<html>
<head>
<style><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 12pt;
font-family:Calibri
}
--></style></head>
<body class='hmmessage'><div dir='ltr'>Thanks Ali. Noted.<br><br><div><hr id="stopSpelling">CC: kictanet@lists.kictanet.or.ke<br>From: ali@hussein.me.ke<br>Subject: Re: [kictanet] Proposed Kictanet’s input into Kenya’s Draft Cyber Security Strategy<br>Date: Wed, 26 Mar 2014 03:32:15 +0300<br>To: ggithaiga@hotmail.com<br><br><div>Grace, Victor</div><div><br></div><div>Thanks for your input. The one thing that I would add is the mitigation of mass surveillance against the backdrop of international terrorism. Whilst this is an issue of personal freedom vis a vis the issue of national security we must have in place a mechanism to ensure that personal freedoms are not trampled on in the interest of individuals who clock the violations as necessary in the interest of national security. <br><br><div><span style=""><b>Ali Hussein</b></span></div><div><br></div><div style="font-family:Helvetica;font-size:medium;">+254 0770 906375 / 0713 601113</div><div style="font-family:Helvetica;font-size:medium;"><br></div><div><p style=""><span style="background-color:rgba(255, 255, 255, 0);">Twitter: @AliHKassim</span></p><span style="background-color:rgba(255, 255, 255, 0);"></span><p style=""><span style="background-color:rgba(255, 255, 255, 0);">Skype: abu-jomo</span></p><p style=""><span style="background-color:rgba(255, 255, 255, 0);">LinkedIn: <a href="http://ke.linkedin.com/in/alihkassim" target="_blank">http://ke.linkedin.com/in/alihkassim</a><a href="http://ke.linkedin.com/in/alihkassim" target="_blank"><span style="text-decoration:none;"></span></a></span></p><span style="background-color:rgba(255, 255, 255, 0);"></span><p style=""></p><span style="background-color:rgba(255, 255, 255, 0);">Blog: <a href="http://www.alyhussein.com/" target="_blank">www.alyhussein.com</a></span><br></div><div><span style=""><br></span></div><div>"I fear the day technology will surpass human interaction. The world will have a generation of idiots".  ~ Albert Einstein</div><div><span style=""><br></span></div>Sent from my iPad</div><div><br>On Mar 25, 2014, at 10:09 PM, Grace Githaiga <<a href="mailto:ggithaiga@hotmail.com">ggithaiga@hotmail.com</a>> wrote:<br><br></div><blockquote><div>

<style><!--
.ExternalClass .ecxhmmessage P {
padding:0px;
}

.ExternalClass body.ecxhmmessage {
font-size:12pt;
font-family:Calibri;
}

--></style>
<div dir="ltr"><div dir="ltr"><h2 style="line-height:22.5pt;background-position:initial initial;"><span style="font-size:12pt;">Dear Listers</span></h2>

<p class="ecxMsoNoSpacing">On March 14, the GOK through the ICT Authority
released a 13 page draft Cyber Security Strategy (<span style="background-position:initial initial;"><a href="http://www.scribd.com/doc/212456939/GOK-National-Cybersecurity-Strategy" target="_blank"><span style="color:windowtext;">http://www.scribd.com/doc/212456939/GOK-National-Cybersecurity-Strategy</span></a></span><span style="background-position:initial initial;">).</span></p>

<p class="ecxMsoNoSpacing"><span style="background-position:initial initial;"> </span></p>

<p class="ecxMsoNoSpacing"><span style="background-position:initial initial;">We had considered
conducting an online discussion on the draft as is usually the tradition, but this
has not been possible. I therefore requested Victor Kapiyo to give us some
initial thoughts that can we can build on, and which will form part of our
submission. </span></p>

<p class="ecxMsoNoSpacing"><span style="background-position:initial initial;"> </span></p>

<p class="ecxMsoNoSpacing"><span style="background-position:initial initial;">The deadline for
submission is this coming Friday, March 28. 
We propose to send the comments by Thursday March 27, 2013.</span></p>

