The Kenyan government is poised to strengthen its cybersecurity capabilities with proposed regulations currently awaiting parliamentary approval.

The Computer Misuse and Cybercrimes (Critical Information Infrastructure and Cybercrimes Management) regulations 2024 aim to establish a National Cybersecurity Operations Center to effectively monitor, detect, prevent, respond and investigate cyber threats and crimes.

Key Features of the Proposed Regulations:

National Cybersecurity Operations Center: This central hub will collaborate with computer incident response teams and receive real-time threat intelligence from various sectors.

Sector-Specific Operations Centers: Each critical sector will have its own cybersecurity operations center responsible for its specific needs and reporting to the national center.

Cost Sharing: The respective sector regulators will bear the operational costs of their centers.

Information Sharing and Collaboration: The regulations encourage timely reporting, information sharing, and joint training exercises among all stakeholders.

Enhanced Threat Detection and Response: The national center will leverage internal and external threat intelligence to improve its situational awareness and response capabilities.

Standardized Operations: The committee will formulate standard operating procedures for all cybersecurity centers, ensuring consistency and effectiveness.

Timely Implementation Urged:

Interior Principal Secretary Raymond Omollo emphasized the urgent need for these regulations, stating: “These regulations emanated from various stakeholder engagements on cyber security and we need to have them operationalized as soon as possible.”

Surveillance and Analysis for Critical Infrastructure:

The regulations also establish a Critical Information Infrastructure Cybersecurity Operations Center to provide real-time threat information and collaborate with relevant agencies.

It will have the authority to detect, monitor, prevent, and investigate cyber threats within its designated critical infrastructure.

Mandatory Cyber Risk Assessments:

All critical infrastructure owners will be required to conduct annual cyber-risk assessments and business impact analyses. Every organization will need to undertake a risk assessment within 12 months of the regulations coming into effect.

These proposed regulations, if passed, represent a significant step forward in Kenya’s efforts to combat cyber threats and protect its critical infrastructure.

The collaborative approach, information sharing, and emphasis on preparedness bode well for a more secure digital future for the nation.