The government — backed by the World Bank — will acquire high-performance enterprise cybersecurity tools to upgrade its national digital defenses, according to official procurement documents.
- •The move follows a series of high-profile breaches, including a recent attack by the Moldovan firm — B2bhint — which extracted sensitive shareholder information from the Business Registration Service (BRS).
- •This incident added to a growing list of intrusions that have exposed weaknesses in government online systems, from the compromise of the Micro and Small Enterprise Authority (MSEA) to the 2023 takedown of the e-Citizen platform by a group calling itself “Anonymous Sudan”.
- •The security tools will include six high-capacity internet perimeter firewalls, two internal DMZ (demilitarized zone) units, and two firewall management appliances — all expected to form the backbone of this new cyber defense network.
“The Government of Kenya has received financing from the World Bank toward the cost of the Kenya Digital Economy Acceleration Project and intends to apply part of the proceeds toward payments under the contract for Supply, Delivery, Installation and Commissioning of Enterprise Cyber Security Tools,” the document signed by ICTA CEO, Stanley Kamanguya said.
The procurement, valued in the hundreds of millions of shillings, will equip the Information and Communications Technology Authority (ICTA) with next-generation firewalls, internal security filters, and a centralized system for monitoring digital traffic.
Cyberattacks in Kenya nearly doubled to 3.5 billion in 2024, with system vulnerabilities accounting for 3.27 billion incidents and web attacks surging from 386,067 to 8.4 million. New threats like brute force and mobile application attacks emerged, while malware and website application advisories more than doubled, reflecting escalating cybersecurity risks driven by growing internet and smartphone usage.
The tools being deployed are capable of inspecting and filtering traffic across the government’s digital infrastructure, from national databases to public portals. Perimeter firewalls will stand guard at the edges of Kenya’s networks, blocking external threats, while internal firewalls will monitor traffic between systems, especially those that handle citizen services or hold sensitive data. A central management platform will oversee the entire operation, collecting data and issuing alerts in real time.
However, as the government strengthens its grip on digital security, questions are emerging about how these powerful tools could be used. When placed under centralized control, firewalls don’t just block cyber threats, they also make it possible to log, track, and analyze virtually all online activity across public networks. Such systems could be repurposed for surveillance, raising concerns over citizen privacy.
The advanced firewalls could monitor user behavior, record internet usage, and store private communications. Combined with identity systems such as eCitizen, the tools could theoretically enable the government to trace online activity back to individual citizens.
In June last year, the government created a cybersecurity reform taskforce to advise on artificial intelligence and review legal safeguards in the country’s digital space.
