Listen to This Article Enhance your reading experience by listening to this article.

Kenya’s cyberspace is expected to be more secure with investigations into rising cyber-related crimes enhanced through increased international cooperation.

The country has joined the Council of Europe (CoE) convention on cybercrime, commonly referred to as the “Budapest Convention” that allows Kenya to have a legal basis for international cooperation on cybercrime and electronic evidence and also provides for the criminalization of conduct ranging from illegal access, data and systems interference to computer-related fraud.

By joining the convention, Kenya will now access opportunities for capacity building on matters of cybercrime such as training of judicial and law enforcement officers on prosecution of cybercrime among other benefits.

According to the Internal Security Principal Secretary Dr Raymond Omollo, Kenya had, through the ministries of Interior and Foreign and Diaspora Affairs, drafted a letter to the Secretary General of the CoE of Europe expressing her interest to accede.

“Accession is valid for five years from its adoption, giving Kenya the necessary timeframe to align its domestic laws with the provisions of the convention and seek approval from requisite parties to enact the legislation and give domestic effect to the convention,” the PS said.

Cybercrime

The Convention seeks to harmonize national laws related to cyber-related crime, support the investigation of these crimes, and increase international cooperation in the fight against cybercrime.

The convention also reconciles the vision of a free internet, where information can freely flow and be accessed and shared, with the need for an effective criminal justice response in cases of criminal misuse.

The Budapest Convention which opened for signatures in 2001 and commenced in 2004, was the first international treaty to focus explicitly on cybercrime.

According to PS Omollo, the government is also investing in long-term capacity-building initiatives, such as establishing cyber security centres of excellence to unify the efforts to protect cyberspace and foster collaboration between the government, the private sector, and international partners.

Technological threats

The PS had earlier warned that as Kenyans become more reliant on technology, the threats they face grow more sophisticated and it was therefore essential that the country build strong cyber security capabilities to among other things protect the digital future and remain prepared to face these challenges head-on.

He further revealed that the cyber security threats come from many sources including state-sponsored actors, hackers, intruders, and individuals who misuse their skills for malicious purposes.

“Kenya’s cybersecurity strategic vision is to create a cyberspace that is safe and secure for all. To achieve this, we must ensure that the advantage remains with the defenders, that we are able to protect our Critical Information Infrastructures, and that we maintain resilience even in the event of cyberattacks,” he said.

The government has warned that cyber-attacks on critical information infrastructures can jeopardize national security, public safety, and economic stability since both the government and the private sectors rely heavily on ICTs for service delivery.

The government this year strengthened the legal framework with the enactment of the Computer Misuse and Cybercrime (Critical Information Infrastructure and Cybercrime Management) Regulations, 2024. These laws are meant to operationalize the Computer Misuse and Cybercrimes Act, of 2018.

The key aspects the CMCA Regulations address include protection measures for critical information infrastructure; supporting critical economic sectors including telecoms, banking, transport and energy sectors; cyber security operations management using cyber security operations centres; and cybercrimes management.

The regulations also stipulate how to deal with issues of scams, identity theft, hacking and internet fraud and also address the cybercrime capacity and capability building for the public, businesses, government institutions, and private entities to enhance their cyber security preparedness and prioritize cyber security. It also provides for recovery plans in the event of a disaster, breach or loss of national critical information infrastructure or any part of it.