Hi Listers,

KICTANet is inviting all Stakeholders to participate in this crucial public engagement and informed dialogue regarding the regulations conferred by the Computer Misuse and Cybercrimes (Critical Information Infrastructure and CyberCrimes Management Regulations, 2023) and released by the Cabinet Secretary for Interior and National Administration.

Your valuable input is not just welcomed, but it is essential in ensuring that the Regulations are well-informed and aligned with the rapidly evolving landscape of cybersecurity and digital technologies. 

We plan to hold a three-day online moderated debate on this list, starting from Monday to Wednesday next week (September 18- 20, 2023). The debate will be moderated by Our Linda Gichohi.  

What is your take on these regulations? Do you have any concerns about the regulations? Looking forward to your active participation.

The Regulations

Introduction

The Regulations are conferred by 70 of the Computer Misuse and Cybercrimes Act, 2018. The Cabinet Secretary for Interior and National Administration makes the following Regulations—

PART I - PRELIMINARY PROVISIONS

This encapsulates the citation, interpretation, objects of the Regulations, guiding principles, and the Scope of Regulations. Thereby entailing the official title by which the regulations should be referred, to ensure clarity, defining specific terms and phrases used within the regulations. This is to ensure that meanings are understood, and fundamental principles to be adhered to when implementing the regulations. The boundaries are defined and the applicability of the regulations including their jurisdiction and purpose. 

PART II- ADMINISTRATION AND MANAGEMENT OF THE COMMITTEE

This part essentially deals with the responsibilities of the committee, the conduct of business of the committee, and the role of the secretariat. The regulations focus on the practical aspects of how the committee operates, and are supported in its efforts to enforce and manage the regulations related to cybercrime and critical information infrastructure. 

PART III- CYBERSECURITY OPERATIONS CENTRES

This part entails the establishment and operations of the Cyber Security Operations Centres, monitoring and inspection processes related to their activities, particularly in safeguarding critical information infrastructure and addressing cyber threats. 

PART IV- CRITICAL INFORMATION INFRASTRUCTURE

This part covers the Critical Information Infrastructure and encompasses the critical aspects of managing, preserving, and protecting critical information infrastructure, including designations, obligations, security measures, auditing, inspection, and the establishment of the National Public Key Infrastructure.

PART V— CYBERSECURITY CAPABILITY AND CAPACITY

This proposes measures to strengthen cyber security capabilities and capacity through training, information sharing, information sharing, standards, collaboration, and the certification of institutions and professionals in the field of cybersecurity.

PART VI—REPORTING MECHANISM

This part focuses on the objectives, procedures, and methods of reporting cyber threats, including provisions for anonymous reporting to promote cybersecurity awareness and response. 

PART VII—MISCELLANEOUS PROVISIONS

This typically covers various miscellaneous provisions related to cybersecurity, including the adoption of best practices, partnerships, dispute resolution, and data protection while,

The “SCHEDULES” section contains additional detailed information or forms related to compliance.