Kenya Yet to Mandate Transition to Quantum-Resistant Cryptography, But Growing Awareness Sparks Conversations

Despite increasing global concern over the potential threats posed by quantum computing, Kenya has not yet passed legislation requiring government agencies to immediately transition to quantum-resistant cryptographic methods. The Kenyan government has not enacted formal measures yet, but experts have begun giving their pleas for proactive action regarding the security of sensitive data with the rapid technological evolution.

At present, all the cryptographic algorithms usually used by the government against attacks from conventional computers have bright prospects. But it is warned that all those things could easily be broken by quantum computing, exposing critical national infrastructure to cyberattacks. A key part of the digital security framework in Kenya is the National Public Key Infrastructure (NPKI), which is managed by the Communication Authority of Kenya (CA Kenya). The CA Kenya regulatory framework for NPKI provides security control and operational policy for NPKI, including the employment of encryption algorithms that do not yield to decryption attacks from ordinary computers. Indeed, these algorithms are not future-proof because they are vulnerable to probable attacks from quantum computers.

Concerns raised globally by the cryptographic society touch on possible capabilities of quantum computers to break existing encryption methods. Experts further call for a transition to quantum-resistant cryptographic standards. This, in turn, has started a debate on the need for a national strategy to protect Kenya’s digital systems. Experts are urging that national critical infrastructure such as the NPKI is adequately protected by adopting quantum-resistant encryption standards to alleviate the risks posed by future quantum threats.

Such a situation is similar to what has been increasingly evident in many countries of the world, whereby organizations and governments are preparing themselves for a transition toward post-quantum cryptography. For example, several new cryptographic standards to protect systems from attacks by quantum computers will be made publicly available in August 2024 by the U.S. National Institute of Standards and Technology (NIST). This represents a major milestone in protecting digital systems from new and emerging threats.

While there is no specific legislation at present in Kenya on this subject, public consciousness rising regarding the possible impacts of quantum computing would likely result in such moves. Experts are unanimous that the country must invest in research and infrastructure to adopt secure future-proof encryption methods to stay ahead of the curve especially when it comes to securing the NPKI and other security-critical systems.

The Cybersecurity Threat Landscape in Kenya

This is most evident now that Kenya faces rampant issues concerning cybersecurity. In the Annual Report on the State of National Security (2023-2024) presented by President William Ruto, it outlines that between January and August 2024 a staggering 114 cyber-attacks targeted critical information infrastructures. The report indicated that with increased technology comes novel kinds of threats, which state and non-state actors take advantage of by remaining anonymous to commit cyber crimes. Citing President Ruto, continuous investment into the development of the cybersecurity systems is necessary, as already demonstrated in the invasion of the e-citizen platform and mobilization through online efforts towards national security.

Some mechanisms have been affiliated to correct the above problems, for example, the Computer Misuse and Cybercrime Management Regulations (2024) and other multi-agency initiatives. The latest national threat monitoring agency, the National KE-CIRT/CC, under CA Kenya, has been monitoring cyber threats nationally and actively detecting more than 657.8 million cyber threat events in its July to September 2024 reporting period. Moreover, the agency has also issued 9.5 million advisories in strengthening national cybersecurity resilience.

Global and African Efforts Toward Quantum-Resistant Cryptography

On a global scale, countries such as the U.S., U.K., China, and EU member states have launched national strategies for transitioning to post-quantum cryptography. Some African nations, including South Africa and Nigeria, have begun discussing policy frameworks for quantum-safe encryption, recognizing the looming risks.

What Normal Users Can Do to Prepare for the Quantum Computing Threat

While governments and organizations work toward preparing for the threats posed by quantum computing, normal users can take practical steps to bolster their own digital security. As quantum computing advances, the risk to current cryptographic systems grows, but there are several proactive measures individuals can take in the meantime.

1. Use Strong Encryption Methods
   • Use end-to-end encrypted messaging apps like Signal or WhatsApp.
   • Store sensitive data using encrypted storage solutions like Bitwarden or 1Password.
2. Enable Two-Factor Authentication (2FA)
   • Activate 2FA on all critical accounts to add an extra layer of security.
3. Keep Software and Devices Updated
   • Enable auto-updates to ensure security patches are installed promptly.
4. Use Strong, Unique Passwords
   • Avoid weak passwords and consider using a password manager.
5. Beware of Phishing Attacks
   • Be cautious when clicking links in emails or messages requesting personal information.
6. Adopt Quantum-Resistant Tools When Available
   • Look for early-stage quantum-resistant encryption services as they emerge.
7. Secure Devices Physically
   • Use biometric authentication and enable remote wipe options in case of loss or theft.
8. Stay Informed
   • Follow cybersecurity trends to stay ahead of evolving threats.

As quantum computing continues to develop, Kenya must prioritize research, policy reforms, and collaboration with global partners to fortify its cybersecurity landscape. While legislation may still be in development, the rising awareness of quantum threats signals an inevitable shift toward enhanced digital security strategies.

Follow us on WhatsApp, Telegram, Twitter, and Facebook, or subscribe to our weekly newsletter to ensure you don’t miss out on any future updates. Send tips to editorial@techtrendsmedia.co.ke