Day 1: PUBLIC PARTICIPATION OF THE “COMPUTER MISUSE AND CYBERCRIMES (CRITICAL INFORMATION INFRASTRUCTURE AND CYBERCRIMES MANAGEMENT) REGULATIONS, 2023.

Can you provide examples of robust sector-specific cybersecurity
regulations that have been successful ? …….What are the potential
drawbacks or challenges associated with trying to monitor all databases?

On Mon, 18 Sept 2023 at 04:54, Neema MASITSA <masitsaneema@gmail.com> wrote:

> (l) Monitor all databases established for purposes of establishing their
> integrity and confidentiality for the attainment of the objectives of the
> Act and these Regulations.
>
> Question:
>
> Is this regulation realistic, and can it be effectively implemented?
>
> My opinion is rather than to attempt to monitor all databases, we can
> focus on risk-based and sector-specific approaches to cybersecurity.
>
> On Mon, Sep 18, 2023 at 10:12 AM Linda Wairure via KICTANet <
> kictanet@lists.kictanet.or.ke> wrote:
>
>> DAY 1: Monday 18/09/2023
>>
>> Dear Listers,
>>
>> Welcome to the inaugural day of our lively discussion and debate centered
>> around the *”Computer Misuse and Cybercrimes (Critical Information
>> Infrastructure and Cybercrimes Management) Regulations 2023,*” put forth
>> by the Cabinet Secretary for Interior and National Administration.
>> nc4.go.ke/cmca-2018-draft-regulations/
>>
>> We extend a warm invitation to all Stakeholders in the Digital Space to
>> actively engage in this conversation, as your insights are not just valued
>> but indispensable. Together, we aim to ensure that these regulations are
>> not only well-informed but also in perfect alignment with the swiftly
>> evolving realm of cyber security and digital technologies. Discover how
>> they will impact your organization and be part of the conversation that
>> will define the future of cyber security regulations. Your perspectives
>> will help us shape and submit a more comprehensive and effective framework.
>>
>> *We shall also have a twitter space on Thursday to disseminate/validate
>> the report before submitting it on Friday. *
>>
>>
>> *Feel free to share your insights, concerns, justifications and
>> recommendations to shape these regulations effectively.*
>>
>>
>> PART I – PRELIMINARY PROVISIONS
>>
>>
>> Objects of the Regulations
>>
>> *Section 3.*
>>
>> (a) Provide a framework to monitor, detect and respond to cyber security
>> threats in the cyberspace belonging to Kenya;
>>
>> (i) Promote coordination, collaboration, cooperation and shared
>> responsibility amongst stakeholders in the cybersecurity sector including
>> critical infrastructure protection
>>
>> (g) Approve the identification and designation of critical information
>> infrastructure *Question:*
>>
>> * Is this sufficient to allow each government related cyber unit to
>> operate efficiently without turf wars on who is more superior?*
>>
>>
>> (l) Monitor all databases established for purposes of establishing their
>> integrity and confidentiality for the attainment of the objectives of the
>> Act and these Regulations.
>>
>> Question:
>>
>> Is this regulation realistic and can this be effectively implemented?
>>
>> What are some of the data protection and privacy rights concerns that
>> may arise from this regulation?
>>
>> PART III – CYBERSECURITY OPERATIONS CENTRES
>>
>> Section 13
>>
>> 13. (2) The cybersecurity awareness programme under paragraph (1) shall
>> include the following topics—…..
>>
>> Question:
>>
>> Does this need to be this prescriptive? And what does this mean for
>> emerging areas? How about emerging cyber threats?
>>
>>
>> 13(3) The owner of critical information infrastructure shall in
>> consultation with the Committee, review the cybersecurity awareness
>> programme at least once every twelve months to ensure that the programme is
>> adequate and that it remains upto-date and relevant.
>>
>>
>> Question:
>>
>> Is this a role for NC4? Review curriculum on infrastructure t*hat it
>> does not own*. Any comments?
>>
>> :
>>
>> :
>>
>> :
>>
>> *What are your views, justifications and recommendations regarding the
>> following sections, and how do you interpret the regulations in question?*
>>
>>
>>