New push to have IEBC and other critical servers hosted within Kenya
4 min read
The government in new regulations moves to have critical servers including those of the IEBC hosted within Kenya
The government in new regulations moves to have critical servers including those of the IEBC hosted within Kenya.
If Parliament approves new regulations from the Ministry of Interior, the Independent Electoral and Boundaries Commission (IEBC) will be required to house its election data and transmission servers locally.
According to the regulations presented to MPs, institutions like the IEBC will need permission from the National Security Council (NSC) in order to store sensitive data outside of Kenya.
The Critical Information Infrastructure and cybercrime management laws, 2024, aim to enforce critical information infrastructure owners to make sure that the infrastructure, that houses key information, is situated in Kenya.
This is due to computer abuse and cybercrimes.
The other institutions that will be affected include the World Coin, the cryptocurrency project whose operations were halted over privacy queries.
Critical information infrastructure in Kenya is identified as critical sectors or systems including the: Defence, public safety, and security sector, banking and finance sector. The electoral and judicial sector
“An owner of a critical information infrastructure shall ensure that the infrastructure on which critical information is domiciled is located in Kenya.”
The regulations come a year after there was a standoff during the 2022 general elections when Azimio la Umoja presidential candidate Raila Odinga claimed that they had been denied access to the IEBC servers as they are not locally hosted.
The move promoted the supreme court which was dealing with the Presidential election dispute filed by Raila to grant him and other parties access to the servers.
The regulations tabled before the Departmental Committee on Administration and Internal Security chaired by Narok West MP Gabriel Tongoyo provide that for anyone to access critical information infrastructure, the owner of the information infrastructure will restrict and ensure adequate measures are in place to monitor permitted access to a critical information infrastructure system or data.
For purposes of being granted permission to access a critical information infrastructure, the regulations provide that the interested person will be required to furnish proof of their identity including contact details and any other relevant information required by the owner of critical information infrastructure; declare possession of any item, object or thing that may be dangerous to the safety of the critical information infrastructure, declare the contents of any vehicle, suitcase, bag, handbag, folder, envelope, parcel or container of any nature, which is in the possession, custody or control of the person as well as subject himself and anything in his possession or under his control to scrutiny and examination by either electronic or other apparatus.
Why foreign presidents prefer Mudavadi; Ruto
Government to innovate dollar bond targeting diaspora
International organization makes donation for the Embakasi fire victims
Inside Uhuru phone call with US Secretary of State Antony Blinken
Pakistan ex-PM wife jailed for illegal marriage
The regulations that will help in the implementation of the Data Protection Act, which secures data in the country from unauthorized persons, provide that an owner of a critical information infrastructure who intends to have critical information located outside Kenya shall apply the National Computer and Cybercrime Coordination committee which shall consider the notification and verify that it meets the security standards provided and shall communicate its decision within 30 days of receipt of the notification.
The committee which shall report to the Cabinet Secretary in charge of Internal Security, will comprise of principal secretaries Interior and ICT, Attorney General, Chief of the Kenya Defence Forces, Inspector General of the National Police Service, Director General of the National Intelligence Service (NIS), Director-General of the Communications.
Authority of Kenya, Director of Public Prosecution, Governor of the Central Bank of Kenya, and a Director who shall be the secretary of the Committee and who shall not have a right to vote.
In making its decision the committee will have to consult NSC before making its decision.
The regulations state that the committee in considering an application by the operator to have critical information located outside Kenya will be required to take into account various measures including the security measures and safeguards being applied to the information and infrastructure on which the information is contained meet the standards set, whether it is necessary for the information to be stored outside the geographical jurisdiction of the Republic.
Also read,
EACC launches manhunt against former MP over multi-million tender fraud
Ruto CS and PS face wrath of Azimio politicians
Chebukati has a right to join judiciary as chief justice; Musalia Mudavadi
Namibia President, Hage Geingob is dead
Two Australian pastors fight off links to Shakahola massacre
Follow us
