![Page 1: A Collaborative Approach to National Cybersecurity Resilience 2019/Conference... · § Cyber threats are evolving and no one organization or sector can mitigate the risks posed by](https://reader035.vdocuments.net/reader035/viewer/2022071016/5fcec1d23996ad36bd7688f7/html5/thumbnails/1.jpg)
A Collaborative Approach to National Cybersecurity
Resilience ISACA Conference 2019
![Page 2: A Collaborative Approach to National Cybersecurity Resilience 2019/Conference... · § Cyber threats are evolving and no one organization or sector can mitigate the risks posed by](https://reader035.vdocuments.net/reader035/viewer/2022071016/5fcec1d23996ad36bd7688f7/html5/thumbnails/2.jpg)
Communications Authority of Kenya Section 83C of KICA (1998) mandates the CA to:
§ Promote and facilitate the efficient management of critical Internet
Resources;
§ Develop a framework for facilitating the investigation and
prosecution of cybercrime offences;
§ Facilitate electronic commerce and eliminate barriers to electronic
commerce; and
§ Develop regulations with respect to Cybersecurity, E-Transactions,
Electronic Certification and Domain Name Administration.
![Page 3: A Collaborative Approach to National Cybersecurity Resilience 2019/Conference... · § Cyber threats are evolving and no one organization or sector can mitigate the risks posed by](https://reader035.vdocuments.net/reader035/viewer/2022071016/5fcec1d23996ad36bd7688f7/html5/thumbnails/3.jpg)
Cybersecurity Instruments
VISION 2030
ICT Sector Policy National
Cybersecurity Strategy
KICA (1998)
National KE-CIRT/CC
NPKI
![Page 4: A Collaborative Approach to National Cybersecurity Resilience 2019/Conference... · § Cyber threats are evolving and no one organization or sector can mitigate the risks posed by](https://reader035.vdocuments.net/reader035/viewer/2022071016/5fcec1d23996ad36bd7688f7/html5/thumbnails/4.jpg)
Kenya’s Cybersecurity Governance Structure
National Security Council (NSC)
(Chaired by the President)
National Security Advisory
Committee (NSAC)
(Chaired by the Head of Public
Service & Chief of Staff)
National Cybersecurity Steering Committee
(NCSC) (Chaired by the PS/
MoICT)
National KE-CIRT/CC (Co-ordinated by CA)
Threat Intelligence (Co-ordinated by NIS)
E-Government Programmes
(Co-ordinated by ICTA)
![Page 5: A Collaborative Approach to National Cybersecurity Resilience 2019/Conference... · § Cyber threats are evolving and no one organization or sector can mitigate the risks posed by](https://reader035.vdocuments.net/reader035/viewer/2022071016/5fcec1d23996ad36bd7688f7/html5/thumbnails/5.jpg)
The National KE-CIRT/CC
Mandate
To offer advice on Cybersecurity matters nationally; and
to coordinate response to cyber incidents in collaboration
with relevant stakeholders.
Role
Kenya’s national point of contact on cyber security.
![Page 6: A Collaborative Approach to National Cybersecurity Resilience 2019/Conference... · § Cyber threats are evolving and no one organization or sector can mitigate the risks posed by](https://reader035.vdocuments.net/reader035/viewer/2022071016/5fcec1d23996ad36bd7688f7/html5/thumbnails/6.jpg)
Functions of the National KE-CIRT/CC
Implement National Cybersecurity Policies, Laws & Regulations
Cybersecurity Awareness & Capacity Building at the National Level
Technical Co-ordination & Response to Cybersecurity Incidents
Early Warning & Technical Advisories
Development & Implementation of a National Public Key Infrastructure (NPKI)
Research & Development (R&D) on Cybersecurity
Establish Collaboration (National, Regional & International) on Cybersecurity
![Page 7: A Collaborative Approach to National Cybersecurity Resilience 2019/Conference... · § Cyber threats are evolving and no one organization or sector can mitigate the risks posed by](https://reader035.vdocuments.net/reader035/viewer/2022071016/5fcec1d23996ad36bd7688f7/html5/thumbnails/7.jpg)
What Does Collaboration Entail?
Ideally, it means…
Public and Private sectors working together to
enhance our national cybersecurity readiness
and resilience through sharing insights,
intelligence, expertise, facilities and personnel.
![Page 8: A Collaborative Approach to National Cybersecurity Resilience 2019/Conference... · § Cyber threats are evolving and no one organization or sector can mitigate the risks posed by](https://reader035.vdocuments.net/reader035/viewer/2022071016/5fcec1d23996ad36bd7688f7/html5/thumbnails/8.jpg)
Why Collaboration? § Cyber threats are evolving and no one organization or
sector can mitigate the risks posed by cyber threats.
§ Cyber threats are a societal problem that affect us all,
with all sectors significantly affected by cyber security.
§ Protecting our critical national infrastructure requires a
collaborative approach to ensure that organizations
are able to mange cyber risks in a way that is cross-
industry in perspective.
![Page 9: A Collaborative Approach to National Cybersecurity Resilience 2019/Conference... · § Cyber threats are evolving and no one organization or sector can mitigate the risks posed by](https://reader035.vdocuments.net/reader035/viewer/2022071016/5fcec1d23996ad36bd7688f7/html5/thumbnails/9.jpg)
The Conversation on Collaboration… § Interplay between roles, responsibilities and
obligations of the various sectors and players.
§ Contradictory obligations – social, economic,
national security.
§ Trade off between cybersecurity and other
values.
§ Societal and personal nature of cyber security.
