[kictanet] Computer and Cyber Crimes bill 2016 Day 4 of 5 Part IV General Provisions

Thu Jul 28 09:17:04 EAT 2016

Dear all,

A cyberattack intended to harm the Kenyan economy would likely target computers that operate the civilian critical infrastructure and government agencies.Membership in the most highly-skilled computer hacker groups is sometimes very exclusive, and share only with each other their most closely-guarded set of sophisticated hacker tools. These exclusive hacker groups do not seek attention because maintaining secrecy allows them to operate more effectively.

As we come up with the security bill, for posterity we may borrow a leaf from the US irregardless of the lack of resources. Check out the following excerpt:

In 2002, the Federal Information Security Management Act (FISMA) was enacted, giving the Office of Management and Budget (OMB) responsibility for coordinating information security standards and guidelines developed by federal agencies. In 2003, the National Strategy to Secure Cyberspace was published by the Administration to encourage the private sector to improve computer security for the U.S. critical infrastructure through having federal agencies set an example for best security practices. The National Cyber Security Division (NCSD), within the Information Analysis and Infrastructure Protection Directorate of the Department of Homeland Security (DHS) oversees a Cyber Security Tracking, Analysis and Response Center (CSTARC), tasked with conducting analysis of cyberspace threats and vulnerabilities, issuing alerts and warnings for cyberthreats, improving information sharing, responding to major cybersecurity incidents, and aiding in national-level recovery efforts. In addition, a Cyber Warning and Information Network (CWIN) begun operation in 50 locations, and serves as an early warning system for cyberattacks. The CWIN is engineered to be reliable and survivable, has no dependency on the Internet or the public switched network (PSN), and reportedly will not be affected if either the Internet or PSN suffer disruptions.In January 2004, the NCSD also created the National Cyber Alert System (NCAS), a coordinated national cybersecurity system that distributes information to subscribers to help identify, analyze, and prioritize emerging vulnerabilities and cyberthreats. NCAS is managed by the United States Computer Emergency Readiness Team (US-CERT), a partnership between NCSD and the private sector,

 As computer-literate youth increasingly become radicalized ,cyberterrorism will continue to be a threat. Does the Kenyan government have data to support the involvement of terrorists in cyberterrorism? These reports can help use measure losses attributed to the attacks and scale up training of computer security experts (not forgetting the private sector)

Does the Kenyan government have cyberweapons, or malicious code designed to attack and disrupt the targeted computer systems of an adversary in case we come under an attack? This needs to be taken into consideration too.

Many firms are reluctant to share important computer security information with government agencies because of the possibility of having competitors become aware of a company’s security vulnerabilities. How can this be handled?

Could we have a programme of training intelligence officers on computer security matters including ethical hacking?

 Finally, there is a clause that accepts evidence on child pornography if it is meant for research. This sub-section must be expounded further in order to avoid misinterpretation while at the same time taking care of children’s rights.

Regards,

Ronald Ojino 

> On Jul 28, 2016, at 8:55 AM, Kelvin Kariuki via kictanet <kictanet at lists.kictanet.or.ke> wrote:
> 
> Dear Listers,
> 
> Thank you for your contribution on the previous days discussions, feel free to still comment on them under their respective mail stream.
> 
> Today we discuss Part IV on General Provisions withing the bill, this part outlines the following sub-sections:
> 
> 40 — Territorial jurisdiction
> 41 — Forfeiture
> 42 — Prevailing clause
> 43 — Consequential amendments
> 44 — Regulations
> 
> You can access the bill here: http://www.mygov.go.ke/?p=11234 <http://www.mygov.go.ke/?p=11234> or download the attached document.
> 
> The Concern
> 1.   The Prevailing Clause states ~ "Whenever there is a conflict between this Act and any other law regarding cybercrimes, the provisions of this Act shall supersede any such other law." What does this really imply?
> 2.   Is there any other concern you want to raise on this part? If Yes, please feel free to highlight it on this mail stream.
> 
> 
> We are looking forward to your discussions on this topic.
> 
> Thank you. 
> 
> 
> Barrack and Karis.
> -- 
> Best Regards,
> 
> Kelvin Kariuki
> Twitter Handle: @teacherkaris
> Alt email: kkariuki at mmu.ac.ke <mailto:kkariuki at mmu.ac.ke>
> Mobile: +2547 29 385 557
> <MOICT-PUBLICATION-READY-COMPUTER-AND-CYBERCRIMES-BILL-2016-1-1-1.pdf>_______________________________________________
> kictanet mailing list
> kictanet at lists.kictanet.or.ke
> https://lists.kictanet.or.ke/mailman/listinfo/kictanet
> 
> Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/ronojinx%40gmail.com
> 
> The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.
> 
> KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.kictanet.or.ke/pipermail/kictanet/attachments/20160728/cb26989b/attachment.htm>