Information and Communication Permanent Secretary Bitange Ndemo said the government, through the Communication Commission of Kenya (CCK), is pushing mobile operators to give each device – including cell phones and tablets – unique IP addresses to ease identification of users.
He said this would help track and monitor user activity on the mobile devices and supplement the ongoing registration of mobile phone SIM cards.
Speaking at the opening of the East Africa Cyber Security Convention 2012, Ndemo said mobile operators had missed several deadlines to comply with the order and called on CCK to expedite the matter.
“Operators are exposing themselves to litigation by ignoring the IP address procedure,” he said.
“We want them to comply, because this information will be linked to other government databases to improve integrity and combat cyber crime since we are able to trace the users,” he added.
The East Africa Cyber Security Convention 2012, sponsored by Huawei, has brought together delegates and experts from across Africa to share information and technical know-how on emerging cyber threats.
Kenya currently has over 20 million mobile phone users and the use of tablets is picking up rapidly.
“Internet use has grown from three million subscribers five years ago to more than 14 million currently, thus exposing the country, organisations and individuals to cyber crime,” Ndemo explained.
Cyber Security Africa, which has organised the convention, said cyber threats had increased dramatically over the past decade.
A study on cyber security in Africa by IDG Connect, a division of International Data Group (IDG), shows the continent recorded 18,607 cyber security incidents last year, which was a significant leap from the 564 received at the turn of new millennium.
In the first quarter of the year, 8,903 cyber security incidents were reported in Africa and of those, 4,501 were related to fraud, which included 2,304 phishing attacks that targeted banks.
“In Africa, financial crimes are increasing,” said Cyber Security Africa Alliance Manager Sammy Kioko.
“Data breaches at large organisations in Africa tend to be common with criminals targeting trade secrets as a means of boosting the competitiveness of indigenous industries as has been reported in various cases in Zambia, Uganda, Tanzania and South Africa. Industrial secrets thievery has been reported in Kenya, Namibia and Nigeria as well as Ethiopia where crimes such as data breaches are very common,” he added.
Statistics reveal that that cyber crime is growing faster in Africa than in other continents.
Kenya loses Sh3 billion ($36 million) to cyber crime annually, or 0.05 percent of its economy, compared to South Africa which suffers $573 million, or just 0.01 percent of its $555.1 billion economy.
In the US, cyber crime constitutes 0.02 percent of its $15 trillion economy.
Ndemo said IP addresses for mobile gadgets would boost efforts by the public key infrastructure to assign virtual identities to Internet users.
“With this kind of identity, we can increase the transitions we do online and boost e-commerce,” he said, adding that this has been captured on the Cyber Security Master Plan developed by the government.
He said the ministry is working with the Central Bank of Kenya to have the financial systems audited every year to confirm their integrity, adding that Kenyans should develop local solutions which would be more effective in fighting cyber crime.
CCK Director General Francis Wangusi said the regulator has created the National Cyber Security Framework, a multi-sectoral body that’s working to come up with a defence strategy against cyber crime.
“It will create the policy and enhance safety of infrastructure in Kenya,” he said in a speech read on his behalf by the CCK director of information technology Michael Katundu.
“This will ensure we fight cyber crime based on international best practices using the law and technical means. CCK has also created the National Computer Incident Response Team to handle cyber security issues” he added.
Internal Security PS Mutea Iringo said the Data Protection Act, when implemented, would secure information and data in banks, mobile phones and organisational registries.
He said that the government was committed to providing security to lower the cost of doing business in the country.