Government acts on driving e-commerce growth
Establishment of a
secure online environment will be implemented come October
Nairobi 20th March, 2013: The government through the Kenya ICT board, Communications Commission of Kenya (CCK) and Directorate of E-government, today held a forum with stakeholders to sensitise them on what it will take to secure online transactions. Public Key Infrastructure (PKI), is the national system that the government is implementing to provide digital certification services.
Through the Public
Key Infrastructure (PKI), the government will set up an online identity and
verification system where each citizen will be issued with a unique online
identity (digital certificate) that will be required whenever they take part in
online transactions. The project is being implemented by Korea technology
company Samsung SDS.
“Electronic signing is the most ensuring method to help solve a lot of the on-line crimes we see such as hacking, identity theft and forgery of sensitive information. Interested individuals will apply for a digital certificate using their name and ID number and later called in for a face-to-face authentication process by the Accredited Certificate Authority. Following the verification process, the applicants will then be authorized to download the digital certificate to the PC or USB (HSM token),” explained Evans Kahuthu, Project Manager Information Security at the Kenya ICT Board.
The online
certificate will be a unique Internet ID (a cryptographic key) that will
facilitate access to on-line government services leading to increased online
business.
“Going forward, we will be getting into complex, sophisticated and very hard to investigate organized cybercrime. It is therefore prudent that the government readies itself to tackle these new challenges,” said Francis Mwaura, Senior Assistant Director, and Directorate of E-Government.
“As the government moves to automate and digitize its records, e-government will handle a lot of sensitive data, and this calls for security of these records,” added Francis Mwaura.
The project expected date of completion is October and it will be piloted at the Kenya Revenue Authority before a roll-out to other government agencies and ministries. This will mean that those applying for KRA online services e.g tax returns and pin certificates will have to apply for digital certificates before they are allowed to transact.
“Internet users have to struggle with a trade-off between convenience and security. As countries all over the world are making progress in e-government, all offline activities are being changed into online ones like e-commerce, e-banking, e-procurement and e-bidding through the internet. That’s why PKI is so crucial at this time,” said Samsung SDS Vice President, Sungwon Han.
“Kenya is taking the lead in East Africa,” said Michael Katundu, Director
Information Technology at CCK, who also chairs the Cyber Security Steering Committee
in the region. CCK will be the root certification
authority and will also accredit private companies who will issue certification
to online users on their behalf. Full details of who qualifies to be an accreditter
will be published on CCK website (www.cck.go.ke).
Immediate beneficiaries of PKI are those that rely heavily on e-transactions among them; Banks, Tax bodies (KRA), online businesses and those that hold sensitive information like Medical service providers, legal entities and government ministries like the Immigration and Lands.
In 2009, Kenya passed the amendment legislation introducing the regulation of Electronic Signatures (E-Signature) into the Kenya Information and Communications Act, Cap 411A (as part of e-transactions).
Subsequent subsidiary legislation to operationalise this framework was designed in 2010 in the form of Kenya Information and Communications (Electronic Certification and Domain Name Administration) Regulations, 2010.
For more information contact pnyambura@ict.go.ke