Kenya Ministry of Information Communications and Technology, Kenya

Ministry of Information Communications and Technology, Kenya

National Cybersecurity Strategy & Master Plan for the Government of Kenya
Executive Summary

Kenya Ministry of Information Communications and Technology, Kenya

Agenda
Cybersecurity as a Global Concern Cybersecurity in Kenya Kenya Cybersecurity Strategy and Master Plan Cybersecurity Benefits to Kenya

Kenya Ministry of Information Communications and Technology, Kenya

Cyber attacks are not a new epidemic but are becoming more prevalent and sophisticated every day
Compounding Cyber Attack Progression 20002005 19952000
Attack Sophistication Increasing Co&&erciali(ation of #acking lended Attacks )utatable )alware P#is#ing*P#ar&ing Spear P#is#ing $nfrastructure attacks

20062012
Ad'anced Persistent %#reat otnets Con'erged Attacks C+ber, ased %erroris& -rgani(ed Cri&e .ation,State C+ber,warfare .ext Generation DoS %argeted )alicious Code

19901995 19851990
!i"acking Sessions Sweepers Sniffers Stealt# Diagnostics Packet Spoofing $ntruder %oolkits

Auto&ated Probes Auto&ated Scans Denial of Ser'ice Distributed Attacks

19801985
Password Guessing Self Replicating Code

Password Cracking Exploiting Known Vulnerabilities Disabling Audits ack Doors

Time COMMON IMPACT STATISTICS Computer Economics/ C+bercri&e accounted for 220 of all econo&ic cri&e reported b+ Ken+an financial ser'ices organi(ations o'er t#e last 12 &ont#s DataMonitor/ 2orensic experts esti&ate c+bercri&e costs t#e Ken+an econo&+ up to KS! 3 billion annuall+ Computer Emergency Response Team (CERT) / %#e esti&ated co&bined t#reat of c+bercri&es to East African financial institutions in t#e regions is esti&ated at 4SD 256 &illion7 CSI/FBI/ A 2812 stud+ esti&ated t#e global cost of infor&ation and co&&unication tec#nolog+ 9$C%: cri&e and re&ediation efforts to be 4SD 118 billion

Kenya Ministry of Information Communications and Technology, Kenya

Cybersecurity is an international issue requiring attention from the international community as well as individual nation states at the public and private sector level.

Kenya, as an emerging glo al ICT !layer, is a "arge"#

Police website defaced in 2811 183 G-K websites defaced b+ an $ndonesian !acker in ;an 2812 A%) ski&&ing attack on 25t# Dec 2812 affecting approxi&atel+ 6 &a"or banks )obile transfer fraud t#roug# Social Engineering $nsider %#reats wit# go'ern&ent or financial sector e&plo+ees

Kenya Ministry of Information Communications and Technology, Kenya

With major ICT advances, the GoK is operating in an evolving risk environment which presents substantial security challenges
Emerging Risk Area
Increased SocioEconomic Dependence on Information

Risk Description
Societies are becoming increasingly dependent on information resulting in need to proactively create procedures to ensure non-stop service delivery

Kenya ICT Challenges

Technology is seen as a solution Implementation of cutting-edge technologies is viewed as panacea and not part of a larger solution Systems are being developed without effective security controls in place There is a lack of fundamental knowledge of existing vulnerabilities, threats, and risk management Cybersecurity is not part of the government culture Risks are misunderstood, unidentified, or seen as far off and not likely to happen in this environment Outsourcing is seen as a solution This compounds the potential for risks if proper security measures arent part of third party agreements Cybersecurity is neither proactive nor providing resiliency for IT resources Isolated cybersecurity functionality and lack of consolidated threat intelligence limits actionable and productive risk management

Infrastructure Vulnerabilities

Challenges to security arise due to growing access to information assets, and is only expected to increase as eGovernment programs have a wider reach

Globalization and Organized Crime

Organized crime and the decreasing size of the world create a need for tighter control through secure electronic identification capabilities

Increasing Access to Government Information

As digital access to government increases, greater need to diligently manage access to ICT resources of citizens, suppliers and businesses

Technology-driven Threats

Types of attacks have increased dramatically in recent years, driven by a variety of information-related sources (e.g., insider threat, e-intrusion, etc.)

Increased Capabilities of Threat Actors

Terrorists and rogue individuals are increasingly capable of more sophisticated attacks allowing them to critically incapacitate and/or harm GoK reputation and operations

Kenya Ministry of Information Communications and Technology, Kenya

To address these challenges, the GoK has developed a Kenya Cybersecurity Strategy and Master Plan in support of Kenya Vision 2030

To create a globally competitive and prosperous nation with a high quality of life

PI((A)S O* +)O,T1 T$e %&onomi& Pillar seeks to

i&pro'e t#e prosperit+ of all regions of t#e countr+ and all Ken+ans

2 %#e So&ial Pillar is

in'esting in t#e people of Ken+a in order to i&pro'e t#e <ualit+ of life

' %#e Poli"i&al Pillar

ob"ecti'e is &o'ing to t#e future as one nation

Cy erse&.ri"y S"ra"egy / Mas"er Plan 0ene1i"s

Pro&otes t#e strategic 'alue of infor&ation and its funda&ental role in &anaging risks to go'ern&ent processes Enables t#e continuit+ and effecti'eness b+ assuring a'ailabilit+ of infor&ation assets Enables increased progra& perfor&ance and refine&ent of procedures t#roug# a &ore strea&lined feedback Enables increased co&&unications and a'ailabilit+ of go'ern&ent ser'ices and assets Pro&otes an e&powered workforce t#at understands t#e i&portance of s#aring and securing infor&ation

This image cannot currently be display ed.

Kenya Ministry of Information Communications and Technology, Kenya

At the core of Kenyan Cybersecurity efforts lies the Governments vision, goals, an objectives for the countrys growth, safety, and prosperity.
Kenyas Cybersecurity Strategy Publicizes Kenyas dedication to and focus on cybersecurity domestically and internationally Clearly defines Kenyas cybersecurity vision, goals, and objectives

3

Develop comprehensive governance structures and policies Raise awareness in public and private sectors Expand cybersecurity education to build the Kenyan workforce
>

Kenya Ministry of Information Communications and Technology, Kenya

Implementing a comprehensive and effective Cybersecurity Master Plan requires more than applying technology

Kenya Cybersecurity

Kenya Ministry of Information Communications and Technology, Kenya

Implementing the CSMP will support the evolution of the Government of Kenya ICT to providing a modern cyber security posture and effective risk management. Directly support Kenyan GDP growth and improved international ICT reputation Potential for immediate gains in public and private sector security of IT and data assets Enabling a secure environment for business to operate and thrive (local and foreign investment) Increased confidence in cyber transactions Increased safety and security for industry and populace Improved efficiency in providing national, county, and local government services (eGovernment) Establishing a Gold Standard for Kenya Cybersecurity