By Lauryne Akoth
The National Assembly has approved the Computer Misuse and Cybercrime (Critical Information Infrastructure and Cybercrime Management) Regulations, 2024.
Referred to as Legal Notice No. 44 of 2024, these regulations underwent a comprehensive review and have been approved, per the Constitution, the Statutory Instruments Act of 2023, and Section 70 of the Computer Misuse and Cybercrimes Act, of 2018.
The new regulations task the National Computer and Cybercrimes Coordination Committee with the collection and analysis of cyber threats through collaboration and cooperation with the Cybersecurity Operations Centres which the government intends to put up.
The Cybersecurity operation centres will include National Cybersecurity Operations Centre, Sector Cybersecurity Operations Centres, and Critical Information Infrastructure Cybersecurity Operations Centres.
The National Cybersecurity Operations Centre shall be the national focal point for monitoring, detecting, preventing, responding, investigating, and attribution of cyber threats, computers, and cybercrimes in Kenya.
The cybersecurity centres will beef up security in Kenya’s digital infrastructure as they will serve as threat intelligence platforms.
The government will empower cybersecurity centers to identify threats by implementing real-time event monitoring, analysis, log collection, and aggregation, along with an alert system. These centers will be staffed with cybersecurity specialists trained to prevent, detect, analyze, and respond to threats.
Additionally, they will manage asset inventory, vulnerability, network, and endpoint detection and response, as well as intrusion detection, malware analysis and testing, and threat prevention, monitoring, and detection.
As per the new guidelines, the ministry responsible for critical information infrastructure will serve as the Sector Cybersecurity Operation Centre.
Furthermore, the regulations provide for the committee to formulate a National Cyber Protection Framework which will provide a cyber-defence strategy for the Republic of Kenya. This comes after several cyber attacks last year that not only crippled government websites but also disrupted the country’s electricity grid system.
As per the October to December 2023 report from the Communication Authority of Kenya (CAK), the nation identified more than 1.2 billion cyber threat events within that quarter.
Previously, Edward Kisiangani, the Principal Secretary of the State Department of Broadcasting & Telecommunications, mentioned that the government is enhancing its threat detection systems and providing training to personnel to address cyber threats.