<p class="ecxMsoNoSpacing"><span style="background-position:initial initial;"> </span></p>

<p class="ecxMsoNoSpacing"><span style="background-position:initial initial;">I wish to kindly request
you to add/ subtract/amend by Thursday 1.00 pm (March 27, 2013). </span></p>

<p class="ecxMsoNormal" style=""><span style="background-position:initial initial;"> </span></p>

<p class="ecxMsoNormal" style=""><b>General
Comments</b></p>

<p class="ecxMsoNormal" style=""><b> </b></p>

<p class="ecxMsoNormal" style=""><span style="background-position:initial initial;">The strategy appears to be generic. It
lacks specifics and glosses over several key issues:</span><br>
<br>
<b></b></p>

<p class="ecxMsoNormal" style="text-indent:-0.25in;line-height:15.95pt;background-position:initial initial;"><span style="font-size:10.0pt;font-family:Symbol;">·<span style="font-size:7pt;line-height:normal;font-family:'Times New Roman';">        
</span></span>It lacks a detailed discussion of the
current context - current statistics of internet usage, threats to the
internet, key bodies, resolutions, policies, directives, key public concerns,
challenges facing the country, current legal and policy framework for ICT etc.</p>

<p class="ecxMsoNormal" style="text-indent:-0.25in;line-height:15.95pt;background-position:initial initial;"><span style="font-size:10.0pt;font-family:Symbol;">·<span style="font-size:7pt;line-height:normal;font-family:'Times New Roman';">        
</span></span>Lacks clear justification for the
strategy.</p>

<p class="ecxMsoNormal" style="text-indent:-0.25in;line-height:15.95pt;background-position:initial initial;"><span style="font-size:10.0pt;font-family:Symbol;">·<span style="font-size:7pt;line-height:normal;font-family:'Times New Roman';">        
</span></span>Fails to identify the key players/stakeholders/institutions
in governmet, private sector, civil society – and their roles and
responsibilities in addressing CS issues, how they will be involved and their
coordination mechanisms.</p>

<p class="ecxMsoNormal" style="text-indent:-0.25in;line-height:15.95pt;background-position:initial initial;"><span style="font-size:10.0pt;font-family:Symbol;">·<span style="font-size:7pt;line-height:normal;font-family:'Times New Roman';">        
</span></span>Does not provide reasons or demonstrate
how and why the prioritized goals were arrived at/chosen.</p>

<p class="ecxMsoNormal" style="text-indent:-0.25in;line-height:15.95pt;background-position:initial initial;"><span style="font-size:10.0pt;font-family:Symbol;">·<span style="font-size:7pt;line-height:normal;font-family:'Times New Roman';">        
</span></span>The actions under the goals are few and
not SMART.</p>

<p class="ecxMsoNormal" style="text-indent:-0.25in;line-height:15.95pt;background-position:initial initial;"><span style="font-size:10.0pt;font-family:Symbol;">·<span style="font-size:7pt;line-height:normal;font-family:'Times New Roman';">        
</span></span>It fails to discuss the current legal
and policy framework to address CS on which it should be anchored.</p>

<p class="ecxMsoNormal" style="line-height:15.95pt;background-position:initial initial;"> </p>

<p class="ecxMsoNormal" style="line-height:15.95pt;background-position:initial initial;"><b>Proposals/ Recommendations</b></p>

<p class="ecxMsoNormal" style="line-height:15.95pt;background-position:initial initial;">The
strategy should clearly articulate what the government intends to do, viz:</p>

<p class="ecxMsoNormal" style="text-indent:-0.25in;line-height:15.95pt;background-position:initial initial;"><span style="font-size:10.0pt;font-family:Symbol;">·<span style="font-size:7pt;line-height:normal;font-family:'Times New Roman';">        
</span></span>Enhance protection and promotion of
fundamental rights and freedoms in the Bill of Rights in particular on
expression, media, participation, personal data and privacy,</p>

