Computer Misuse and Cybercrimes (Critical Information Infrastructure and CyberCrimes Management Regulations, 2023)
Hi Listers, KICTANet is inviting all Stakeholders to participate in this crucial public engagement and informed dialogue regarding the regulations conferred by the Computer Misuse and Cybercrimes (Critical Information Infrastructure and CyberCrimes Management Regulations, 2023) <https://nc4.go.ke/cmca-2018-draft-regulations/>and released by the Cabinet Secretary for Interior and National Administration. Your valuable input is not just welcomed, but it is essential in ensuring that the Regulations are well-informed and aligned with the rapidly evolving landscape of cybersecurity and digital technologies. We plan to hold a three-day online moderated debate on this list, starting from Monday to Wednesday next week (September 18- 20, 2023). The debate will be moderated by Our Linda Gichohi. What is your take on these regulations? Do you have any concerns about the regulations? Looking forward to your active participation. We provide a quick summary of the regulations below: The Regulations Introduction The Regulations are conferred by 70 of the Computer Misuse and Cybercrimes Act, 2018. The Cabinet Secretary for Interior and National Administration makes the following Regulations— PART I - PRELIMINARY PROVISIONS This encapsulates the citation, interpretation, objects of the Regulations, guiding principles, and the Scope of Regulations. Thereby entailing the official title by which the regulations should be referred, to ensure clarity, defining specific terms and phrases used within the regulations. This is to ensure that meanings are understood, and fundamental principles to be adhered to when implementing the regulations. The boundaries are defined and the applicability of the regulations including their jurisdiction and purpose. PART II- ADMINISTRATION AND MANAGEMENT OF THE COMMITTEE This part essentially deals with the responsibilities of the committee, the conduct of business of the committee, and the role of the secretariat. The regulations focus on the practical aspects of how the committee operates, and are supported in its efforts to enforce and manage the regulations related to cybercrime and critical information infrastructure. PART III- CYBERSECURITY OPERATIONS CENTRES This part entails the establishment and operations of the Cyber Security Operations Centres, monitoring and inspection processes related to their activities, particularly in safeguarding critical information infrastructure and addressing cyber threats. PART IV- CRITICAL INFORMATION INFRASTRUCTURE This part covers the Critical Information Infrastructure and encompasses the critical aspects of managing, preserving, and protecting critical information infrastructure, including designations, obligations, security measures, auditing, inspection, and the establishment of the National Public Key Infrastructure. PART V— CYBERSECURITY CAPABILITY AND CAPACITY This proposes measures to strengthen cyber security capabilities and capacity through training, information sharing, information sharing, standards, collaboration, and the certification of institutions and professionals in the field of cybersecurity. PART VI—REPORTING MECHANISM This part focuses on the objectives, procedures, and methods of reporting cyber threats, including provisions for anonymous reporting to promote cybersecurity awareness and response. PART VII—MISCELLANEOUS PROVISIONS This typically covers various miscellaneous provisions related to cybersecurity, including the adoption of best practices, partnerships, dispute resolution, and data protection while, The “SCHEDULES” section contains additional detailed information or forms related to compliance. Again, we look forward to your active participation. Have a great weekend. -- Grace Githaiga KICTANet Convenor KICTANet portals KICTANet.or.ke <https://kictanet.or.ke/> | Twitter <https://twitter.com/kictanet> | LinkedIn <https://www.linkedin.com/company/18428106/admin/> | Facebook <https://www.facebook.com/KICTANet/>
Dear Listers, We eagerly await your valuable insights, concerns, justifications, and constructive suggestions as you actively participate and share your voices in this virtual Public Participation Forum. Your engagement holds immense significance in crafting ideal regulations fit for the Digital Realm, centering on the Computer Misuse and Cybercrimes (Critical Information Infrastructure and CyberCrimes Management Regulations, 2023). Join us in shaping the future of CyberSecurity – your input matters! See you on Monday!!! Best Regards, Linda Gichohi *Kenya ICT Action Network* On Fri, 15 Sept 2023, 11:02 Grace Githaiga via KICTANet, < [email protected]> wrote:
Hi Listers,
KICTANet is inviting all Stakeholders to participate in this crucial public engagement and informed dialogue regarding the regulations conferred by the Computer Misuse and Cybercrimes (Critical Information Infrastructure and CyberCrimes Management Regulations, 2023) <https://nc4.go.ke/cmca-2018-draft-regulations/>and released by the Cabinet Secretary for Interior and National Administration.
