Strategy Pillars
The Strategy is based on the following pillars:
1. Cybersecurity governance;
2. Cybersecurity policies, laws, regulations and standards;
3. Critical Information Infrastructures Protection (CIIP);
4. Cybersecurity capability and capacity building;
5. Cyber-Risks & Cybercrimes Management; and
6. Cooperation and collaboration.

STRATEGIES
Cybersecurity Governance

Cybersecurity governance is critical in developing a vibrant cybersecurity
ecosystem for a digital economy. Figure 5 provides the cybersecurity
governance structure linking all the key actors through NC4 to the
National Security Council. Enhancing Kenya’s cybersecurity governance
will lay foundations for protecting Kenya from cyber threats in the long
term.
The Cybersecurity governance pillar provides strategic guidance on
governance structures and resources required to support formulation
and implementation of a secure national cyber ecosystem. The goal,
objective and interventions in this pillar are:
Goal:
Enhance Kenya’s institutional framework for cybersecurity governance
and coordination.
Objective:
Improve governance, resource allocation and coordination of
cybersecurity in Kenya.
Interventions:
a. Allocate the NC4 Secretariat with dedicated budget, human
capacity, infrastructure and tools to effectively support NC4
implement its mandate.
b. Review the multi-agency governance structure by establishing
an autonomous cybersecurity entity (National Cybersecurity
Agency).
c. Upgrade the Kenya Computer Incident Response Team (KE-CIRT)
to the National Multi-Stakeholder Computer Incident Response
Team of the Republic of Kenya.
d. Establish a National Cybersecurity Operation Centre (NSOC).
e. Establish/Enhance Cybersecurity Operation Centers (SOC) in CIIs.
f. Establish/enhance specialized cybersecurity units and Sector
CIRTs (Defence, Intelligence, Police, Public Prosecutions, Judiciary
and Sector CIRTs).
g. Establish Joint Cybersecurity technical working groups.
Outcome:
Effective governance and coordination of cybersecurity in Kenya

Cybersecurity Policies, Laws, Regulations &
Standards

Development of a safe, secure and resilient cyberspace ecosystem
requires a robust policy, legal and regulatory framework. Figure 6
outlines all the key components and their relationship in the design and
implementation of an Information Security Management System (ISMS)
which is a key target in securing information assets in Kenya.
Enhancing Kenya’s effort to formulate and implement coherent
cybersecurity policy, legislation, regulations and standards will require
the involvement of key actors drawn from both the public and private
sector. The goal, objective and interventions in this pillar are:
Goal:
Strengthen cybersecurity policies, laws, regulations and Standards.
Objective:
Have up-to-date cybersecurity policies, laws, regulations and standards.
Interventions:
a. Review cybersecurity policies, laws, regulations and standards.
b. Amend/update cybersecurity policies, laws, regulations and
standards 

c. Establish new cybersecurity policies, laws and regulations for:
implementation of CMCA-2018; adoption of new and emerging
technologies; outsourcing of critical systems; adoption of country
code top level domain “.ke” among others.
d. Establish national cybersecurity standards/architecture.
Outcome:
Coherent and effective cybersecurity policies, laws, regulations
and standards.