Stay networked. Get informed. Broadcast your projects.
Cybersecurity is a growing global concern as critical infrastructure and services including financial, energy, telecommunication and transport increasingly becoming internet-dependent. Deterring cybercrime is an integral component of a national cybersecurity and critical information infrastructure protection (CIIP) strategy.
The formulation and implementation of a cybersecurity strategy requires a comprehensive approach that involves the adoption of appropriate legislation against the misuse of Information and Communications Technologies (ICTs) for criminal purposes, coordinated action to prevent, prepare, respond and recover from incidents in cooperation with relevant partners at a national, regional and international level.
On the basis of research and benchmarking, this paper reviews various considerations for the establishment of a national CSIRT. The paper proposes the publishing of a national Cybersecurity strategy to support the provisions of the Kenya Information and Communications Act, 2009 which proscribes cybercrime acts including unauthorized access to computer data and interception of computer service, publishing obscene information, electronic fraud among others. To facilitate the enforcement of these provisions and improve cybersecurity in Kenya this paper recommends a process for the institutionalisation of a national Computer Security Incident Response Team (CSIRT) based on a public private partnership (PPP) model.
Further the paper recommends that a phased approached be taken in the establishment of the national CSIRT in order to prove the importance of the services thus acquiring buy-in from private sector which is critical in the provision of cybersecurity related information. In addition collaboration with the international CSIRT community is imperative to the working of the national CSIRT to facilitate trusted exchange of information.