National KE-CIRT/CC Functions & Services
About our functions
The Kenya Information and Communications Act, 1998, mandates the Communications Authority of Kenya (CA) to develop a national cyber security management framework.
About us
The National Public Key Infrastructure (NPKI) project is coordinated by the Ministry of ICT in collaboration with the Communications Authority of Kenya (CA) and the ICT Authority (ICTA).
A Public Key Infrastructure (PKI) refers to a system for the creation, storage and distribution of digital certificates which are used to verify that a particular public key (online identity) belongs to a certain entity. A PKI is a technical infrastructure that comprises of a Root Certification Authority (RCA) and a Certification Authority (CA), referred to as an Electronic Certification Service Provider (E-CSP) in Kenya’s legal and regulatory framework. The PKI creates a framework for protecting communications and stored information from unauthorized access and disclosure by addressing the fundamentals of cyber security – confidentiality, integrity, authentication and non-repudiation. A PKI is key to the rollout of e-transaction services.
The Kenya Information and Communications Act, 1998, mandates the Communications Authority of Kenya (CA) to issue a license to a person operating an Electronic Certification Service. In this regard, the Communications Authority of Kenya (CA) has developed a licensing framework for Electronic Certification Service Providers (E-CSPs).
Kenya’s National PKI comprises of a Root Certification Authority (RCA), which is managed by the Communication Authority of Kenya (CA) as a regulatory function, and the Government Certification Authority (GCA), an E-CSP which is managed by the ICTA. The NPKI is instrumental towards the effectiveness of the licensing of Electronic Certification Service Providers (E-CSPs) by the Communications Authority since a licensed E-CSP must be accredited by the RCA for its digital certificates to be globally recognized and trusted.
The ICT Authority (ICTA), which is the body responsible for the management of the mainstream government ICT services, operates the GCA. Other interested stakeholders who may be issued with an E-CSP license on application include the banking Sector and the Academia.
The benefits of a National PKI include:
i. Locally available and cheaper digital certificates/signatures; and
ii. Operations and services that are within Kenyan law (jurisdiction), among others.
The National Public Key Infrastructure (NPKI) project is coordinated by the Ministry of ICT in collaboration with the Communications Authority of Kenya (CA) and the ICT Authority (ICTA).
A Public Key Infrastructure (PKI) refers to a system for the creation, storage and distribution of digital certificates which are used to verify that a particular public key (online identity) belongs to a certain entity. A PKI is a technical infrastructure that comprises of a Root Certification Authority (RCA) and a Certification Authority (CA), referred to as an Electronic Certification Service Provider (E-CSP) in Kenya’s legal and regulatory framework. The PKI creates a framework for protecting communications and stored information from unauthorized access and disclosure by addressing the fundamentals of cyber security – confidentiality, integrity, authentication and non-repudiation. A PKI is key to the rollout of e-transaction services.
The Kenya Information and Communications Act, 1998, mandates the Communications Authority of Kenya (CA) to issue a license to a person operating an Electronic Certification Service. In this regard, the Communications Authority of Kenya (CA) has developed a licensing framework for Electronic Certification Service Providers (E-CSPs).
Kenya’s National PKI comprises of a Root Certification Authority (RCA), which is managed by the Communication Authority of Kenya (CA) as a regulatory function, and the Government Certification Authority (GCA), an E-CSP which is managed by the ICTA. The NPKI is instrumental towards the effectiveness of the licensing of Electronic Certification Service Providers (E-CSPs) by the Communications Authority since a licensed E-CSP must be accredited by the RCA for its digital certificates to be globally recognized and trusted.
The ICT Authority (ICTA), which is the body responsible for the management of the mainstream government ICT services, operates the GCA. Other interested stakeholders who may be issued with an E-CSP license on application include the banking Sector and the Academia.
The benefits of a National PKI include:
i. Locally available and cheaper digital certificates/signatures; and
ii. Operations and services that are within Kenyan law (jurisdiction), among others.
Functions
The National KE-CIRT/CC acts as the interface between local and international ICT services providers whose platforms are used to perpetrate cybercrimes, and our Judicial Law and Order Sector which investigates and prosecutes cybercrimes.
The functions of the National KE-CIRT/CC include the following:
- Implementation of national cybersecurity policies, laws and regulations.
- Cybersecurity awareness and capacity building.
- Early warning and technical advisories on cyber threats on a 24/7 basis.
- Technical co-ordination and response to cyber incidents on a 24/7 basis in collaboration with various actors locally and internationally.
- Development and implementation of a National Public Key Infrastructure (NPKI).
- Research and development in cybersecurity.
The National KE-CIRT/CC acts as the interface between local and international ICT services providers whose platforms are used to perpetrate cybercrimes, and our Judicial Law and Order Sector which investigates and prosecutes cybercrimes.
The functions of the National KE-CIRT/CC include the following:
- Implementation of national cybersecurity policies, laws and regulations.
- Cybersecurity awareness and capacity building.
- Early warning and technical advisories on cyber threats on a 24/7 basis.
- Technical co-ordination and response to cyber incidents on a 24/7 basis in collaboration with various actors locally and internationally.
- Development and implementation of a National Public Key Infrastructure (NPKI).
- Research and development in cybersecurity.