Kenya on Tuesday announced the launch of the country's National Cybersecurity Strategy and Master Plan(NCSMP). The NCSMP will be part of the National ICT Masterplan that will be launched on Thursday this week.
The launch was held at the Sarova Stanley and attended by Bitange Ndemo - Permanent Secretary in the Ministry of Information and Communication, Paul Kukubo - Kenya ICT Board CEO and consultants from Booz Allen Hamilton who helped develop the master plan. The master plan is meant to come up with a guide of how the government and private sector will approach cyber security issues, which is currently approached in a reactive manner.
The PS said that passwords were dead as a means of security and it's time the country moved to a better security system to mitigate existing threats. Threats in the country have been on the rise as the country's ICT infrastructure develops, starting from the arrival of undersea fiber optic cables in mid-2009. The arrival of Government Shared Services in coming months and Kenya Infrastructure Project will lead to more exposure and threats.
Recent security issues include the defacement of 103 government websites and a number of attacks that have hit the banking sector. Fiona Asunga - CEO at the Telecommunications Service Providers Association of Kenya(TESPOK) says that through a private sector Cybersecurity Incident Response Team (CIRT) has been helping a number of banks mitigate attacks on their networks.
Kukubo says the NSCMP will provide a governance mechanism, both for government and private sector, a Chief Security Officer (CSO), coming up with a national cyber security assets inventory and establishing approved cyber security vendors. The use of ICT in many industries means that national infrastructure such as water companies, power infrastructure, banking and payments are exposed to ICT threats.
Ndemo says the governing board will be multi-stakeholder, much in the same way as the Internet Corporation for Assigned Names and Numbers (ICANN). He also said that a data protection bill was in the draft.
Tyrus Kamau, one of the consultants behind the masterplan says that its implementation will see better cyber security in the country, which will in turn lead to confidence in electronic transactions, resulting to economic growth. The move will also ensure confidence as the government rolls out various eGovernment services.
The Master Plan will be published in two weeks and then open to input from stakeholders. At the launch, it also emerged that there was a shortage of ICT experts in the country. This include DNS security experts that saw the Kenya Network Information Centre hire a South African firm to implement DNSSEC, IBM which couldn't find data scientists locally for their recently open Research Lab. The government trained data centre experts which it immediately lost to the private sector.
TESPOK and the government also differed on the implementation of individual IP addresses on all connected devices rather. Currently, telecommunications providers use network address translation which maps few external addresses to a number of devices using a different set of internal network addresses. Outside the network, all these devices are then seen as one device. The government says there's no policy on firms disclosing security breaches and data exposure in such breaches.