<p class="ecxMsoNormal" style="text-indent:-0.25in;line-height:15.95pt;background-position:initial initial;"><span style="font-size:10.0pt;font-family:Symbol;">·<span style="font-size:7pt;line-height:normal;font-family:'Times New Roman';">        
</span></span>Promote the national values under article.
10 of the constitution – rule of law, democracy, participation, good governance
etc.</p>

<p class="ecxMsoNormal" style="text-indent:-0.25in;line-height:15.95pt;background-position:initial initial;"><span style="font-size:10.0pt;font-family:Symbol;">·<span style="font-size:7pt;line-height:normal;font-family:'Times New Roman';">        
</span></span>Improve preparedness, rapid response
and capabilities to respond - CERTs</p>

<p class="ecxMsoNormal" style="text-indent:-0.25in;line-height:15.95pt;background-position:initial initial;"><span style="font-size:10.0pt;font-family:Symbol;">·<span style="font-size:7pt;line-height:normal;font-family:'Times New Roman';">        
</span></span>Improve cooperation with, clarify
obligations, and manage roles and responsibilities of operators of critical
infrastructure and key providers of on-line services, such as e-commerce
platforms, Internet payment gateways, social networks, search engines, cloud
computing services, app stores.</p>

<p class="ecxMsoNormal" style="text-indent:-0.25in;line-height:15.95pt;background-position:initial initial;"><span style="font-size:10.0pt;font-family:Symbol;">·<span style="font-size:7pt;line-height:normal;font-family:'Times New Roman';">        
</span></span>Improve transparency and accountability
in the management of the net and CS</p>

<p class="ecxMsoNormal" style="text-indent:-0.25in;line-height:15.95pt;background-position:initial initial;"><span style="font-size:10.0pt;font-family:Symbol;">·<span style="font-size:7pt;line-height:normal;font-family:'Times New Roman';">        
</span></span>Address public concerns over censorship
/ mass surveillance in a post-snowden era</p>

<p class="ecxMsoNormal" style="text-indent:-0.25in;line-height:15.95pt;background-position:initial initial;"><span style="font-size:10.0pt;font-family:Symbol;">·<span style="font-size:7pt;line-height:normal;font-family:'Times New Roman';">        
</span></span>Improve information sharing and
cooperation - how should the info flow, which routes?</p>

<p class="ecxMsoNormal" style="text-indent:-0.25in;line-height:15.95pt;background-position:initial initial;"><span style="font-size:10.0pt;font-family:Symbol;">·<span style="font-size:7pt;line-height:normal;font-family:'Times New Roman';">        
</span></span>Improve the reporting and publicity of
cyber-security incidents to the relevant authorities</p>

<p class="ecxMsoNormal" style="text-indent:-0.25in;line-height:15.95pt;background-position:initial initial;"><span style="font-size:10.0pt;font-family:Symbol;">·<span style="font-size:7pt;line-height:normal;font-family:'Times New Roman';">        
</span></span>Promote openness of the internet, GoK
commitments under open government.</p>

<p class="ecxMsoNormal" style="text-indent:-0.25in;line-height:15.95pt;background-position:initial initial;"><span style="font-size:10.0pt;font-family:Symbol;">·<span style="font-size:7pt;line-height:normal;font-family:'Times New Roman';">        
</span></span>Regulate - who is currently covered/who
is responsible?</p>

<p class="ecxMsoNormal" style="text-indent:-0.25in;line-height:15.95pt;background-position:initial initial;"><span style="font-size:10.0pt;font-family:Symbol;">·<span style="font-size:7pt;line-height:normal;font-family:'Times New Roman';">        
</span></span>Improve international cooperation and
engagement with international instruments - EAC treaties, Budapest convention.</p>

<p class="ecxMsoNormal" style="text-indent:-0.25in;line-height:15.95pt;background-position:initial initial;"><span style="font-size:10.0pt;font-family:Symbol;">·<span style="font-size:7pt;line-height:normal;font-family:'Times New Roman';">        
</span></span>Set standards and common minimum
requirements for government bodies and market,</p>

