In a move aimed at bolstering the nation’s digital defences, the Kenyan government has taken a significant step towards enlisting public input for the refinement of draft cybersecurity regulations.
The Cabinet Secretary for Interior and National Administration has issued an official notice through local newspapers, urging citizens to contribute their insights regarding the proposed Critical Information Infrastructure and Cybercrime Management Regulations, 2023.
One of the primary goals of the draft regulations is to provide a structured framework for monitoring, detecting, and responding to cybersecurity threats within the digital realm of Kenya. As the threat landscape continues to evolve, this objective aims to ensure that the nation remains agile and prepared in the face of emerging digital risks such as the recent DDoS attacks by threat actor Anonymous Sudan on Kenya’s citizen platform and key government websites.
The draft regulations also seek to establish guidelines for the establishment and proficient management of Cybersecurity Operations Centers to centralize efforts related to threat mitigation, incident response, and collaborative cybersecurity efforts.
A critical aspect of the proposed regulations is the emphasis on the protection, preservation, and effective management of Critical Information Infrastructure. This objective recognizes the pivotal role that certain digital assets play in the functioning of the nation, necessitating a robust protective framework.
The draft regulations lay the groundwork for enabling comprehensive audit and inspection of the National Critical Information Infrastructure. This objective serves as a crucial accountability measure, ensuring that the nation’s digital assets are not only protected but also subject to regular assessments to identify potential vulnerabilities.
In the event of disasters, breaches, or losses related to national critical information infrastructure, the draft regulations include provisions for developing recovery plans to minimise downtime and ensure swift restoration in the face of cyber incidents.
Among the key goals of the proposed regulations is the promotion of capacity-building initiatives related to the prevention, detection, and mitigation of computer and cybercrimes. Additionally, the regulations emphasize the importance of coordination, collaboration, and shared responsibility among stakeholders within the cybersecurity sector.
Central to the draft regulations is the establishment of effective mechanisms for managing cybercrime. By setting guidelines for addressing cyber threats, the government aims to create a cohesive and streamlined approach to tackling digital crimes.
The call for submissions will run from 29th August -22nd September 2023. The public can send their input to the ministry email address email@example.com. The ministry will also conduct physical public engagement meetings across the country.