Financial Crime World

Kenya to Formulate Draft Regulations for Cybersecurity Capacity-Building

In the wake of recent cyber attacks, the Kenyan government has announced plans to formulate draft regulations aimed at addressing gaps in the country’s cybersecurity capacity. The move comes as part of efforts to operationalize the National Cybersecurity Strategy (2022-2027), which emphasizes the importance of multistakeholder engagement and cooperation with international partners.

Background

The Kenyan government recognizes the need to strengthen its cybersecurity capacity and capability, particularly among government agencies responsible for public-facing digital services such as eCitizen. The draft regulations will focus on auditing cybersecurity skills and resource needs within these agencies, identifying gaps, and developing a plan to address them.

Private Sector Involvement

The private sector is expected to play a key role in assisting the government in closing the cybersecurity skills gap by providing training and expertise. However, experts warn that relying too heavily on the private sector may create dependencies and undermine sustainable cyber capabilities.

Certification/Accreditation Framework

The government has also proposed establishing a cybersecurity professional certification/accreditation and career progression framework. This move is expected to face opposition from industry associations and other stakeholder groups, who argue that such regulations may stifle innovation and raise barriers for professional development in the dynamic ICT industry.

Public Participation Process

The draft regulations will undergo a public participation process, providing an opportunity for stakeholders to engage with the government on how to better realize cybersecurity policies, frameworks, and regulations. This move is seen as crucial in championing continental coordination on cybersecurity and data protection, particularly through the African Union Convention on Cybersecurity and Personal Data Protection.

Timeline

The draft regulations are expected to be released later this year, with implementation slated to begin in 2023. The move is seen as critical in ensuring the trust and reliability of Kenya’s digital financial infrastructure, which has been affected by recent outages and security breaches.

Key Quotes

  • “The private sector will assist Government in closing the cybersecurity skills gap by providing training and expertise.”
  • “We believe that a collaborative approach is key to addressing the challenges posed by cyber threats.”
  • “Relying too heavily on the private sector may create dependencies and undermine sustainable cyber capabilities.”

Related Articles

  • “Kenya’s Digital Superhighway Plans Face Challenges”
  • “M-PESA Outages Cause Inconvenience, Raise Concerns Over Systemic Risks”
  • “Government Pushes for Mobile Money Payment Platform Amid Controversy”

Sources

  • “Kenya’s National Cybersecurity Strategy (2022-2027)”
  • “African Union Convention on Cybersecurity and Personal Data Protection”
  • “FinCyber Strategy Project” report
  • “Kenya ICT Action Network” capacity-building needs mapping