<p class="ecxMsoNormal" style="text-indent:-0.25in;line-height:15.95pt;background-position:initial initial;"><span style="font-size:10.0pt;font-family:Symbol;">·<span style="font-size:7pt;line-height:normal;font-family:'Times New Roman';">        
</span></span>Maintain the reliability and
interoperability of the Internet,</p>

<p class="ecxMsoNormal" style="text-indent:-0.25in;line-height:15.95pt;background-position:initial initial;"><span style="font-size:10.0pt;font-family:Symbol;">·<span style="font-size:7pt;line-height:normal;font-family:'Times New Roman';">        
</span></span>Promote research, innovation and
development in CS,</p>

<p class="ecxMsoNormal" style="text-indent:-0.25in;line-height:15.95pt;background-position:initial initial;"><span style="font-size:10.0pt;font-family:Symbol;">·<span style="font-size:7pt;line-height:normal;font-family:'Times New Roman';">        
</span></span>Improve governance of the internet,</p>

<p class="ecxMsoNormal" style="text-indent:-0.25in;line-height:15.95pt;background-position:initial initial;"><span style="font-size:10.0pt;font-family:Symbol;">·<span style="font-size:7pt;line-height:normal;font-family:'Times New Roman';">        
</span></span>Promote access to the internet,</p>

<p class="ecxMsoNormal" style="text-indent:-0.25in;line-height:15.95pt;background-position:initial initial;"><span style="font-size:10.0pt;font-family:Symbol;">·<span style="font-size:7pt;line-height:normal;font-family:'Times New Roman';">        
</span></span>Promote CS through strategic
procurement,</p>

<p class="ecxMsoNormal" style="text-indent:-0.25in;line-height:15.95pt;background-position:initial initial;"><span style="font-size:10.0pt;font-family:Symbol;">·<span style="font-size:7pt;line-height:normal;font-family:'Times New Roman';">        
</span></span>Improve the policy and legal framework
on CS,</p>

<p class="ecxMsoNormal" style="text-indent:-0.25in;line-height:15.95pt;background-position:initial initial;"><span style="font-size:10.0pt;font-family:Symbol;">·<span style="font-size:7pt;line-height:normal;font-family:'Times New Roman';">        
</span></span>Mainstream CS into national security
agenda,</p>

<p class="ecxMsoNormal" style="text-indent:-0.25in;line-height:15.95pt;background-position:initial initial;"><span style="font-size:10.0pt;font-family:Symbol;">·<span style="font-size:7pt;line-height:normal;font-family:'Times New Roman';">        
</span></span>Improve coordination of CS initiatives,
and</p>

<p class="ecxMsoNormal" style="text-indent:-0.25in;line-height:15.95pt;background-position:initial initial;"><span style="font-size:10.0pt;font-family:Symbol;">·<span style="font-size:7pt;line-height:normal;font-family:'Times New Roman';">        
</span></span>Facilitate training of law enforcement,
judicial and technical personnel to address cyber threats.</p>

<p class="ecxMsoNormal"> </p>
</div>                                      </div>
</div></blockquote><blockquote><div><span>_______________________________________________</span><br><span>kictanet mailing list</span><br><span><a href="mailto:kictanet@lists.kictanet.or.ke">kictanet@lists.kictanet.or.ke</a></span><br><span><a href="https://lists.kictanet.or.ke/mailman/listinfo/kictanet" target="_blank">https://lists.kictanet.or.ke/mailman/listinfo/kictanet</a></span><br><span></span><br><span>Unsubscribe or change your options at <a href="https://lists.kictanet.or.ke/mailman/options/kictanet/info%40alyhussein.com" target="_blank">https://lists.kictanet.or.ke/mailman/options/kictanet/info%40alyhussein.com</a></span><br><span></span><br><span>The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.</span><br><span></span><br><span>KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.</span></div></blockquote></div>                                    </div></body>
</html>