NC4: Kenya's National Computer and Cyber Crimes Coordination Committee

And I would like to welcome Jimmy Matiko from NC4, and we're going to say what NC4 stands for. I'll let you see it so that you can see the weight of what I'm talking about. I'm even scared of information now. My name is Jimmy. With me there's a lady and a man — I think they should introduce themselves.

My name is Joseph Gamo and I'm from Mexico. Good afternoon. Thank you.

Now, dancing briefly before I start running the slides, in some quality emergency organization NC4 mandatory responsibilities, the Secretariat which runs community — and do you remember very well, this is National Computer and Cyber Crimes Coordination Committee. And then we should look at the community capacity building programs, cyber security career paths within the Secretariat, career opportunities, and then our conclusion.

Now, just a brief introduction. Due to the increased use and adoption of technology by government, industry, business, and individual, has resulted in increased digitization and socio-economic growth. Consequently, they need to ensure safe, secure, and open access to these ICTs in the face of rapidly growing cyber threats. The cyber environment is an individual and collective concern involving all stakeholders in government, private sector, civil society, Academia, and international partners. Similarly, the ability to effectively secure the cyber space and the threat environment requires a capable workforce with requisite cyber security skills, expertise, knowledge, and a robust research and development ecosystem, among others.

The government of Kenya, through legal and regulatory frameworks — thanks for — is from the act of CBMS year of 2018, that is the Computer Misuse and Cyber Crimes Act. This act governs all the penalties relating to cyber issues. And then we have the cyber security strategy in relation to all matters of our cyberspace in Kenya, and then we just put in place initiatives and structures to promote cyber security capacity building in Kenya.

Now, NC4: the government of Kenya enacted the Computer Misuse and Cyber Crimes Act of 2018 on 30th May 2018. The act provides for offenses relating to computer systems, to a number of training and effective detection, remission, prevention, response, investigation, and prosecution of computer and cyber crimes. The result about the agency comes in to effectively discharge all these functions. When it comes to prosecution, somebody said this year their start — again, the president, former president, had launched the digital forensics lab, or the forensics lab, because it encompasses so many investigative arms in that lab. And then you have section 4: the CMCA 2018 establishes NC4 and its Secretariat,

which was operationalized on 15th September 2021. The NC4 is a multi-agency entity for advising and coordinating cyber security matters in the Republic of Kenya. It is also a focal point of contact in all national cyber security opportunities and engagements in Kenya. Those are some of the mandates.

Now, the Secretariat, which is used to run NC4 and to discharge some of the responsibilities being assigned: section 7 of CMCA 2018 establishes the Secretariat, which comprises the director, public officers, seconded staff, and specialist staff responsible for the implementation of NC4 decisions. A very clear — are we hurting someone? The difference between the NC4 committee and the NC4 Secretariat — are we somewhere?

Good. I'll assume silence means — I don't want to imagine, but that's a question where you think you're lost. The Secretariat is responsible for advising on and coordinating government of Kenya cyber security matters, that is in terms of strategies, policies, standards, and regulations, development and management of the national public key infrastructure framework, conducting national laboratory analysis and cyber security risk assessments. These are opportunity areas within NC4 security, and from your background you can always fit in one of the responsibilities there, coordinating cyber incident response and management. I think you'll be getting the keywords: coordinating, developing, advising — and we will get the difference from what Madame told you — promoting cyber security capability and capacity, getting approved training

and awareness programs, engaging and collaborating with the relevant stakeholders at the national, regional, and international level on cyber security matters.

Now, capacity building programs. The growing threat environment has placed dynamic demand for qualified cyber security professionals both nationally and globally. The demand for cyber security experts in Kenya is growing steadily due to the increased uptake of technology in both the public and private sector. The Kenyan government is building cyber security capability to protect human services through developing local cyber security skills and knowledge. We have an example like in the club — I think the program they'll talk more about it. We have a minister of ICT, cyber security experts, and then

supporting research and development on cyber security, fostering local capacity, and organizing awareness training workshops.

Cyber security career paths: we have separate intelligence mandates of the Secretariat — simple plan investigation and enforcement, engineering, digital forensics, incident response, penetration testing, secure design engineering, risk assessment and compliance audit, and cyber security training and awareness. These are some of the career paths people can pursue in this agency called NC4.

Career opportunities: cyber security governance structure in critical information infrastructures, establishment of Security Operations Centers in critical sectors, establishment of a security center of excellence, establishment of cyber security innovation, research and development focused on effective cyber security solutions for our country, depending on the threat environment, and employment opportunities for cyber security practitioners at NC4 Secretariat — that is, if you hold some of those career paths.

In conclusion, cyber security is a shared responsibility that requires all stakeholders to cooperate, cooperate in training, as well as raising awareness, sharing information, and reporting of cyber incidents.

We are also part of solutions — it's not an issue of only problems. You can, if you have a solution to a problem within our country, because your patrons — I hope you're not taking it for granted — we need that security. So as we thought, you can also be part of the solution, exercising safeguarding in order to promote our national cyber security posture.

Now, National Computer and Cyber Crimes Coordination Committee — so these are our contacts. If you have a mission, if you have a solution, if you need to talk to NC4, the Secretariat can always email the director. NC4 Secretariat is headed by a director, and that is the email. There is a lot of content about NC4 and

NC4 security on that website, and that is the website where it has a link for reporting all matters relating to our cyberspace. So basically, NC4 is all about a security check of our cyberspace, which is the fifth domain, and NC4 is responsible for advising the National Security Council on issues pertaining to cyber security. I welcome clarifications and questions.