Amid surging attacks, Kenya aims to expand its technology sector and improve cybersecurity to protect the country’s fast-growing digital economy.
With a visit to the United States and his country’s designation by the US as a major non-NATO ally, Kenyan President William S. Ruto plans to accelerate the African nation’s technological progress, with boosting the training of cybersecurity specialists and hardening defenses against cyberattacks among the priorities.
During May 23 meetings with President Biden, President Ruto committed to the Framework for Responsible State Behavior in Cyberspace — an existing agreement between European, North American, and Asian countries — to follow specific norms in cyberspace. The US and Kenya’s leaders also agreed to share threat information between partners in the East Africa region and highlighted private industry collaborations, including a joint effort between the Kenyan government and Google to establish a cyber-operations platform along with an e-government pilot project. The US also committed to providing policy and regulatory advisory services.
“The United States and Kenya seek to work together to uplift the Kenyan model for digital transformation in Africa, especially through its dynamic digital ecosystem known as the ‘Silicon Savannah,'” the leaders said in a joint statement. “We recognize cybersecurity is the foundation for a secure and resilient digital ecosystem.”
Cyberattackers Target Kenya’s Fast-Growing Digital Footprint
The news comes as Kenya has seen a spike in attacks, including significantly disruptive incidents. For instance, the country suffered a massive denial-of-service attack that disrupted access to its e-Citizen government-services site last year, and eventually affected electric utilities and rail-ticketing systems. The government played catch-up during the events, and relied on the expertise of large multinational companies for remediation, a situation that the country should seek to change, the Carnegie Endowment of International Peace stated in an October 2023 paper on Kenya’s cybersecurity landscape.
“The government ought to adopt good multi-stakeholder practices such as courting local private sector players — especially small and medium-sized enterprises operating in and affected by developments in cyberspace — alongside the local sector leaders and tech multinationals operating in the country,” the group stated. “Kenya also has a vibrant information security community that should be incorporated in cyber drills through professional associations.”
In the first quarter of 2024, Kenya saw more than 970 million “cyber threat events,” down from 1.2 billion events in the previous period, with the vast majority of those attacks (90%) categorized as systems attacks that targeted misconfigured or outdated systems, according to the Cybersecurity Report for January to March 2024 published by the National Kenya Computer Incident Response Team – Coordination Center (National KE-CIRT/CC). While overall system attacks declined from the previous quarter, all other types of attacks — such as distributed denial of service (DDoS) attacks and malware — surged, according to the report.
While the use of generative AI by attackers is contributing to increasing attacker sophistication and speed, a significant majority of attacks stemmed were made possible by the adoption of mobile and Internet of Things (IoT) devices, David Mugonyi, director general of the Communications Authority of Kenya, said in the report.
“Most of these attacks exploited system vulnerabilities, which may be attributed to the proliferation of IoT devices, which are inherently insecure,” he stated.
Kenya’s Private Partnerships With Cisco, Google, Microsoft
Both Kenya and the United States highlighted the efforts of private industry in partnering with the East African nation to improve its cybersecurity posture. In addition to its cyber operations work, Google will be aiding Kenya with incident-response solutions and improving infrastructure resilience.
In addition, on the same day as the US-Kenya meetings, Google announced its first fiber cable directly connecting Kenya and Australia, which will serve other countries in East Africa as well. Kenya has made significant investments in fiber connectivity, satellite, and other methods of connectivity to deliver high-speed Internet access and spur digital growth, including rolling out 25,000 public Wi-Fi hotspots through the country, including establishing 1,000 digital hubs in villages throughout the region by 2027. All of that will drive more need for cybersecurity in the region.
“Since Google opened our first Sub-Saharan Africa office in Nairobi in 2007, we have partnered with governments from countries across Africa on numerous digital initiatives,” Brian Quigley, vice president of global network infrastructure for Google Cloud, said in the statement. “The collaboration introduced this week is the latest step towards delivering on our broader commitment to support Africa’s digital transformation, continued economic growth, and innovation.”
Microsoft and Cisco also committed to partnering with Kenya. Microsoft plans to create a program to train Kenyans in cybersecurity skills with free online certifications and to support AI training and research. Microsoft and partner G42 of the United Arab Emirates announced a $1 billion investment in Kenya for artificial intelligence and cloud services.
Cisco meanwhile opened a Cybersecurity Training and Experience Center at the University of Nairobi in April 2024, which also plans to provide training in cybersecurity skills. Cisco, Google, and Microsoft did not respond to requests for elaboration from Dark Reading on their partnerships.
– Robert Lemos, Published courtesy of Dark Reading.