Cyber espionage vulnerabilities in Kenya's e-government ecosystem
a case study of a public institution
Keywords:
cyber espionage, threats, e-government, ecosystem, public institutionAbstract
The rapid advancement of information technology in Kenya has ushered in the digital era, revolutionising the government's service delivery through e-Government. However, the transformation has inadvertently exposed government systems, databases, and infrastructures to the threat of cyber espionage, leading to unauthorised access to sensitive data. The aim of the study is to assess cyber espionage vulnerabilities within Kenya's e-Government ecosystem with a specific case study of a public institution (PI)*. By addressing this critical issue, the article seeks to ensure the integrity, confidentiality, and availability of sensitive information, protect national security interests, and sustain the progression of e-Government initiatives. The study was grounded in game theory. To ensure comprehensive data collection and bolster the validity and reliability of the study, a mixed-methods approach was employed, encompassing both quantitative and qualitative data. The study focused on system end-users, ICT officers, system auditors, and ICT manager to offer an encompassing perspective as conveyed by the participants. The study established that though the government deploys information technology to boost service delivery, such deployment has not been matched by measures to address automation weaknesses that could provide opportunities for cyber espionage attacks. The researcher recommends that PI should update and implement its information security policy to encompass current and emerging cybersecurity issues, enhance employee training and awareness through robust training programs, and use technology such as Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) to enhance their detection and prevention capabilities.
References
Africa Defense Forum. (2022, November 9). Africa Faces High-Tech Enemies. Africa Defense Forum. https://adf-magazine.com/2022/11/africa-faceshigh-tech-enemies/
Agutu, N. (2016, April 28). Kenya Foreign Affairs ministry emails hacked, sensitive data leaked. The Star. https://www.the-star.co.ke/news/2016-04-28kenya-foreign-affairs-ministry-emails-hacked-sensitive-data-leaked/
Akram, M. S., & Malik, R. (2023). Digital Shadows: The Menace of Cyber Espionage and Pakistan’s National Security. Journal of Development and Social Sciences, 4(3), 855–864. https://www.ojs.jdss.org.pk/journal/article/view/743
Alderete, M. V. (2018). The mediating role of ICT in the development of open government. Journal of Global Information Technology Management, 21(3), 172–187. https://doi.org/10.1080/1097198X.2018.1498273
Analytica, O. (2021). Microsoft hack will widen US-China rifts on cyber. Emerald Expert Briefings, oxan-db. https://doi.org/10.1108/OXAN-DB260397
Anwar, R. W., Abdullah, T., & Pastore, F. (2021). Firewall Best Practices for Securing Smart Healthcare Environment: A Review. Applied Sciences, 11(19), Article 19. https://doi.org/10.3390/app11199183
Bello, A., Jahan, S., Farid, F., & Ahamed, F. (2022). A Systemic Review of the Cybersecurity Challenges in Australian Water Infrastructure Management. Water, 15(1), 168. https://doi.org/10.3390/w15010168
Carletti, S. (2023, August 1). Kenya Falls Victim to Cyber-Attack. IBN Immigration Solutions. https://www.ibn.co.za/blog-and-news/kenya-ecitizen-hacked/
CISA. (2009, May 21). Choosing and Protecting Passwords. Cybersecurity and Infrastructure Security Agency. https://www.cisa.gov/news-events/news/choosing-and-protecting-passwords
CISA. (2019, September 27). Understanding Anti-Virus Software | CISA. https://www.cisa.gov/news-events/news/understanding-anti-virus-software
Cremer, F., Sheehan, B., Fortmann, M., Kia, A. N., Mullins, M., Murphy, F., & Materne, S. (2022). Cyber risk and cybersecurity: A systematic review of data availability. The Geneva Papers on Risk and Insurance - Issues and Practice, 47(3), 698–736. https://doi.org/10.1057/s41288-022-00266-6
Dilanian, K. (2021, October 7). Old school spying is obsolete, says one expert. Blame technology. NBC News. https://www.nbcnews.com/politics/national-security/human-spies-have-become-obsolete-says-one-expert-culprit-technology-n1280965
Douha, N. Y.-R., Sasabe, M., Taenaka, Y., & Kadobayashi, Y. (2023). An Evolutionary Game Theoretic Analysis of Cybersecurity Investment Strategies for Smart-Home Users against Cyberattacks. Applied Sciences, 13(7), Article 7. https://doi.org/10.3390/app13074645
Economic Survey by Kenya National Bureau of Statistics. (2022). https://agrochem.co.ke/2022-economic-survey-by-kenya-national-bureau-ofstatistics/
Gov.uk. (2022, December 21). UK exposes Russian spy agency behind cyber incidents. GOV.UK. https://www.gov.uk/government/news/uk-exposesrussian-spy-agency-behind-cyber-incidents
Herrmann, D. (2019). Cyber Espionage and Cyber Defence. Information Technology for Peace and Security, 83–106. https://doi.org/10.1007/9783-658-25652-4_5
Janczewski, L., & Colarik, A. (2007). Cyber warfare and cyber terrorism. IGI Global.
