Technology

Information security should be our number one priority

pc

Having wholly embraced the information superhighway, Kenya must constantly protect our digital boundaries from both inside and out. FILE

It is often said, “build it and they will come”. While the context may have been different at the coining of the phrase it aptly applies to Kenya’s current predicament when it comes to cyber security and information security.

As we move full steam to embrace technology, the security of the data stored must be high priority.

Kenya, and Africa at large, has operated under the security by obscurity model, where surrounded by a moat of isolation on the internet, we have not had much reason to worry about cyber attacks.

With an exponential increase in the number of cables connecting Africa to the world, coupled with better in-country networks, criminal elements are making a beeline for our shores. We have built the information super highway and they have come and they also lurk among us.

Five key projects were recently announced under the National ICT Master Plan, and three beg for a continued and concerted effort towards information security. These are the Universal Persons Registration System, the National Spatial Data Infrastructure and the Assets Data Hub.

The Universal Persons Registration System at its core will establish the citizens’ sole identity that will be used for all public service interactions as well as private interactions with other institutions, making it easier to transact and conduct business.

The National Spatial Data Infrastructure will create unique land identifiers and a national land management system. The Assets Data Hub will handle management of assets and asset-related data, the transport information management system and a national physical addressing system.

Marry this with the numerous services already in the market and utilities that have personal and business data stored and shared in real-time.

The creation of a single source of truth or at the very minimum, the availability and access of data that can be easily stitched together to provide this view makes for a chilling meta-geopolitics reality check in this day and age of terrorism and espionage.

To mitigate these risks we must address four issues. The first is people. Every technology has a human interface and this is often the first point of failure whether through social engineering, or lack of appropriate training leading to the deployment of vulnerable platforms.

Second is collaboration among key ecosystem players to share infrastructure, data and best practice. This provides multiple layers of awareness and response fronts.

Third is the creation of processes and tools to enhance visibility and accountability among those trusted with access to sensitive data and platforms.

Lastly is the entrenchment and application to the letter of punitive measures for anyone caught working to compromise or infiltrate key installations or services.

We must constantly protect our digital boundaries from both inside and out.

Njihia is CEO of Symbiotic. Twitter - @mbuguanjihia