Your valuable input is not just welcomed, but it is essential in ensuring that the Regulations are well-informed and aligned with the rapidly evolving landscape of cybersecurity and digital technologies.
We plan to hold a three-day online moderated debate on this list, starting from Monday to Wednesday next week (September 18- 20, 2023). The debate will be moderated by Our Linda Gichohi.
What is your take on these regulations? Do you have any concerns about the regulations? Looking forward to your active participation.
We provide a quick summary of the regulations below:
The Regulations
Introduction
The Regulations are conferred by 70 of the Computer Misuse and Cybercrimes Act, 2018. The Cabinet Secretary for Interior and National Administration makes the following Regulations—
PART I - PRELIMINARY PROVISIONS
This encapsulates the citation, interpretation, objects of the Regulations, guiding principles, and the Scope of Regulations. Thereby entailing the official title by which the regulations should be referred, to ensure clarity, defining specific terms and phrases used within the regulations. This is to ensure that meanings are understood, and fundamental principles to be adhered to when implementing the regulations. The boundaries are defined and the applicability of the regulations including their jurisdiction and purpose.
PART II- ADMINISTRATION AND MANAGEMENT OF THE COMMITTEE
This part essentially deals with the responsibilities of the committee, the conduct of business of the committee, and the role of the secretariat. The regulations focus on the practical aspects of how the committee operates, and are supported in its efforts to enforce and manage the regulations related to cybercrime and critical information infrastructure.
PART III- CYBERSECURITY OPERATIONS CENTRES
This part entails the establishment and operations of the Cyber Security Operations Centres, monitoring and inspection processes related to their activities, particularly in safeguarding critical information infrastructure and addressing cyber threats.
PART IV- CRITICAL INFORMATION INFRASTRUCTURE
This part covers the Critical Information Infrastructure and encompasses the critical aspects of managing, preserving, and protecting critical information infrastructure, including designations, obligations, security measures, auditing, inspection, and the establishment of the National Public Key Infrastructure.
PART V— CYBERSECURITY CAPABILITY AND CAPACITY
This proposes measures to strengthen cyber security capabilities and capacity through training, information sharing, information sharing, standards, collaboration, and the certification of institutions and professionals in the field of cybersecurity.
PART VI—REPORTING MECHANISM
This part focuses on the objectives, procedures, and methods of reporting cyber threats, including provisions for anonymous reporting to promote cybersecurity awareness and response.
PART VII—MISCELLANEOUS PROVISIONS
This typically covers various miscellaneous provisions related to cybersecurity, including the adoption of best practices, partnerships, dispute resolution, and data protection while,
The “SCHEDULES” section contains additional detailed information or forms related to compliance. Again, we look forward to your active participation. Have a great weekend. -- Grace Githaiga KICTANet Convenor
KICTANet portals KICTANet.or.ke <https://kictanet.or.ke/> | Twitter <https://twitter.com/kictanet> | LinkedIn <https://www.linkedin.com/company/18428106/admin/> | Facebook <https://www.facebook.com/KICTANet/> _______________________________________________ KICTANet mailing list -- [email protected] To unsubscribe send an email to [email protected] Unsubscribe or change your options at: https://mm3-lists.kictanet.or.ke/mm/lists/kictanet.lists.kictanet.or.ke/
Mailing List Posts Online: https://posts.kictanet.or.ke/
Twitter: https://twitter.com/KICTANet/ Facebook: https://www.facebook.com/KICTANet/ Instagram: https://www.instagram.com/KICTANet/ LinkedIn: https://www.linkedin.com/company/kictanet/ YouTube: https://www.youtube.com/channel/UCbcLVjnPtTGBEeYLGUb2Yow/
KICTANet is a multi-stakeholder Think Tank for people and institutions interested and involved in ICT policy and regulation. KICTANet is a catalyst for reform in the Information and Communication Technology sector. Its work is guided by four pillars of Policy Advocacy, Capacity Building, Research, and Stakeholder Engagement.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
KICTANet - The Power of Communities, is Kenya's premier ICT policy engagement platform.