Kimathi, B. (2023, May 15). The Role of Employee Training in Cybersecurity Risk Management. https://www.linkedin.com/pulse/role-employee-trainingcybersecurity-risk-management-brian-kimathi
Kokkonen, T., Päijänen, J., & Sipola, T. (2023). Multi-National Cyber Security Exercise, Case Flagship 2 [ACM]. http://www.theseus.fi/handle/10024/797691
Lei, C., Zhang, H.-Q., Tan, J.-L., Zhang, Y.-C., & Liu, X.-H. (2018). Moving Target Defense Techniques: A Survey. Security and Communication Networks, 2018, 1–6. https://doi.org/10.1155/2018/3759626
Li, Y., & Liu, Q. (2021). A comprehensive review study of cyber-attacks and cyber security; Emerging trends and recent developments. Energy Reports, 7, 8176–8186. https://doi.org/10.1016/j.egyr.2021.08.126
Luiijf, E. (2012). Understanding Cyber Threats and Vulnerabilities. In J. Lopez, R. Setola, & S. D. Wolthusen (Eds.), Critical Infrastructure Protection: Information Infrastructure Models, Analysis, and Defense (pp. 52–67). Springer. https://doi.org/10.1007/978-3-642-28920-0_4
Malodia, S., Dhir, A., Mishra, M., & Bhatti, Z. A. (2021). Future of e-Government: An integrated conceptual framework. Technological Forecasting and Social Change, 173, 121102. https://doi.org/10.1016/j.techfore.2021.121102
Maschmeyer, L., Deibert, R. J., & Lindsay, J. R. (2021). A tale of two cybers—How threat reporting by cybersecurity fi rms systematically underrepresents threats to civil society. Journal of Information Technology & Politics, 18(1), 1–20. https://doi.org/10.1080/19331681.2020.1776658
Mungai, A. N. (2017). E-Government Strategy Implementation and Performance of the Public Sector in Kenya. International Academic Journal of Human Resource and Business Administration, 2(3). https://www.iajournals.org/articles/iajhrba_v2_i3_301_338.pdf
Nakashima, E. (2015, December 2). Chinese government has arrested hackers it says breached OPM database. The Washington Post. https://www.washingtonpost.com/world/national-security/chinese-government-has-arrested-hackers-suspected-of-breaching-opmdatabase/2015/12/02/0295b918-990c-11e5-8917-653b65c809eb_story.html
Nyonje, R., Wairiuko, J., & Opiyo, E. (2018). ICT Infrastructure and Adoption of E-government for Improved Service Delivery in Kajiado County, Kenya. 10, 205–221.
Onyando, W. (2023, August 13). Why spyware attacks are increasing in Kenya. Business Daily. https://www.businessdailyafrica.com/bd/corporate/technology/why-spyware-attacks-are-increasing-in-kenya--4334792
Patil, A. P., Bharath, S., & Annigeri, N. M. (2018). Applications of Game Theory for Cyber Security System: A Survey. International Journal of Applied Engineering Research, 13(17), 12987–12990.
Pătraşcu, A., & Simion, E. (2013). Game theory in cyber security defence. Proceedings of the International Conference on ELECTRONICS, COMPUTERS and ARTIFICIAL INTELLIGENCE-ECAI-2013, 1–6.
