Members of the Lower Chamber of Parliament have passed the draft law establishing the National Cyber Security Authority (NCSA) and determining its responsibilities, organisation and functioning.
The Bill establishing NSCA was initially passed by parliament last October to safeguard private and government information and infrastructure against online crimes and cyber-attacks.
However, in December the same year, the draft law was returned to parliament following President Paul Kagame’s request that it’s revised further to include articles, mostly concerning national security.
The president of the standing committe on Education, Technology, Culture and Youth, Agnes Mukazibera told the House last week that following the request, her commission met with the Minister for Youth and ICT, Jean-Philbert Nsengimana, to review the Bill.
“The minister explained that it was difficult to separate cyber crimes from normal crimes because they are interconnected since cyber space can be used to destabilise national security. It was requested that it is made clear that the agency will also be dealing with cyber security pertaining to national security crimes. We also had to think of ways how the Government of Rwanda can be prepared and be in the position to prevent and respond to evolving cyber threats,” she said.
MP Jean Marie Vianney Gatabazi tasked the committe to explain how the police intended to sensitise the masses about security.
“Normally, it’s the police’s duty to sensitise the masses, including on cyber crimes. We don’t normally see the people in charge of dealing with these crimes in the media or other areas in terms of sensitising the locals. I would like to know how they intend to do this,” he wondered.
Mukazibera informed members that several discussions had been conducted with security organs on publicising the cyber crime red flags to the local authorities so that they are able to protect themselves better.
MP Rose Mukantabana said she was confused about Article 14 which gives responsibilities to the director general but does not do the same for the management team.
“The law here says that the responsibilities of the director general will be established by a Presidential Order. Where are his or her responsibilities coming from when the management itself has none? Why are they being separated? They should either be established by the Presidential Order or by this law. Otherwise, it’s confusing,” she said.
The development comes at a time the government is seeking $1.5 million for the construction of a cyber-security centre that will coordinate investigations in Eastern Africa against cybercrimes and cyber-enabled crimes such as terrorism, trafficking and money laundering.
In May last year, the government launched a $3m cyber security system aimed at protecting public and private institutions against online crimes.
A survey conducted by Kaspersky Lab in January last year indicated that most businesses across Africa had been hit hard by cybercrime.
Kenya is the hardest hit in East Africa, according to the survey, with businesses in the country losing as much as $146 million every year due to cyber crime.