comment, draft regulations to support the Computer Misuse and Cybercrimes Act.
Kenya, the Cabinet Secretary explained, had also crafted the National Cyber Security Strategy 2022-2027 where cyber regulations are anchored.
“We are in the process of finalizing draft regulations to operationalize the Computer Misuse and Cyber Crime Act. They will provide guidelines for enforcement, investigation, and prosecution of cybercrimes. They will also ensure that cyber criminals face the full force of the law,” he explained.
Duale noted that technological advancements in Kenya have resulted in a more open, interconnected nation that can offer adversaries avenues for exploiting computer networks.
He added that cyber-attacks are continuously evolving — to a great extent faster than cyber defenses — resulting in an ever-increasing frequency of attacks and the probability of success over time.
For this reason, Duale noted the National Cyber Command Centre and the National Kenya Computer Incident Response Team – Coordination Centre (National KE-CIRT/CC) need to stay at the top of their game to ensure they are always ahead of hackers.
He stated that Cyber insecurity poses a major threat to the country’s economic and social development and thus the need to protect cyberspace with the same vigilance as that of the Kenya Defence Forces.
Consequently, the Defense Cabinet Secretary said national, regional, and international cooperation and collaborations in cyberspace governance processes are critical, noting that without cybersecurity, there’s no national security.
Duale said that it is on this development that the country continues to strengthen its civil-military integration in cybersecurity and digitization to ensure proper coordination and execution of functions.
“There is a need for continuous learning of the new trends and security measures to be ahead of the cyber criminals and hackers. The government has also enacted the Computer Misuse and Cybercrimes Act and established the National Computer and Cybercrimes coordination committee to coordinate cyber security matters. Further, it enacted the Data Protection Act 2019 to ensure the privacy of our data,” observed the Cabinet Secretary.
Kenya currently ranks 35th, Nigeria 50th, and South Africa 82nd on the global list of cyber threats. The report further mentions that in the first quarter of 2023, in Kenya, exploits emerged as the most dominant form of attack with 177,000 incidents blocked in addition to 300,000 zombie machines detected.
Several institutions have experienced cyber-attacks, putting their reputation at risk. With the escalating sophistication and frequency of cyberattacks, the importance of robust cybersecurity measures cannot be overstated.
Even developed countries like Japan and the USA are prone to cyber-attacks. In Kenya, several institutions have experienced cyber-attacks putting their reputation at risk, underlining the reality that cyber threats are closer home now than before thus the need to develop strategic preventive, adaptive, and corrective controls supported by technology and the right skills.
By Anne Mwale