Financial Crime World

Here is the converted article in Markdown format:

Kenya’s Cybersecurity Regulations Face Multistakeholder Engagement Opportunity Amid Widespread Attacks

Nairobi, Kenya - The Kenyan government has announced plans to operationalize the country’s National Computer Incident Response Team (NCIRT) to address gaps in the changing cyberspace. This move comes on the heels of widespread cyber attacks that have left the country reeling.

Stakeholder Engagement Opportunity

The regulations’ public participation process presents an opportunity for stakeholders to engage with the government and provide input on how the country’s cybersecurity policies, frameworks, and regulations can be improved.

Private Sector Assistance

According to a statement by the Ministry of Information, Communication and Digital Economy (MIC&DE), the private sector will assist the government in closing the cybersecurity skills gap by providing training and expertise to government agencies. This includes provision of critical expertise to aid in cyber incidents response and recovery processes.

National Cybersecurity Strategy

The National Cybersecurity Strategy emphasizes the government’s commitment to working with stakeholders at national and international levels as is necessitated by the cross-cutting and transactional nature of cyber threats. The strategy proposes that the government establish a cybersecurity professional certification/accreditation and career progression framework, which may face opposition from the private sector, civil society, the technical community, and academia.

Expert Recommendations

Experts have cautioned against relying too heavily on the private sector for critical expertise, as this can create dependencies that undermine sustainable cyber capability. Instead, they recommend establishing mechanisms of resourcing for cybersecurity skills needs, with private and development sector support supplementing this core need.

  • Engage industry associations and other relevant stakeholder groups in developing a more agile approach to achieving the cybersecurity capacity objective.
  • Conduct critical evaluation of training programs to ensure that they embed interdisciplinary approaches to cybersecurity.

Digitalization Risks

Kenya’s digitalization plans are laudable, but they come with near-term risks. The country must factor in cybersecurity and resilience into its ambitious rollout of digitalization initiatives in the public sector. Trust in and reliability of the country’s digital financial infrastructure is also at stake, particularly given M-PESA’s critical role in facilitating payments.

Multistakeholder Engagement

The proposed roundtable and other multistakeholder avenues offer a viable starting point for taking stock of cybersecurity measures in place for government systems, as well as those affecting critical sectors like finance, energy, and transportation. Strategies must account for how cyber threats affect individuals and smaller businesses.

References

  • African Union Convention on Cybersecurity and Personal Data Protection
  • Carnegie’s FinCyber Strategy Project
  • Kenya ICT Action Network

Editor’s Note

This article is a rewritten version of the original text to make it look like a media article. The content has been condensed and reorganized for easier reading, while still maintaining the main points and ideas of the original text.