[kictanet] Proposed Kictanet’s input into Kenya’s Draft Cyber Security Strategy

Grace Githaiga ggithaiga at hotmail.com
Wed Mar 26 08:09:35 EAT 2014 

Thanks Ali. Noted.

CC: kictanet at lists.kictanet.or.ke
From: ali at hussein.me.ke
Subject: Re: [kictanet] Proposed Kictanet’s input into Kenya’s Draft Cyber Security Strategy
Date: Wed, 26 Mar 2014 03:32:15 +0300
To: ggithaiga at hotmail.com

Grace, Victor
Thanks for your input. The one thing that I would add is the mitigation of mass surveillance against the backdrop of international terrorism. Whilst this is an issue of personal freedom vis a vis the issue of national security we must have in place a mechanism to ensure that personal freedoms are not trampled on in the interest of individuals who clock the violations as necessary in the interest of national security. 

Ali Hussein
+254 0770 906375 / 0713 601113
Twitter: @AliHKassimSkype: abu-jomoLinkedIn: http://ke.linkedin.com/in/alihkassimBlog: www.alyhussein.com

"I fear the day technology will surpass human interaction. The world will have a generation of idiots".  ~ Albert Einstein
Sent from my iPad
On Mar 25, 2014, at 10:09 PM, Grace Githaiga <ggithaiga at hotmail.com> wrote:




Dear Listers

On March 14, the GOK through the ICT Authority
released a 13 page draft Cyber Security Strategy (http://www.scribd.com/doc/212456939/GOK-National-Cybersecurity-Strategy).

 

We had considered
conducting an online discussion on the draft as is usually the tradition, but this
has not been possible. I therefore requested Victor Kapiyo to give us some
initial thoughts that can we can build on, and which will form part of our
submission. 

 

The deadline for
submission is this coming Friday, March 28. 
We propose to send the comments by Thursday March 27, 2013.

 

I wish to kindly request
you to add/ subtract/amend by Thursday 1.00 pm (March 27, 2013). 

 

General
Comments

 

The strategy appears to be generic. It
lacks specifics and glosses over several key issues:





·        
It lacks a detailed discussion of the
current context - current statistics of internet usage, threats to the
internet, key bodies, resolutions, policies, directives, key public concerns,
challenges facing the country, current legal and policy framework for ICT etc.

·        
Lacks clear justification for the
strategy.

·        
Fails to identify the key players/stakeholders/institutions
in governmet, private sector, civil society – and their roles and
responsibilities in addressing CS issues, how they will be involved and their
coordination mechanisms.

·        
Does not provide reasons or demonstrate
how and why the prioritized goals were arrived at/chosen.

·        
The actions under the goals are few and
not SMART.

·        
It fails to discuss the current legal
and policy framework to address CS on which it should be anchored.

 

Proposals/ Recommendations

The
strategy should clearly articulate what the government intends to do, viz:

·        
Enhance protection and promotion of
fundamental rights and freedoms in the Bill of Rights in particular on
expression, media, participation, personal data and privacy,

·        
Promote the national values under article.
10 of the constitution – rule of law, democracy, participation, good governance
etc.

·        
Improve preparedness, rapid response
and capabilities to respond - CERTs

·        
Improve cooperation with, clarify
obligations, and manage roles and responsibilities of operators of critical
infrastructure and key providers of on-line services, such as e-commerce
platforms, Internet payment gateways, social networks, search engines, cloud
computing services, app stores.

·        
Improve transparency and accountability
in the management of the net and CS

·        
Address public concerns over censorship
/ mass surveillance in a post-snowden era

·        
Improve information sharing and
cooperation - how should the info flow, which routes?

·        
Improve the reporting and publicity of
cyber-security incidents to the relevant authorities

·        
Promote openness of the internet, GoK
commitments under open government.

·        
Regulate - who is currently covered/who
is responsible?

·        
Improve international cooperation and
engagement with international instruments - EAC treaties, Budapest convention.

·        
Set standards and common minimum
requirements for government bodies and market,

·        
Maintain the reliability and
interoperability of the Internet,

·        
Promote research, innovation and
development in CS,

·        
Improve governance of the internet,

·        
Promote access to the internet,

·        
Promote CS through strategic
procurement,

·        
Improve the policy and legal framework
on CS,

·        
Mainstream CS into national security
agenda,

·        
Improve coordination of CS initiatives,
and

·        
Facilitate training of law enforcement,
judicial and technical personnel to address cyber threats.

 
 		 	   		  
_______________________________________________
kictanet mailing list
kictanet at lists.kictanet.or.ke
https://lists.kictanet.or.ke/mailman/listinfo/kictanet

Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/info%40alyhussein.com

The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.

KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications. 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.kictanet.or.ke/pipermail/kictanet/attachments/20140326/4dd24a7e/attachment.htm>

More information about the KICTANet mailing list