[kictanet] Proposed Kictanet's input into Kenya's Draft Cyber Security Strategy

Grace Githaiga ggithaiga at hotmail.com
Sat Mar 29 01:24:50 EAT 2014


MblayoNoted and forwarded to ICTA.
RgdsGrace
Date: Fri, 28 Mar 2014 15:05:29 +0300
Subject: Re: [kictanet] Proposed Kictanet's input into Kenya's Draft Cyber Security Strategy
From: blongwe at gmail.com
To: ggithaiga at hotmail.com
CC: kictanet at lists.kictanet.or.ke

Dear all,

I've looked through the draft and to be completely honest I do not think that this document is ready to be considered for adoption. Among others:


It is very scarce on specific actions that relate to implementation of strategy.

It does not adequately identify the key stakeholders and outline their roles, contributions towards the overall objectives/vision.


It does not set out how resources are to be mobilized towards achievement of specified goals/objectives.


Please take a look through cyber security strategies that have been developed by other countries (India and Hungary are good examples) at the following link:

https://www.enisa.europa.eu/activities/Resilience-and-CIIP/national-cyber-security-strategies-ncsss/national-cyber-security-strategies-in-the-world


Even a simple benchmarking exercise from the above link would have led to a better initial draft. Let us not make ourselves look incompetent by passing this current document.

We are far from what can be considered a solid strategy paper. More work is needed on this. I propose that the timelines related to completion of this document be extended to allow more thorough work. The team that has come up with this needs to be modified/expanded to include others who can bring in better strategic input.


my two cents,

Mblayo



On Wed, Mar 26, 2014 at 8:09 AM, Grace Githaiga <ggithaiga at hotmail.com> wrote:




Thanks Ali. Noted.

CC: kictanet at lists.kictanet.or.ke
From: ali at hussein.me.ke

Subject: Re: [kictanet] Proposed Kictanet’s input into Kenya’s Draft Cyber Security Strategy
Date: Wed, 26 Mar 2014 03:32:15 +0300
To: ggithaiga at hotmail.com


Grace, Victor
Thanks for your input. The one thing that I would add is the mitigation of mass surveillance against the backdrop of international terrorism. Whilst this is an issue of personal freedom vis a vis the issue of national security we must have in place a mechanism to ensure that personal freedoms are not trampled on in the interest of individuals who clock the violations as necessary in the interest of national security. 


Ali Hussein
+254 0770 906375 / 0713 601113

Twitter: @AliHKassim
Skype: abu-jomo

LinkedIn: http://ke.linkedin.com/in/alihkassim


Blog: www.alyhussein.com


"I fear the day technology will surpass human interaction. The world will have a generation of idiots".  ~ Albert Einstein
Sent from my iPad
On Mar 25, 2014, at 10:09 PM, Grace Githaiga <ggithaiga at hotmail.com> wrote:





Dear Listers

On March 14, the GOK through the ICT Authority
released a 13 page draft Cyber Security Strategy (http://www.scribd.com/doc/212456939/GOK-National-Cybersecurity-Strategy).



 


We had considered
conducting an online discussion on the draft as is usually the tradition, but this
has not been possible. I therefore requested Victor Kapiyo to give us some
initial thoughts that can we can build on, and which will form part of our
submission. 


 


The deadline for
submission is this coming Friday, March 28. 
We propose to send the comments by Thursday March 27, 2013.


 


I wish to kindly request
you to add/ subtract/amend by Thursday 1.00 pm (March 27, 2013). 


 


General
Comments


 


The strategy appears to be generic. It
lacks specifics and glosses over several key issues:






·        
It lacks a detailed discussion of the
current context - current statistics of internet usage, threats to the
internet, key bodies, resolutions, policies, directives, key public concerns,
challenges facing the country, current legal and policy framework for ICT etc.

·        
Lacks clear justification for the
strategy.

·        
Fails to identify the key players/stakeholders/institutions
in governmet, private sector, civil society – and their roles and
responsibilities in addressing CS issues, how they will be involved and their
coordination mechanisms.

·        
Does not provide reasons or demonstrate
how and why the prioritized goals were arrived at/chosen.

·        
The actions under the goals are few and
not SMART.

·        
It fails to discuss the current legal
and policy framework to address CS on which it should be anchored.

 

Proposals/ Recommendations

The
strategy should clearly articulate what the government intends to do, viz:

·        
Enhance protection and promotion of
fundamental rights and freedoms in the Bill of Rights in particular on
expression, media, participation, personal data and privacy,

·        
Promote the national values under article.
10 of the constitution – rule of law, democracy, participation, good governance
etc.

·        
Improve preparedness, rapid response
and capabilities to respond - CERTs

·        
Improve cooperation with, clarify
obligations, and manage roles and responsibilities of operators of critical
infrastructure and key providers of on-line services, such as e-commerce
platforms, Internet payment gateways, social networks, search engines, cloud
computing services, app stores.

·        
Improve transparency and accountability
in the management of the net and CS

·        
Address public concerns over censorship
/ mass surveillance in a post-snowden era

·        
Improve information sharing and
cooperation - how should the info flow, which routes?

·        
Improve the reporting and publicity of
cyber-security incidents to the relevant authorities

·        
Promote openness of the internet, GoK
commitments under open government.

·        
Regulate - who is currently covered/who
is responsible?

·        
Improve international cooperation and
engagement with international instruments - EAC treaties, Budapest convention.

·        
Set standards and common minimum
requirements for government bodies and market,

·        
Maintain the reliability and
interoperability of the Internet,

·        
Promote research, innovation and
development in CS,

·        
Improve governance of the internet,

·        
Promote access to the internet,

·        
Promote CS through strategic
procurement,

·        
Improve the policy and legal framework
on CS,

·        
Mainstream CS into national security
agenda,

·        
Improve coordination of CS initiatives,
and

·        
Facilitate training of law enforcement,
judicial and technical personnel to address cyber threats.

 

 		 	   		  
_______________________________________________
kictanet mailing list
kictanet at lists.kictanet.or.ke

https://lists.kictanet.or.ke/mailman/listinfo/kictanet

Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/info%40alyhussein.com


The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.


KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
 		 	   		  

_______________________________________________

kictanet mailing list

kictanet at lists.kictanet.or.ke

https://lists.kictanet.or.ke/mailman/listinfo/kictanet



Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/blongwe%40gmail.com



The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.




KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.


 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.kictanet.or.ke/pipermail/kictanet/attachments/20140328/5009a02b/attachment.htm>


More information about the KICTANet mailing list