[kictanet] Proposed Kictanet's input into Kenya's Draft Cyber Security Strategy

Brian Munyao Longwe blongwe at gmail.com
Fri Mar 28 15:05:29 EAT 2014 

Dear all,

I've looked through the draft and to be completely honest I do not think
that this document is ready to be considered for adoption. Among others:

It is very scarce on *specific actions* that relate to implementation of
strategy.

It does not *adequately identify* the key stakeholders and outline their
roles, contributions towards the overall objectives/vision.

It does not set out how *resources are to be mobilized* towards achievement
of specified goals/objectives.


Please take a look through cyber security strategies that have been
developed by other countries (India and Hungary are good examples) at the
following link:
https://www.enisa.europa.eu/activities/Resilience-and-CIIP/national-cyber-security-strategies-ncsss/national-cyber-security-strategies-in-the-world

Even a simple benchmarking exercise from the above link would have led to a
better initial draft. Let us not make ourselves look incompetent by passing
this current document.

We are far from what can be considered a solid strategy paper. More work is
needed on this. I propose that the timelines related to completion of this
document be extended to allow more thorough work. The team that has come up
with this needs to be modified/expanded to include others who can bring in
better strategic input.

my two cents,

Mblayo



On Wed, Mar 26, 2014 at 8:09 AM, Grace Githaiga <ggithaiga at hotmail.com>wrote:

