It is often said, “build it and they will come”, while the context may have been different at the coining of the phrase it aptly applies to Kenya’s current predicament when it comes to cyber security and information security. As we move full steam ahead to embrace technology across all sectors, the security of the data stored must be high priority. Kenya and Africa at large has operated under the security by obscurity model, where surrounded by a moat of isolation on the internet, we have not had much reason to worry about cyber attacks. With an exponential increase in the number of cables connecting Africa to the world, coupled with better in-country networks, criminal elements are making a beeline for our shores, anonymized and riding the information superhighway. We have built it, they have come and they also lurk among us!
Five key projects were recently announced under the National ICT Master Plan, with three that beg for a continued and concerted effort towards InfoSec. These are; the Universal Persons Registration System, the National Spatial Data Infrastructure and the Assets Data Hub. The Universal Persons Registration System at its core will establish the citizens sole identity that will be used for all public service interactions as well as private interactions with other institutions; making it easier to transact and conduct business. The National Spatial Data Infrastructure will create unique land identifiers and a national land management system. The Assets Data Hub will handle management of assets and asset related data, the transport information management system and a national physical addressing system. Marry this with the numerous services already live in the market covering m-commerce, financial services, healthcare and utilities that have personal and business data stored and shared in real-time.
The creation of a single source of truth or at the very minimum, the availability and access of data that can be easily stitched together to provide this view makes for a chilling meta-geopolitics reality check in this day and age of terrorism and espionage.
To mitigate against these risks and allow for the positive embrace of technology we must address four issues.
- The first is people; every technology has a human interface and this is often the first point of failure whether through social engineering, or lack of appropriate training leading to the deployment of vulnerable platforms.
- Second is collaboration among key ecosystem players to share infrastructure, data and best practice. This provides multiple layers of awareness and response fronts.
- Third is the creation of processes and tools to enhance visibility and accountability among those trusted with access to sensitive data and platforms.
- Lastly is the entrenchment and application…to the letter of punitive measures for anyone caught working to compromise or infiltrate key installations or services.
We have opened ourselves up to the world in what can be termed a “passportless” entry and must constantly protect our digital boundaries from both inside and out.