Thanks Ali. Noted.
CC: kictanet@lists.kictanet.or.ke
From: ali@hussein.me.ke
Subject: Re: [kictanet] Proposed Kictanet’s input into Kenya’s Draft Cyber Security Strategy
Date: Wed, 26 Mar 2014 03:32:15 +0300
To: ggithaiga@hotmail.comGrace, VictorThanks for your input. The one thing that I would add is the mitigation of mass surveillance against the backdrop of international terrorism. Whilst this is an issue of personal freedom vis a vis the issue of national security we must have in place a mechanism to ensure that personal freedoms are not trampled on in the interest of individuals who clock the violations as necessary in the interest of national security.
Ali Hussein+254 0770 906375 / 0713 601113Twitter: @AliHKassim
Skype: abu-jomo
LinkedIn: http://ke.linkedin.com/in/alihkassim
Blog: www.alyhussein.com
"I fear the day technology will surpass human interaction. The world will have a generation of idiots". ~ Albert EinsteinSent from my iPadDear Listers
On March 14, the GOK through the ICT Authority released a 13 page draft Cyber Security Strategy (http://www.scribd.com/doc/212456939/GOK-National-Cybersecurity-Strategy).
We had considered conducting an online discussion on the draft as is usually the tradition, but this has not been possible. I therefore requested Victor Kapiyo to give us some initial thoughts that can we can build on, and which will form part of our submission.
The deadline for submission is this coming Friday, March 28. We propose to send the comments by Thursday March 27, 2013.
I wish to kindly request you to add/ subtract/amend by Thursday 1.00 pm (March 27, 2013).
General Comments
The strategy appears to be generic. It lacks specifics and glosses over several key issues:
· It lacks a detailed discussion of the current context - current statistics of internet usage, threats to the internet, key bodies, resolutions, policies, directives, key public concerns, challenges facing the country, current legal and policy framework for ICT etc.
· Lacks clear justification for the strategy.
· Fails to identify the key players/stakeholders/institutions in governmet, private sector, civil society – and their roles and responsibilities in addressing CS issues, how they will be involved and their coordination mechanisms.
· Does not provide reasons or demonstrate how and why the prioritized goals were arrived at/chosen.
· The actions under the goals are few and not SMART.
· It fails to discuss the current legal and policy framework to address CS on which it should be anchored.
Proposals/ Recommendations
The strategy should clearly articulate what the government intends to do, viz:
· Enhance protection and promotion of fundamental rights and freedoms in the Bill of Rights in particular on expression, media, participation, personal data and privacy,
· Promote the national values under article. 10 of the constitution – rule of law, democracy, participation, good governance etc.
· Improve preparedness, rapid response and capabilities to respond - CERTs
· Improve cooperation with, clarify obligations, and manage roles and responsibilities of operators of critical infrastructure and key providers of on-line services, such as e-commerce platforms, Internet payment gateways, social networks, search engines, cloud computing services, app stores.
· Improve transparency and accountability in the management of the net and CS
· Address public concerns over censorship / mass surveillance in a post-snowden era
· Improve information sharing and cooperation - how should the info flow, which routes?
· Improve the reporting and publicity of cyber-security incidents to the relevant authorities
· Promote openness of the internet, GoK commitments under open government.
· Regulate - who is currently covered/who is responsible?
· Improve international cooperation and engagement with international instruments - EAC treaties, Budapest convention.
· Set standards and common minimum requirements for government bodies and market,
· Maintain the reliability and interoperability of the Internet,
· Promote research, innovation and development in CS,
· Improve governance of the internet,
· Promote access to the internet,
· Promote CS through strategic procurement,
· Improve the policy and legal framework on CS,
· Mainstream CS into national security agenda,
· Improve coordination of CS initiatives, and
· Facilitate training of law enforcement, judicial and technical personnel to address cyber threats.
_______________________________________________
kictanet mailing list
kictanet@lists.kictanet.or.ke
https://lists.kictanet.or.ke/mailman/listinfo/kictanet
Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/info%40alyhussein.com
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
_______________________________________________
kictanet mailing list
kictanet@lists.kictanet.or.ke
https://lists.kictanet.or.ke/mailman/listinfo/kictanet
Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/blongwe%40gmail.com
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.