CYBERSECURITY

Cybersecurity

NC3’s mandate is to ensure safe Cyberspace for Kenya and its people. To achieve this, NC3 provides strategic guidance, coordination, and advisory to both the public and private sectors in order to strengthen the security, resilience, and Cybersecurity capacity of the stakeholders in cyberspace.

NC3’s Role in Cyber Security

As information technology is increasingly being integrated with business processes, there is an increased range of risks that could disrupt essential services, causing harm to the health of Kenyan citizens as well as our economy.

NC3 role in cyberspace is to ensure strategic advisory, coordination, and guidance to MCDAs and private sector organizations on Cybersecurity issues such as creating Cyber hygiene culture, cyber incident response, information sharing, and Cyber-safety.

INFRASTRUCTURE SECURITY

Critical infrastructure describes the physical and cyber systems and assets that are so vital to the Kenyan citizen that their incapacity or destruction would have a debilitating impact on our physical or economic security, public health, or safety. The Nation’s critical infrastructure provides the essential services that foster Kenyan society.

RISK MANAGEMENT

Risk management is the ongoing process of identifying, assessing, and responding to risk. To manage risk, organizations should understand the likelihood that an event will occur and the potential resulting impacts. With this information, organizations can determine the acceptable level of risk for achieving their organizational objectives and can express this as their risk tolerance.

With an understanding of risk tolerance, organizations can prioritize cybersecurity activities, enabling organizations to make informed decisions about cybersecurity expenditures. Implementation of risk management programs offers organizations the ability to quantify and communicate adjustments to their cybersecurity programs.

Organizations may choose to handle risk in different ways, including mitigating the risk, transferring the risk, avoiding the risk, or accepting the risk, depending on the potential impact to the delivery of critical services.

INFORMATION SHARING

Information Sharing

Information Sharing is an Essential Resource for Critical Infrastructure Security and Resilience.

In today’s interconnected world, every second can make a difference in either preventing an incident or responding to an event that affects the Nation’s critical infrastructure.

In order to protect National Critical Infrastructure, there is a need for information sharing. NC3 enables information exchange by establishing collaborations with MCDAs and various private sector organizations.

NC3 develops a monthly cybersecurity bulletin aimed at sharing information on the current trends in cybersecurity.

NC3 also encourages information sharing by allowing organizations and individual citizens to report any cybersecurity incident through the NC3 website reporting portal.

Information Sharing Enables Decision-Making

NC3 plays a vital role both directly and through a network of partners to enable informed decisions and timely actions among the infrastructure sectors as they execute security and resilience activities.

  • Situational awareness in both normal, day-to-day operations and a crisis or event, including suspicious activity reporting, incident analysis, and recommended protective actions.
  • Operational and tactical risk management actions in anticipation of and response to a threat to critical infrastructure at a specific location or across an entire sector.
  • Strategic planning and investment to build capabilities that strengthen critical infrastructure security and resilience for the future.

Information sharing through:

  • Alerts, threats, and warnings – Ensures situational awareness of potential and actual threats and catalyzes action.
  • Effective risk management programs – Informs private sector investment decisions and government analysis and planning.
  • Collaboration and coordination – Supports the development of plans, strategies, protective measures, preparedness, risk mitigation, and response and recovery efforts.

Information shared within a structured and secure information sharing environment helps critical infrastructure owners and operators guide investments, implement protective programs, and ensure an effective response to infrastructure threats as they arise.

CYBER HYGIENE SERVICES

Reducing the Risk of a Successful Cyber Attack

Adversaries use known vulnerabilities and phishing attacks to compromise the security of organizations. NC3 offers several scanning and testing services to help organizations reduce their exposure to threats by taking a proactive approach to mitigating attack vectors.   

  • Vulnerability Scanning: Evaluates external network presence by executing continuous scans of public, static IPs for accessible services and vulnerabilities. This service provides weekly vulnerability reports and ad-hoc alerts.
  • Web Application Scanning: Assesses known and discovered candidly-accessible websites for potential bugs, backdoors, and weak configuration to provide recommendations for mitigating web application security risks. 
  • Cybersecurity Campaign Assessment: Provides an opportunity for determining the potential susceptibility of personnel to cyber attacks. This is a practical exercise intended to support and measure the effectiveness of security awareness training.
  • Remote Penetration Test: Simulates the tactics and techniques of real-world adversaries to identify and validate exploitable pathways. This service is ideal for testing perimeter defenses, the security of externally-available applications, and the potential for exploitation of open-source information.

Cyber Safety

Digitization and the widespread internet connectivity expose Kenyans to a wide range of cyber-attacks such as data theft, identity theft, fraud, social engineering attacks, cyber-bullying among others.

Through the monthly cybersecurity bulletin, NC3 offers tips on creating a safer cyber environment for public and private sector organizations, as well as all Kenyan citizens.