State now declares M-Pesa, bourse as key infrastructure
News
By
Frankline Sunday
| Feb 08, 2022
The government has classified M-Pesa and the Nairobi Securities Exchange (NSE) as critical infrastructure to protect crucial systems - both in the private and public sectors from cybercrime.
In a gazette notice published last week, the Cabinet Secretary for Interior and Co-ordination of National Government, Fred Matiang’i classified several systems as critical infrastructure under the Computer and Cybercrimes Act 2018.
These include mobile phone infrastructures such as base stations, internet exchange points, data centres, systems supporting and managing Kenya’s elections, healthcare and land registration.
This means that anyone found guilty of hacking any of the listed critical infrastructures will face a fine of up to Sh5 million or a 20-year prison term or both.
READ MORE
Is diaspora bond a silver bullet to modernise JKIA?
Will new law end consumer exploitation by 'shylocks'?
Slight relief for Kenyans as fuel prices drop
Help transform Nairobi into smart city, resident associations told
It's time for Africa to champion a new global financial order
How a Kenyan firm used innovation, resilience to build Pan-African empire
Alcohol manufacturers oppose new waste management regulations
Inside Africa's top 20 billionaires
Other systems listed as critical infrastructure include KRA’s iTax system, Interpreted Financial Management Information Systems (Ifmis) and the National Transport Safety Authority systems.
The Communication Authority of Kenya welcomed the move, stating that it will help protect and preserve such infrastructure.
“For the last four years, about 25 masts have been destroyed, mostly in Northern Kenya costing over Sh200 million in repair and restoration of services,” stated CA Director General Ezra Chiloba.
“Twelve of the destroyed masts were in Mandera County, while others were in Garissa and Wajir counties. Operators have also been incurring millions of shillings in insurance costs for the sites, which are considered high risk due to the persistent threat of vandalism.”
This means owners of the critical infrastructure ought to assess risks of a cyberattack.