Hi David In my engagements with policy makers I emphasize the need for the government to intentionally identify relevant cybersecurity standards (either international, local or international ones that are localized) and then implement them within government and encourage the rest of the industry in the country to also adopt and implement. These standards are a good benchmark to define “secure” (though one must never accept reaching a standard as the end goal and not get complacent) and can be specific to certain areas (such as cloud, telcom networks, software etc) or be about certain processes and can be tested and certified against. This can grow the cybersecurity ecosystem (labs, certifiers, standards consultants etc) and support talent training and development as well. Such standards may not need to be legally required necessarily, but this would be a discussion worth having. Adam From: David Indeje via KICTANet <kictanet@lists.kictanet.or.ke> Sent: Thursday, 15 August 2024 08:38 To: Adam Lane <adam.lane@huawei.com> Cc: David Indeje <dindeje@kictanet.or.ke> Subject: [kictanet] Re: Discussion: Shaping Kenya's Cybersecurity Ecosystem Dear Listers, Day 3: The CMCA has profound implications for businesses, individuals, and the digital economy in Kenya. Its effectiveness in balancing innovation with cybersecurity, addressing emerging technologies, and protecting individual rights is a subject of ongoing debate. Today, we encourage discussion on the challenges and opportunities presented by the CMCA and explore potential solutions to enhance its effectiveness in shaping a secure and vibrant digital future for Kenya. Section 5: Impact on Businesses and Individuals. 1. How has the CMCA impacted businesses in Kenya in terms of cybersecurity practices and investments? 2. Do you believe the CMCA adequately protects the rights of individuals in the digital space? 3. Have there been any unintended consequences of the CMCA on businesses or individuals? 4. How has the CMCA affected the digital economy in Kenya? Section 6: An analysis of the effectiveness of the CMCA to embrace emerging technologies and the cyberthreats they pose therein. 1. How does the CMCA balance the need for innovation with cybersecurity? 2. Does the Act create an environment conducive to technological advancement or are there any provisions that stifle innovation? 3. How well does the CMCA address emerging technologies such as artificial intelligence, blockchain, Internet of Things (IoT), quantum computing and cryptocurrency? What can be done to enhance its ability to address these lacunas (if any). 4. How can the legal framework provided by the CMCA be enhanced to regulate the use of emerging technologies, while protecting individual digital rights? Section 7: General Questions. 1. Are there any legal uncertainties or ambiguities in the Act that hinder its effectiveness? 2. What are the capacity-building needs of law enforcement and the judiciary in addressing cybercrimes related to emerging technologies? 3. Is the country’s cybersecurity infrastructure sufficiently robust to address the challenges posed by emerging technologies? 4. Any other relevant comment that you may wish to include as regards the CMCA? -- Kind Regards, David Indeje @KICTANet<https://www.kictanet.or.ke/> Communications _____________________________________ [https://cytonn.sheerhr.com/signature/icon/ico-phone.png]+254 (0) 711 385 945 | +254 (0) 734 024 856 KICTANet portals Connect With Us<https://linktr.ee/Kictanet> ______________________________________