DAY 2: Tuesday 19/09/2023 Dear Listers, Welcome to Day 2 of our engaging discourse on the "*Computer Misuse and CyberCrimes (Critical Information Infrastructure and CyberCrimes Management) Regulations 2023*," KICTANet extends gratitude to each and every one of you who made Day 1 an enriching experience. Thank you for being an integral part of this important discussion. Your active participation, insightful contributions, and unwavering commitment have been truly inspiring and informative towards paving the way for a more robust and effective framework. Let's keep the momentum going and build upon the strong foundation we laid on Day 1. Your expertise is essential and is what makes this conversation so meaningful. We will also have a twitter space on Thursday to disseminate/validate the report before official submissions. Stay engaged, share your concerns, justifications and recommendations to ensure a safer and more secure digital future for all. Today our focus for discussion will center around the following sections: S. 14( 1),( 2), S.18 3 (d), 4 . PART III: CYBERSECURITY OPERATION CENTRES OutSourced Capabilities 14. (1) An owner of a critical information infrastructure including government-owned critical information infrastructure who intends to outsource any operations shall, in writing, notify the Committee prior to outsourcing… Question:● How does the notification requirement to notify before outsourcing impact various aspects, such as Institutional independence, business autonomy, legality, decision-making, and cybersecurity and other related concerns? (2)The external service provider shall report to the owner of the critical information infrastructure, at least quarterly, notifying on the status of implementation of their obligations under the agreement including notifying on any security incident. Question: Is it appropriate for this reporting requirement between the external service provider and the owner of critical information infrastructure to be mandated by regulations, Or Should it be left as a matter of business arrangement and negotiation between the parties involved? Risk assessment and evaluation of cybersecurity operation centres 18. 3. (d) define a treatment plan and implement business continuity management controls including – (4) The business impact analysis of an organization shall be based on— (a) the potential impacts of business disruptions for each prioritized business function and processes including financial, operational, customer, legal and regulatory impacts; (b) recovery time objectives, recovery point objectives and maximum acceptable outage; (c) internal and external inter-dependencies; and (d) the resources required for recovery Question: 1. Is this not too prescriptive? 2. How can organizations strike a balance between complying with extensive business impact analysis requirements in cybersecurity operations and maintaining the flexibility to adapt these regulations to their specific cybersecurity needs and circumstances? 3. Is the committee not assuming the role of big bro? (Business Autonomy Preservation, Regulatory Detail, Comprehensive Requirements) *Feel free to offer your insights, justifications and recommendations to any of the questions above as we continue our discussion on these regulations through this platform. * *~Shaping the Future of CyberSecurity ~ * On Fri, 15 Sept 2023, 11:02 Grace Githaiga via KICTANet, < [email protected]> wrote:
Hi Listers,
KICTANet is inviting all Stakeholders to participate in this crucial public engagement and informed dialogue regarding the regulations conferred by the Computer Misuse and Cybercrimes (Critical Information Infrastructure and CyberCrimes Management Regulations, 2023) <https://nc4.go.ke/cmca-2018-draft-regulations/>and released by the Cabinet Secretary for Interior and National Administration.
Your valuable input is not just welcomed, but it is essential in ensuring that the Regulations are well-informed and aligned with the rapidly evolving landscape of cybersecurity and digital technologies.