![Page 10: A Collaborative Approach to National Cybersecurity Resilience 2019/Conference... · § Cyber threats are evolving and no one organization or sector can mitigate the risks posed by](https://reader035.vdocuments.net/reader035/viewer/2022071016/5fcec1d23996ad36bd7688f7/html5/thumbnails/10.jpg)
What are the Key Challenges of collaboration?
§ Lack of trust
§ Leadership challenges?
§ Privacy concerns
§ Protection of intellectual property
§ Assignment of roles and responsibilities
§ Too many parties involved
§ Lack of standards or guidelines
§ Selecting the rights partners to collaborate with
![Page 11: A Collaborative Approach to National Cybersecurity Resilience 2019/Conference... · § Cyber threats are evolving and no one organization or sector can mitigate the risks posed by](https://reader035.vdocuments.net/reader035/viewer/2022071016/5fcec1d23996ad36bd7688f7/html5/thumbnails/11.jpg)
What are Some of the Reference Points for Collaboration?
§ Research & development
§ Information sharing
§ Assigning of roles
§ Notification requirements
§ Duty of assistance
§ Active defense
![Page 12: A Collaborative Approach to National Cybersecurity Resilience 2019/Conference... · § Cyber threats are evolving and no one organization or sector can mitigate the risks posed by](https://reader035.vdocuments.net/reader035/viewer/2022071016/5fcec1d23996ad36bd7688f7/html5/thumbnails/12.jpg)
Collaboration Outcomes
§ Research and development
§ Interagency collaboration
§ Information sharing
§ Alignment of standards, capacities and
outcomes across the cyber security value
chain(demolishing the silos)
![Page 13: A Collaborative Approach to National Cybersecurity Resilience 2019/Conference... · § Cyber threats are evolving and no one organization or sector can mitigate the risks posed by](https://reader035.vdocuments.net/reader035/viewer/2022071016/5fcec1d23996ad36bd7688f7/html5/thumbnails/13.jpg)
What Must We Do? • Advancing cyber resilience requires collaboration
in new and innovative ways
• Need to have discussions on building institutions,
frameworks, polices, norms and processes
necessary to support collaboration
• Need to be inclusive in representing and
negotiating between interests and principles
![Page 14: A Collaborative Approach to National Cybersecurity Resilience 2019/Conference... · § Cyber threats are evolving and no one organization or sector can mitigate the risks posed by](https://reader035.vdocuments.net/reader035/viewer/2022071016/5fcec1d23996ad36bd7688f7/html5/thumbnails/14.jpg)
Government’s Role § Put in place an effective collaboration model, clear goals, guidelines, standards,
frameworks, infrastructure, and personnel to effect collaboration.
§ Develop a foundation for the coordinated, informed and effective coordination
and response to cyber crime.
§ Establish an environment that guides all stakeholders towards shared goals, while
retaining overall accountability, oversight, governance and ownership of major
initiatives and outcomes.
§ Facilitate purposeful, effective, and meaningful collaboration between all
stakeholders so as to achieve aligned outcomes and a ‘no man left behind’
approach.
§ This has been set out by the creation of the National KE-CIRT/CC.
![Page 15: A Collaborative Approach to National Cybersecurity Resilience 2019/Conference... · § Cyber threats are evolving and no one organization or sector can mitigate the risks posed by](https://reader035.vdocuments.net/reader035/viewer/2022071016/5fcec1d23996ad36bd7688f7/html5/thumbnails/15.jpg)
Local Collaborative Efforts of the National KE-CIRT/CC
§ On the national level the National KE-CIRT/CC collaborates with
various stakeholders through the National KE-CIRT/CC Cybersecurity
Committee (NKCC).
§ Some of the committee members are:
§ Law enforcement agencies,
§ ICT Authority (ICTA)
§ Internet service providers (ISP)
§ Telecommunication operators
§ Academia
§ The banking/financial sector , among others.
![Page 16: A Collaborative Approach to National Cybersecurity Resilience 2019/Conference... · § Cyber threats are evolving and no one organization or sector can mitigate the risks posed by](https://reader035.vdocuments.net/reader035/viewer/2022071016/5fcec1d23996ad36bd7688f7/html5/thumbnails/16.jpg)
Local Collaborative Efforts of the National KE-CIRT/CC
Law Enforcement Agencies
Government agencies
Banking and Financial Services
Directorate of Public Prosecutions (DPP)
Mobile Telecom Operators & ISPs
Academia
Banking and Financial Services
![Page 17: A Collaborative Approach to National Cybersecurity Resilience 2019/Conference... · § Cyber threats are evolving and no one organization or sector can mitigate the risks posed by](https://reader035.vdocuments.net/reader035/viewer/2022071016/5fcec1d23996ad36bd7688f7/html5/thumbnails/17.jpg)
Global Collaborative Efforts of the National KE-CIRT/CC
![Page 18: A Collaborative Approach to National Cybersecurity Resilience 2019/Conference... · § Cyber threats are evolving and no one organization or sector can mitigate the risks posed by](https://reader035.vdocuments.net/reader035/viewer/2022071016/5fcec1d23996ad36bd7688f7/html5/thumbnails/18.jpg)
Input Needed for Collaboration
“Active participation and a willingness to
contribute in a meaningful way to the
National Cybersecurity Strategy and
combine efforts towards achieving mutually
beneficial outcomes.”
![Page 19: A Collaborative Approach to National Cybersecurity Resilience 2019/Conference... · § Cyber threats are evolving and no one organization or sector can mitigate the risks posed by](https://reader035.vdocuments.net/reader035/viewer/2022071016/5fcec1d23996ad36bd7688f7/html5/thumbnails/19.jpg)
END