NC4 Engages Financial Institutions, Health and Education Sectors on the Regulations
Nairobi,
Thursday, September 21, 2023
KNA by Michael Omondi
The National Computer and Cybercrime Coordination Committee (NC4) Taskforce has received inquiries, opinions, proposals and recommendations from various stakeholders including Financial Institutions, Health and Academia during the Critical Information Infrastructure (CII) and Cyber Crime Management Draft Regulations Public Participation Exercise.
As the exercise enters the third day, the Task Force's aim is to appraise the public on the Computer Misuse and Cybercrimes (Critical Information Infrastructure and Cybercrime Management) Draft Regulations, 2023 established under the Computer Misuse and Cybercrimes Act 2018 (CMCA), Sections 4 and 5.
The Taskforce Head of Cybersecurity, Policy, and Strategy Dr. David Njoga stated that NC4’s mandate is to coordinate national cybersecurity matters; to enable timely & effective management of computer misuse and cybercrimes in Kenya.
He disclosed that Cyberspace has emerged as the fifth-largest strategic space for socioeconomic development and Security driven by increased connectivity and wide adoption of digital technologies, cyberspace has become a new nervous system supporting the delivery of vital services i.e. GoK, businesses, health, schools, banking.
However, Njoga posited that criminals use this environment to commit crimes, steal money/ information, disrupt critical services, conduct fraud, undermine institutions, and cause political unrest.
He therefore emphasized that development of a safe and secure cyberspace ecosystem requires a robust policy, legal, and regulatory framework that is strategically supported and resourced.
“The Computer Misuse and Cybercrimes Act 2018 (CMCA) provides for offences relating to computer systems; to enable timely and effective detection, prohibition, prevention, response, investigation, and prosecution of computer and cybercrimes.
Njoga reminded the stakeholders that the CMCA 2018 Regulations Taskforce (inaugurated on 14 Feb 23 and gazetted on 3 May 23) was tasked to come up with regulations that will put into effect this law.
Meanwhile the Kenya Bankers Association of Kenya (KBA) representing 47 financial institutions across the country agreed that the intent of the regulations is to co-ordinate the various players in the cybersecurity ecosystem in the country, nevertheless, a number of proposals created structures or responsibilities in the Taskforce that are either duplicating or are inconsistent with existing structures.
KBA observed that a number of organizations and institutions have already invested in Security Operations Center (SOC) and therefore proposed that the regulations should be modified to either provide for the creation of SOCs where there are none and develop mechanisms for sharing intelligence between existing SOCs with the Taskforce, to enable it leverage on existing infrastructure and strengthen areas that need to.
On the National Public Private Key Infrastructure (PKI) which already has a Root Certificate Authority with a regulatory mechanism for Certificate Authorities and Registration Authorities, the Association was on the view that creation of a Bridge for PKIs is a duplication of the existing National PKI which it termed unnecessary.
KBA insisted that the current mechanism reporting of cybersecurity incidents (National CIRT) should be leveraged by the Taskforce to collect and report all incidents and trends as well as offer guidance on what actions the various financial sector CIRTs take to improve the cybersecurity pasture.
“This would remove the need to develop parallel structures of incidence reporting and reduce the burden on stakeholders,” stressed Geoffrey Kobanga, a representative from KBA.
The stakeholders reiterated that Kenya, bursting with a very robust IT environment and housing players from institutions and academia who conduct training and capacity building on cybersecurity areas, should not conflict with existing duplicate regulations.
They believe that the Task Force's role is to advise on these areas and facilitate special skills it deems necessary for national security and protection of critical infrastructures either by leveraging local institutions or arranging for specialized trainers from the international market.
The stakeholders consider maintaining a register of institutions domiciled in Kenya potentially harmful to the financial, education and health industries by curtailing research activities and innovation and limit the rights of employer, employees and foreign experts to engage and also slow time-critical activity if there is a need by foreign experts to deliver critical response but are not in the Task Force's database.
They appealed to the Taskforce to address their concerns to ensure that regulations can be implemented with the least burden to stakeholders, both in the cost of the structures to the economy and also in the compliance costs for all the stakeholders impacted by the act.
Courtesy ; KNA
What's Your Reaction?