We plan to hold a three-day online moderated debate on this list, starting from Monday to Wednesday next week (September 18- 20, 2023). The debate will be moderated by Our Linda Gichohi.
What is your take on these regulations? Do you have any concerns about the regulations? Looking forward to your active participation.
We provide a quick summary of the regulations below:
The Regulations
Introduction
The Regulations are conferred by 70 of the Computer Misuse and Cybercrimes Act, 2018. The Cabinet Secretary for Interior and National Administration makes the following Regulations—
PART I - PRELIMINARY PROVISIONS
This encapsulates the citation, interpretation, objects of the Regulations, guiding principles, and the Scope of Regulations. Thereby entailing the official title by which the regulations should be referred, to ensure clarity, defining specific terms and phrases used within the regulations. This is to ensure that meanings are understood, and fundamental principles to be adhered to when implementing the regulations. The boundaries are defined and the applicability of the regulations including their jurisdiction and purpose.
PART II- ADMINISTRATION AND MANAGEMENT OF THE COMMITTEE
This part essentially deals with the responsibilities of the committee, the conduct of business of the committee, and the role of the secretariat. The regulations focus on the practical aspects of how the committee operates, and are supported in its efforts to enforce and manage the regulations related to cybercrime and critical information infrastructure.
PART III- CYBERSECURITY OPERATIONS CENTRES
This part entails the establishment and operations of the Cyber Security Operations Centres, monitoring and inspection processes related to their activities, particularly in safeguarding critical information infrastructure and addressing cyber threats.
PART IV- CRITICAL INFORMATION INFRASTRUCTURE
This part covers the Critical Information Infrastructure and encompasses the critical aspects of managing, preserving, and protecting critical information infrastructure, including designations, obligations, security measures, auditing, inspection, and the establishment of the National Public Key Infrastructure.
PART V— CYBERSECURITY CAPABILITY AND CAPACITY
This proposes measures to strengthen cyber security capabilities and capacity through training, information sharing, information sharing, standards, collaboration, and the certification of institutions and professionals in the field of cybersecurity.
PART VI—REPORTING MECHANISM
This part focuses on the objectives, procedures, and methods of reporting cyber threats, including provisions for anonymous reporting to promote cybersecurity awareness and response.
PART VII—MISCELLANEOUS PROVISIONS
This typically covers various miscellaneous provisions related to cybersecurity, including the adoption of best practices, partnerships, dispute resolution, and data protection while,
The “SCHEDULES” section contains additional detailed information or forms related to compliance. Again, we look forward to your active participation. Have a great weekend. -- Grace Githaiga KICTANet Convenor
KICTANet portals KICTANet.or.ke <https://kictanet.or.ke/> | Twitter <https://twitter.com/kictanet> | LinkedIn <https://www.linkedin.com/company/18428106/admin/> | Facebook <https://www.facebook.com/KICTANet/> _______________________________________________ KICTANet mailing list -- [email protected] To unsubscribe send an email to [email protected] Unsubscribe or change your options at: https://mm3-lists.kictanet.or.ke/mm/lists/kictanet.lists.kictanet.or.ke/
Mailing List Posts Online: https://posts.kictanet.or.ke/
Twitter: https://twitter.com/KICTANet/ Facebook: https://www.facebook.com/KICTANet/ Instagram: https://www.instagram.com/KICTANet/ LinkedIn: https://www.linkedin.com/company/kictanet/ YouTube: https://www.youtube.com/channel/UCbcLVjnPtTGBEeYLGUb2Yow/
KICTANet is a multi-stakeholder Think Tank for people and institutions interested and involved in ICT policy and regulation. KICTANet is a catalyst for reform in the Information and Communication Technology sector. Its work is guided by four pillars of Policy Advocacy, Capacity Building, Research, and Stakeholder Engagement.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
KICTANet - The Power of Communities, is Kenya's premier ICT policy engagement platform.
participants (2)
-
Grace Githaiga -
Linda Wairure