[kictanet] Proposed Kictanet’s input into Kenya’s Draft Cyber Security Strategy
Grace Githaiga
ggithaiga at hotmail.com
Tue Mar 25 22:09:07 EAT 2014
Dear Listers
On March 14, the GOK through the ICT Authority
released a 13 page draft Cyber Security Strategy (http://www.scribd.com/doc/212456939/GOK-National-Cybersecurity-Strategy).
We had considered
conducting an online discussion on the draft as is usually the tradition, but this
has not been possible. I therefore requested Victor Kapiyo to give us some
initial thoughts that can we can build on, and which will form part of our
submission.
The deadline for
submission is this coming Friday, March 28.
We propose to send the comments by Thursday March 27, 2013.
I wish to kindly request
you to add/ subtract/amend by Thursday 1.00 pm (March 27, 2013).
General
Comments
The strategy appears to be generic. It
lacks specifics and glosses over several key issues:
·
It lacks a detailed discussion of the
current context - current statistics of internet usage, threats to the
internet, key bodies, resolutions, policies, directives, key public concerns,
challenges facing the country, current legal and policy framework for ICT etc.
·
Lacks clear justification for the
strategy.
·
Fails to identify the key players/stakeholders/institutions
in governmet, private sector, civil society – and their roles and
responsibilities in addressing CS issues, how they will be involved and their
coordination mechanisms.
·
Does not provide reasons or demonstrate
how and why the prioritized goals were arrived at/chosen.
·
The actions under the goals are few and
not SMART.
·
It fails to discuss the current legal
and policy framework to address CS on which it should be anchored.
Proposals/ Recommendations
The
strategy should clearly articulate what the government intends to do, viz:
·
Enhance protection and promotion of
fundamental rights and freedoms in the Bill of Rights in particular on
expression, media, participation, personal data and privacy,
·
Promote the national values under article.
10 of the constitution – rule of law, democracy, participation, good governance
etc.
·
Improve preparedness, rapid response
and capabilities to respond - CERTs
·
Improve cooperation with, clarify
obligations, and manage roles and responsibilities of operators of critical
infrastructure and key providers of on-line services, such as e-commerce
platforms, Internet payment gateways, social networks, search engines, cloud
computing services, app stores.
·
Improve transparency and accountability
in the management of the net and CS
·
Address public concerns over censorship
/ mass surveillance in a post-snowden era
·
Improve information sharing and
cooperation - how should the info flow, which routes?
·
Improve the reporting and publicity of
cyber-security incidents to the relevant authorities
·
Promote openness of the internet, GoK
commitments under open government.
·
Regulate - who is currently covered/who
is responsible?
·
Improve international cooperation and
engagement with international instruments - EAC treaties, Budapest convention.
·
Set standards and common minimum
requirements for government bodies and market,
·
Maintain the reliability and
interoperability of the Internet,
·
Promote research, innovation and
development in CS,
·
Improve governance of the internet,
·
Promote access to the internet,
·
Promote CS through strategic
procurement,
·
Improve the policy and legal framework
on CS,
·
Mainstream CS into national security
agenda,
·
Improve coordination of CS initiatives,
and
·
Facilitate training of law enforcement,
judicial and technical personnel to address cyber threats.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.kictanet.or.ke/pipermail/kictanet/attachments/20140325/92400be6/attachment.htm>
More information about the KICTANet
mailing list