Pérez-Sánchez, A., & Palacios, R. (2022). Evaluation of Local Security Event Management System vs. Standard Antivirus Software. Applied Sciences, 12(3), Article 3. https://doi.org/10.3390/app12031076
Pun, D. (2017). Rethinking espionage in the modern era. Chi. J. Int’l L., 18, 353. https://heinonline.org/hol-cgi-bin/get_pdf.cgi?handle=hein.journals/cjil18§ion=14
Reuters. (2018, January 30). China rejects claim it bugged headquarters it built for African Union. The Guardian. https://www.theguardian.com/world/2018/jan/30/china-african-union-headquarters-bugging-spying
Rouse, G. (2022, May 31). What Is a Firewall and Why Is it Important in Cyber Security? https://www.datto.com/blog/what-is-a-firewall-and-whyis-it-important-in-cyber-security?utm_medium=opengraph&utm_source=225
Rubenstein, D. (2014). Nation state cyber espionage and its impacts. Dept. of ComputerScience and Engineering WUSTL, Saint Louis. https://classes.engineering.wustl.edu/~jain/cse571-14/ftp/cyber_espionage/
Rudner, M. (2013). Cyber-Threats to Critical National Infrastructure: An Intelligence Challenge. International Journal of Intelligence and CounterIntelligence, 26(3), 453–481. https://doi.org/10.1080/08850607.2013.780552
Samme-Nlar, T. (2023). Confronting Africa’s Evolving Cyber Threats.
Sang, M. (2022). An Appraisal of Kenya’s National Cybersecurity Strategy 2022: A Comparative Perspective: 10.
Shah, H., & Comissiong, D. M. G. (2021). Computer Virus Model with Stealth Viruses and Antivirus Renewal in a Network with Fast Infectors. SN Computer Science, 2(5), 1–8. https://doi.org/10.1007/s42979-021-00780-9
Shepherd, T. (2022, September 30). The biggest hack in history: Australians scramble to change passports and driver licences after Optus telco data debacle. The Guardian. https://www.theguardian.com/business/2022/oct/01/optus-data-hack-australians-scramble-to-change-passports-and-driver-licences-after-telco-data-debacle
Thompson, H. H., Whittaker, J. A., & Mottay, F. E. (2002). Software security vulnerability testing in hostile environments. Proceedings of the 2002 ACM Symposium on Applied Computing, 260–264. https://doi.org/10.1145/508791.508844
Vandyck, C. K. (2023, July 29). Strengthening Cybersecurity in Africa: A Call to Action for Governments, Civil Society, and the Private Sector. https://www.linkedin.com/pulse/opinion-strengthening-cybersecurity-africacall-action-vandyck
Velluet, Q. (2023, July 5). Cyberattacks: Five reasons why Africa is vulnerable. The Africa Report.Com. https://www.theafricareport.com/314687/cyberattacks-fi ve-reasons-why-africa-is-vulnerable/
Verizon. (2020). 2020 Cyber-Espionage Report (CER). Verizon Business. https://www.verizon.com/business/resources/reports/cyber-espionage-report/
Verizon. (2022). 2022 Data Breach Investigations Report. Verizon Business. https://www.verizon.com/business/resources/reports/dbir/
Waag-Cowling, N. A. and N. van der. (2021, July 15). How African states can tackle state-backed cyber threats. Brookings. https://www.brookings.edu/techstream/how-african-states-can-tackle-state-backed-cyber-threats/
Wamoto, F. O. (2015). E-government Implementation in Kenya, an evaluation of Factors hindering or promoting e-government successful implementation. International Journal of Computer Applications Technology and Research, 4(12), 906–915. https://doi.org/10.7753/IJCATR0412.1006
Wanjala, K. (2023, April 13). Kenya Airports Authority suffers data breach from notorious hacking group. TechArena. https://www.techarena.co.ke/2023/04/13/kenya-airports-authority-suffers-data-breach-fromnotorious-hacking-group/
Welle, D. (2022, February 9). Explained: Why Africa embraces Huawei tech despite security concerns. Frontline: India’s National Magazine. https://frontline.thehindu.com/dispatches/explained-why-africa-embraces-huawei-tech-despite-security-concerns/article65220336.ece
Xu, Y., Tran, D., Tian, Y., & Alemzadeh, H. (2019). Analysis of Cyber-Security Vulnerabilities of Interconnected Medical Devices. 2019 IEEE/ACM International Conference on Connected Health: Applications, Systems and Engineering Technologies (CHASE). https://doi.org/10.1109/CHASE48038.2019.00017
Downloads
Published
Issue
Section
License
Copyright (c) 2025 The Eastern Africa Journal of Policy and Strategy
This work is licensed under a Creative Commons Attribution 4.0 International License.
The East African Journal of Policy and Strategy is a publication of the Global Centre for Policy and Strategy (GLOCEPS). Our content is disseminated on Open Access Terms.
