Mail was compromised along with sites & social media accounts. I agree with those who state that there needs to be a comprehensive security policy in place - a poorly secured site will be hacked whether it's hosted in Kenya or the US. We have experienced this in the last one odd year, especially people who have legacy Joomla/Wordpress websites. They don't update them and next thing you know, they've been compromised. 

The argument for local hosting though makes sense primarily from a latency perspective. Some counties have opted to go for local hosting e.g. Kiambu (www.kiambu.go.ke) and there is a significant improvement in performance. Additionally, there's a lot to be said for data residency especially in this age of mass surveillance of other governments by the US etc. However, this needs to be congruent - mail, applications etc all need to be local otherwise it's a little moot to move the site but still have no control of the applications. 

All I can say is that there is more than enough expertise in cloud/infrastructure/hosting/security etc in Kenya that it can be managed well if the right contractors are chosen. After all, our financial services outfits (Equity, KCB etc) all run their IT systems locally and they've managed to find the expertise. 

From personal experience, you can find the right talent, you just need to figure out the right incentives (disclaimer, interested party, I'm running the platform on which the Kiambu County site is hosted, Angani). 

There are options, there is expertise. We just need to figure out where this breaks down for government. Is it the contractors they choose, lack of in house expertise or lack of budget. 


On Fri, Jul 25, 2014 at 12:40 PM, Harry Hare | African eDevelopment Resource Centre via kictanet <kictanet@lists.kictanet.or.ke> wrote:
Interesting…the assumption here is that the attacks are coming from outside Kenya…NEWSFLASH: perimeter security is dead, research shows that more than 65% of security threats (cyber or otherwise) come from within – country, government or organisation. 
 
Harry Hare

Director  |  African eDevelopment Resource Centre
PO Box 49475 00100 | Nairobi, Kenya 


From: KICTAnet ICT Policy Discussions <kictanet@lists.kictanet.or.ke>
Reply-To: Mwendwa Kivuva <Kivuva@transworldafrica.com>, KICTAnet ICT Policy Discussions <kictanet@lists.kictanet.or.ke>
Date: Fri, 25 Jul 2014 04:05:31 -0400
To: Cio_Magazine Hare <harry@africanedevelopment.org>
Subject: [kictanet] Stung by cyber attacks, State resolves to host websites locally

All State-owned websites will be hosted locally in order to curb rising cases of cyber security attacks.

This was a key resolution at a crisis meeting held on Thursday between top security officials and the Ministry of ICT.

Held at Communication Authority of Kenya (CAK), the meeting was called to discuss the safety preparedness of the government to handle cyber attacks.

It comes just days after hacking of the Kenya Defence Forces’ social media accounts including the official email account of the military spokesperson Emmanuel Chirchir.

In attendance were ICT principal secretary Joseph Tiampati, representatives of the National Intelligence Service, Kenya Defence Forces, CID, CAK director-general Francis Wangusi and ICT Authority chief executive.

http://www.nation.co.ke/business/Cyber-Security-Attacks-ICT-Ministry/-/996/2396632/-/g6u9p4z/-/index.html


______________________
Mwendwa Kivuva, Nairobi, Kenya
twitter.com/lordmwesh

"There are some men who lift the age they inhabit, till all men walk on higher ground in that lifetime." - Maxwell Anderson
_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/harry%40africanedevelopment.org The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development. KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.

_______________________________________________
kictanet mailing list
kictanet@lists.kictanet.or.ke
https://lists.kictanet.or.ke/mailman/listinfo/kictanet

Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/pkariuki%40gmail.com

The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.

KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.



--
Warm Regards,

Phares Kariuki

Epkariuki@gmail.com | Twitterkaboro | Skype: kariukiphares | Bhttp://www.kaboro.com/ |