+1 Adam,


I'm not sure if local hosting solves the main issue which is the security of the systems.​


​There needs to be more done in tandem with the migration to local web servers which includes the choice of the technology, tools, systems security, constant patch upgrades and the right skill sets.


​​Regards

Gideon Rop​.
DotConnectAfrica



All State-owned websites will be hosted locally in order to curb rising
cases of cyber security attacks.

This was a key resolution at a crisis meeting held on Thursday between top
security officials and the Ministry of ICT.

Held at Communication Authority of Kenya (CAK), the meeting was called to
discuss the safety preparedness of the government to handle cyber attacks.

It comes just days after hacking of the Kenya Defence Forces' social media
accounts including the official email account of the military spokesperson
Emmanuel Chirchir.

In attendance were ICT principal secretary Joseph Tiampati, representatives
of the National Intelligence Service, Kenya Defence Forces, CID, CAK
director-general Francis Wangusi and ICT Authority chief executive.

http://www.nation.co.ke/business/Cyber-Security-Attacks-ICT-Ministry/-/996/2396632/-/g6u9p4z/-/index.html


______________________
Mwendwa Kivuva, Nairobi, Kenya
twitter.com/lordmwesh

"There are some men who lift the age they inhabit, till all men walk on
higher ground in that lifetime." - Maxwell Anderson
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.kictanet.or.ke/pipermail/kictanet/attachments/20140725/01db5011/attachment-0001.html>

------------------------------

Message: 4
Date: Fri, 25 Jul 2014 11:25:57 +0300
From: Adam Nelson <
​​
adam@varud.com>
To: Mwendwa Kivuva <Kivuva@transworldafrica.com>,  KICTAnet ICT Policy
        Discussions <kictanet@lists.kictanet.or.ke>
Subject: Re: [kictanet] Stung by cyber attacks, State resolves to host
        websites locally
Message-ID:
        <CAGTm15kz03gwo78Ntn3p2QMBQYGx75xq2R_RJrn_yM_-q1T0Jg@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"

It looks like the sites will be hosted by CAK internally.  Of course,
that's a recipe for monoculture and some serious problems around stagnation
of eGovernment products.  Smarter would be:

1. Have compulsory training on basic security for all government employees
who work in an office.
2. Get all government employees on a modern OS (OS X Mavericks, Windows 8,
Ubuntu 14.04, Android 4.4, iOS 7, etc..).  Any hardware than can't support
these OSes should be auctioned off.
3. Turn on two-factor authentication wherever possible
4. Aside from totally sensitive information (CBK, MoD, office of
President), put everything on a local public cloud like Kili (http://kili.io
).
5. Use vendors to do application implementations that are NOT the hosts of
the application (i.e. Seven Seas should implement but not be the host and
Kili should host but not write the application - this prevents lock-in and
staleness which leads to security holes).
6. For deeply sensitive stuff, deploy private clouds that are not connected
to the Internet.  Some vendors locally can do this (including Kili of
course).

-Adam

--
Kili - Cloud for Africa: kili.io
Musings: twitter.com/varud <https://twitter.com/varud>
More Musings: varud.com
About Adam: www.linkedin.com/in/adamcnelson


On Fri, Jul 25, 2014 at 11:05 AM, Mwendwa Kivuva via kictanet <
kictanet@lists.kictanet.or.ke> wrote:

> All State-owned websites will be hosted locally in order to curb rising
> cases of cyber security attacks.
>
> This was a key resolution at a crisis meeting held on Thursday between top
> security officials and the Ministry of ICT.
>
> Held at Communication Authority of Kenya (CAK), the meeting was called to
> discuss the safety preparedness of the government to handle cyber attacks.
>
> It comes just days after hacking of the Kenya Defence Forces? social media
> accounts including the official email account of the military spokesperson
> Emmanuel Chirchir.
>
> In attendance were ICT principal secretary Joseph Tiampati,
> representatives of the National Intelligence Service, Kenya Defence Forces,
> CID, CAK director-general Francis Wangusi and ICT Authority chief executive.
>
>
> http://www.nation.co.ke/business/Cyber-Security-Attacks-ICT-Ministry/-/996/2396632/-/g6u9p4z/-/index.html
>
>
> ______________________
> Mwendwa Kivuva, Nairobi, Kenya
> twitter.com/lordmwesh
>
> "There are some men who lift the age they inhabit, till all men walk on
> higher ground in that lifetime." - Maxwell Anderson
>
> _______________________________________________
> kictanet mailing list
> kictanet@lists.kictanet.or.ke
> https://lists.kictanet.or.ke/mailman/listinfo/kictanet
>
> Unsubscribe or change your options at
> https://lists.kictanet.or.ke/mailman/options/kictanet/adam%40varud.com
>
> The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform
> for people and institutions interested and involved in ICT policy and
> regulation. The network aims to act as a catalyst for reform in the ICT
> sector in support of the national aim of ICT enabled growth and development.
>
> KICTANetiquette : Adhere to the same standards of acceptable behaviors
> online that you follow in real life: respect people's times and bandwidth,
> share knowledge, don't flame or abuse or personalize, respect privacy, do
> not spam, do not market your wares or qualifications.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.kictanet.or.ke/pipermail/kictanet/attachments/20140725/a56b5180/attachment.html>

------------------------------

Subject: Digest Footer

_______________________________________________
kictanet mailing list
kictanet@lists.kictanet.or.ke
https://lists.kictanet.or.ke/mailman/listinfo/kictanet


------------------------------

End of kictanet Digest, Vol 86, Issue 43
****************************************