> Thanks Ali. Noted.
>
> ------------------------------
> CC: kictanet at lists.kictanet.or.ke
> From: ali at hussein.me.ke
> Subject: Re: [kictanet] Proposed Kictanet's input into Kenya's Draft Cyber
> Security Strategy
> Date: Wed, 26 Mar 2014 03:32:15 +0300
> To: ggithaiga at hotmail.com
>
>
> Grace, Victor
>
> Thanks for your input. The one thing that I would add is the mitigation of
> mass surveillance against the backdrop of international terrorism. Whilst
> this is an issue of personal freedom vis a vis the issue of national
> security we must have in place a mechanism to ensure that personal freedoms
> are not trampled on in the interest of individuals who clock the violations
> as necessary in the interest of national security.
>
> *Ali Hussein*
>
> +254 0770 906375 / 0713 601113
>
> Twitter: @AliHKassim
>
> Skype: abu-jomo
>
> LinkedIn: http://ke.linkedin.com/in/alihkassim<http://ke.linkedin.com/in/alihkassim>
>
> Blog: www.alyhussein.com
>
> "I fear the day technology will surpass human interaction. The world will
> have a generation of idiots".  ~ Albert Einstein
>
> Sent from my iPad
>
> On Mar 25, 2014, at 10:09 PM, Grace Githaiga <ggithaiga at hotmail.com>
> wrote:
>
> Dear Listers
>
> On March 14, the GOK through the ICT Authority released a 13 page draft
> Cyber Security Strategy (
> http://www.scribd.com/doc/212456939/GOK-National-Cybersecurity-Strategy).
>
>
>
> We had considered conducting an online discussion on the draft as is
> usually the tradition, but this has not been possible. I therefore
> requested Victor Kapiyo to give us some initial thoughts that can we can
> build on, and which will form part of our submission.
>
>
>
> The deadline for submission is this coming Friday, March 28.  We propose
> to send the comments by Thursday March 27, 2013.
>
>
>
> I wish to kindly request you to add/ subtract/amend by Thursday 1.00 pm
> (March 27, 2013).
>
>
>
> *General Comments*
>
>
>
> The strategy appears to be generic. It lacks specifics and glosses over
> several key issues:
>
>  ·         It lacks a detailed discussion of the current context -
> current statistics of internet usage, threats to the internet, key bodies,
> resolutions, policies, directives, key public concerns, challenges facing
> the country, current legal and policy framework for ICT etc.
>
> ·         Lacks clear justification for the strategy.
>
> ·         Fails to identify the key players/stakeholders/institutions in
> governmet, private sector, civil society - and their roles and
> responsibilities in addressing CS issues, how they will be involved and
> their coordination mechanisms.
>
> ·         Does not provide reasons or demonstrate how and why the
> prioritized goals were arrived at/chosen.
>
> ·         The actions under the goals are few and not SMART.
>
> ·         It fails to discuss the current legal and policy framework to
> address CS on which it should be anchored.
>
>
>
> *Proposals/ Recommendations*
>
> The strategy should clearly articulate what the government intends to do,
> viz:
>
> ·         Enhance protection and promotion of fundamental rights and
> freedoms in the Bill of Rights in particular on expression, media,
> participation, personal data and privacy,
>
> ·         Promote the national values under article. 10 of the
> constitution - rule of law, democracy, participation, good governance etc.
>
> ·         Improve preparedness, rapid response and capabilities to
> respond - CERTs
>
> ·         Improve cooperation with, clarify obligations, and manage roles
> and responsibilities of operators of critical infrastructure and key
> providers of on-line services, such as e-commerce platforms, Internet
> payment gateways, social networks, search engines, cloud computing
> services, app stores.
>
> ·         Improve transparency and accountability in the management of
> the net and CS
>
> ·         Address public concerns over censorship / mass surveillance in
> a post-snowden era
>
> ·         Improve information sharing and cooperation - how should the
> info flow, which routes?
>
> ·         Improve the reporting and publicity of cyber-security incidents
> to the relevant authorities
>
> ·         Promote openness of the internet, GoK commitments under open
> government.
>
> ·         Regulate - who is currently covered/who is responsible?
>
> ·         Improve international cooperation and engagement with
> international instruments - EAC treaties, Budapest convention.
>
> ·         Set standards and common minimum requirements for government
> bodies and market,
>
> ·         Maintain the reliability and interoperability of the Internet,
>
> ·         Promote research, innovation and development in CS,
>
> ·         Improve governance of the internet,
>
> ·         Promote access to the internet,
>
> ·         Promote CS through strategic procurement,
>
> ·         Improve the policy and legal framework on CS,
>
> ·         Mainstream CS into national security agenda,
>
> ·         Improve coordination of CS initiatives, and
>
> ·         Facilitate training of law enforcement, judicial and technical
> personnel to address cyber threats.
>
>
>
> _______________________________________________
> kictanet mailing list
> kictanet at lists.kictanet.or.ke
> https://lists.kictanet.or.ke/mailman/listinfo/kictanet
>
> Unsubscribe or change your options at
> https://lists.kictanet.or.ke/mailman/options/kictanet/info%40alyhussein.com
>
> The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform
> for people and institutions interested and involved in ICT policy and
> regulation. The network aims to act as a catalyst for reform in the ICT
> sector in support of the national aim of ICT enabled growth and development.
>
> KICTANetiquette : Adhere to the same standards of acceptable behaviors
> online that you follow in real life: respect people's times and bandwidth,
> share knowledge, don't flame or abuse or personalize, respect privacy, do
> not spam, do not market your wares or qualifications.
>
>
> _______________________________________________
> kictanet mailing list
> kictanet at lists.kictanet.or.ke
> https://lists.kictanet.or.ke/mailman/listinfo/kictanet
>
> Unsubscribe or change your options at
> https://lists.kictanet.or.ke/mailman/options/kictanet/blongwe%40gmail.com
>
> The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform
> for people and institutions interested and involved in ICT policy and
> regulation. The network aims to act as a catalyst for reform in the ICT
> sector in support of the national aim of ICT enabled growth and development.
>
> KICTANetiquette : Adhere to the same standards of acceptable behaviors
> online that you follow in real life: respect people's times and bandwidth,
> share knowledge, don't flame or abuse or personalize, respect privacy, do
> not spam, do not market your wares or qualifications.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.kictanet.or.ke/pipermail/kictanet/attachments/20140328/c091a50b/attachment.htm>

More information about the KICTANet mailing list