KICTANet is inviting all Stakeholders to participate in this crucial public
engagement and informed dialogue regarding the regulations conferred
by the Computer
Misuse and Cybercrimes (Critical Information Infrastructure and CyberCrimes
Management Regulations, 2023)
<nc4.go.ke/cmca-2018-draft-regulations/>and released by the Cabinet
Secretary for Interior and National Administration.
Your valuable input is not just welcomed, but it is essential in ensuring
that the Regulations are well-informed and aligned with the rapidly
evolving landscape of cybersecurity and digital technologies.
We plan to hold a three-day online moderated debate on this list, starting
from Monday to Wednesday next week (September 18- 20, 2023). The debate
will be moderated by Our Linda Gichohi.
What is your take on these regulations? Do you have any concerns about the
regulations? Looking forward to your active participation.
We provide a quick summary of the regulations below:
The Regulations are conferred by 70 of the Computer Misuse and Cybercrimes
Act, 2018. The Cabinet Secretary for Interior and National Administration
makes the following Regulations—
PART I – PRELIMINARY PROVISIONS
This encapsulates the citation, interpretation, objects of the Regulations,
guiding principles, and the Scope of Regulations. Thereby entailing the
official title by which the regulations should be referred, to ensure
clarity, defining specific terms and phrases used within the regulations.
This is to ensure that meanings are understood, and fundamental principles
to be adhered to when implementing the regulations. The boundaries are
defined and the applicability of the regulations including their
jurisdiction and purpose.
PART II- ADMINISTRATION AND MANAGEMENT OF THE COMMITTEE
This part essentially deals with the responsibilities of the committee, the
conduct of business of the committee, and the role of the secretariat. The
regulations focus on the practical aspects of how the committee operates,
and are supported in its efforts to enforce and manage the regulations
related to cybercrime and critical information infrastructure.
PART III- CYBERSECURITY OPERATIONS CENTRES
This part entails the establishment and operations of the Cyber Security
Operations Centres, monitoring and inspection processes related to their
activities, particularly in safeguarding critical information
infrastructure and addressing cyber threats.
PART IV- CRITICAL INFORMATION INFRASTRUCTURE
This part covers the Critical Information Infrastructure and encompasses
the critical aspects of managing, preserving, and protecting critical
information infrastructure, including designations, obligations, security
measures, auditing, inspection, and the establishment of the National
Public Key Infrastructure.
PART V— CYBERSECURITY CAPABILITY AND CAPACITY
This proposes measures to strengthen cyber security capabilities and
capacity through training, information sharing, information sharing,
standards, collaboration, and the certification of institutions and
professionals in the field of cybersecurity.
PART VI—REPORTING MECHANISM
This part focuses on the objectives, procedures, and methods of reporting
cyber threats, including provisions for anonymous reporting to promote
cybersecurity awareness and response.
PART VII—MISCELLANEOUS PROVISIONS
This typically covers various miscellaneous provisions related to
cybersecurity, including the adoption of best practices, partnerships,
dispute resolution, and data protection while,
The “SCHEDULES” section contains additional detailed information or forms
related to compliance.
Again, we look forward to your active participation. Have a great weekend.