State now declares M-Pesa, bourse as key infrastructure

The government has classified M-Pesa and the Nairobi Securities Exchange (NSE) as critical infrastructure to protect crucial systems - both in the private and public sectors from cybercrime.

In a gazette notice published last week, the Cabinet Secretary for Interior and Co-ordination of National Government, Fred Matiang’i classified several systems as critical infrastructure under the Computer and Cybercrimes Act 2018.

These include mobile phone infrastructures such as base stations, internet exchange points, data centres, systems supporting and managing Kenya’s elections, healthcare and land registration.

This means that anyone found guilty of hacking any of the listed critical infrastructures will face a fine of up to Sh5 million or a 20-year prison term or both.

Other systems listed as critical infrastructure include KRA’s iTax system, Interpreted Financial Management Information Systems (Ifmis) and the National Transport Safety Authority systems.

The Communication Authority of Kenya welcomed the move, stating that it will help protect and preserve such infrastructure.

“For the last four years, about 25 masts have been destroyed, mostly in Northern Kenya costing over Sh200 million in repair and restoration of services,” stated CA Director General Ezra Chiloba.

“Twelve of the destroyed masts were in Mandera County, while others were in Garissa and Wajir counties. Operators have also been incurring millions of shillings in insurance costs for the sites, which are considered high risk due to the persistent threat of vandalism.”

This means owners of the critical infrastructure ought to assess risks of a cyberattack.