[kictanet] Proposed Kictanet’s input into Kenya’s Draft Cyber Security Strategy

Ali Hussein ali at hussein.me.ke
Wed Mar 26 03:32:15 EAT 2014 

Grace, Victor

Thanks for your input. The one thing that I would add is the mitigation of mass surveillance against the backdrop of international terrorism. Whilst this is an issue of personal freedom vis a vis the issue of national security we must have in place a mechanism to ensure that personal freedoms are not trampled on in the interest of individuals who clock the violations as necessary in the interest of national security. 

Ali Hussein

+254 0770 906375 / 0713 601113

Twitter: @AliHKassim
Skype: abu-jomo
LinkedIn: http://ke.linkedin.com/in/alihkassim
Blog: www.alyhussein.com

"I fear the day technology will surpass human interaction. The world will have a generation of idiots".  ~ Albert Einstein

Sent from my iPad

> On Mar 25, 2014, at 10:09 PM, Grace Githaiga <ggithaiga at hotmail.com> wrote:
> 
> Dear Listers
> 
> On March 14, the GOK through the ICT Authority released a 13 page draft Cyber Security Strategy (http://www.scribd.com/doc/212456939/GOK-National-Cybersecurity-Strategy).
> 
>  
> 
> We had considered conducting an online discussion on the draft as is usually the tradition, but this has not been possible. I therefore requested Victor Kapiyo to give us some initial thoughts that can we can build on, and which will form part of our submission.
> 
>  
> 
> The deadline for submission is this coming Friday, March 28.  We propose to send the comments by Thursday March 27, 2013.
> 
>  
> 
> I wish to kindly request you to add/ subtract/amend by Thursday 1.00 pm (March 27, 2013).
> 
>  
> General Comments
>  
> The strategy appears to be generic. It lacks specifics and glosses over several key issues:
> 
> ·         It lacks a detailed discussion of the current context - current statistics of internet usage, threats to the internet, key bodies, resolutions, policies, directives, key public concerns, challenges facing the country, current legal and policy framework for ICT etc.
> ·         Lacks clear justification for the strategy.
> ·         Fails to identify the key players/stakeholders/institutions in governmet, private sector, civil society – and their roles and responsibilities in addressing CS issues, how they will be involved and their coordination mechanisms.
> ·         Does not provide reasons or demonstrate how and why the prioritized goals were arrived at/chosen.
> ·         The actions under the goals are few and not SMART.
> ·         It fails to discuss the current legal and policy framework to address CS on which it should be anchored.
>  
> Proposals/ Recommendations
> The strategy should clearly articulate what the government intends to do, viz:
> ·         Enhance protection and promotion of fundamental rights and freedoms in the Bill of Rights in particular on expression, media, participation, personal data and privacy,
> ·         Promote the national values under article. 10 of the constitution – rule of law, democracy, participation, good governance etc.
> ·         Improve preparedness, rapid response and capabilities to respond - CERTs
> ·         Improve cooperation with, clarify obligations, and manage roles and responsibilities of operators of critical infrastructure and key providers of on-line services, such as e-commerce platforms, Internet payment gateways, social networks, search engines, cloud computing services, app stores.
> ·         Improve transparency and accountability in the management of the net and CS
> ·         Address public concerns over censorship / mass surveillance in a post-snowden era
> ·         Improve information sharing and cooperation - how should the info flow, which routes?
> ·         Improve the reporting and publicity of cyber-security incidents to the relevant authorities
> ·         Promote openness of the internet, GoK commitments under open government.
> ·         Regulate - who is currently covered/who is responsible?
> ·         Improve international cooperation and engagement with international instruments - EAC treaties, Budapest convention.
> ·         Set standards and common minimum requirements for government bodies and market,
> ·         Maintain the reliability and interoperability of the Internet,
> ·         Promote research, innovation and development in CS,
> ·         Improve governance of the internet,
> ·         Promote access to the internet,
> ·         Promote CS through strategic procurement,
> ·         Improve the policy and legal framework on CS,
> ·         Mainstream CS into national security agenda,
> ·         Improve coordination of CS initiatives, and
> ·         Facilitate training of law enforcement, judicial and technical personnel to address cyber threats.
>  
> 
> _______________________________________________
> kictanet mailing list
> kictanet at lists.kictanet.or.ke
> https://lists.kictanet.or.ke/mailman/listinfo/kictanet
> 
> Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/info%40alyhussein.com
> 
> The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.
> 
> KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.kictanet.or.ke/pipermail/kictanet/attachments/20140326/998d78d4/attachment.htm>

More information about the KICTANet mailing list