What we have mostly is a failure in management of information first and foremost.

Strangely in kenya, Parlaimant seems to have heard of these initiatives through teh press( unless they are prentending for show.) The security comiitte in the national assembly ought to have been involved intimately from the get go. Many of them are old hands in the industry.

Stangely again, the places earmarked for security cameras and intial coverage are teh same places that police 'ringed' during the 2007 post election chaos. ie. CBD and part of the coast.

So what about the rest of the country. what about the old camera securty system? has it been any use since it was launched all of five years ago?




On Tue, Jun 24, 2014 at 4:44 PM, S.M. Muraya <murigi.muraya@gmail.com> wrote:

Can already tell you some of  the "curriculum" required/used  to develop Stuxnet type viruses 🙌

It does not require going abroad (unless for per diems of course).

Maybe Go.Ke should consult/pay veterans in the local training industry.  You would be surprised how much knowledge is wasting away in bars.

On Jun 24, 2014 9:33 AM, "Peter Wakaba via kictanet" <kictanet@lists.kictanet.or.ke> wrote:
Government was supposed to export abroad and train, in britain and israel an initial 250 newly recruited and trained police officers handpicked from our universities for this purpose. I happen to know that the budget for this training is rather generous and a lot of the capbilities for this system are not in public domain.

Safaricom does not oversee the security curriculum and apart from two people (both young kenyans) who are exclusively responsible and intimately involved with most parts of the project everything else is GOK.

Ethiopia has been trying to put together a new generation digital monitoring and security system with aspects similar to what kenya i doing. Their consultant was kenyan.
they have the same Huawei/ZTE mess we have.

dont forget that in security issues what  you see is not often what inr eality is the case.

And meanwhile, the criminals, run and hide ads are still running.


On Tue, Jun 24, 2014 at 2:22 AM, Telemedia africa <baiju@telemedia.co.ke> wrote:
Hi Peter and Ali,

Great start to the post on how to build out these crack teams etc. Great estimated costs. My question is who is going to run this white elephant of a security and hacking force that has been tabled? I do not think when politics involved world over, there is a possibility to run this efficiently or effectively.

Therefore, the Safaricom option seems to be attractive as it will be run in some effect efficiently or not is another question. 

Can understand the requirement to move high density data across the network quickly and can see the need for technologies like LTE but for 100k it is a luxury - can we afford the Luxury. Let's consider the corrupt ways of our nation and how they operate, well most of the crooks are out the small players are caught in the end. Therefore, if anybody would like to be doing business in this space have to be of a certain size in order to afford the cost of getting out of trouble and hence the minimum turnover requirements.

Going to the US suspect on Chinese equipment is to protect the local industry period, nothing to do with back doors etc, there are firewalls and different checks and balances put in place to have a holistic security strategy in place therefore let's not even consider these claims. Most of the Chinese technology is a copy of, let's be honest most of these platforms are built on American Operating Systems therefore the back doors can be managed from there easily, if you know how these systems are put together as they have their logs and tracks that could be monitored if one had the desire...

The British use Huewei, ZTE and really not concerned as their telecoms equipment manufacturer disappeared with the demise of Marconi who some of the best telecom technology in the analogue world. 

I sort of rest my case on how we architect the systems and we should not reinvent the wheel but to build up the available tech. To fit our requirement, hence I suggest train an all round team that will be able to manage the holistic nature of security rather then the point solutions and workarounds. 

Thanks

Best Regards,

Baiju Shah
Managing Partner|Telemedia Africa Ltd

Suite 12|Chaka Court | Argwings Kodek Road,
P.O. Box 14556-00100, Nairobi, Kenya.
T: +254 737 751409 | M: +254 787332247

On 23 Jun 2014, at 12:07, Peter Wakaba via kictanet <kictanet@lists.kictanet.or.ke> wrote:

Huawei has been Safaricom's infrastrucutre partner since start up. Bear in mind that Safaricom is also part owned by Vodafone, who are represented on teh board and can voice any 'western concerns'.

Me thinks teh rest is smoke and mirrors.

Dont forget ZTE also chinese has been angling to get a piece of this pie.


On Mon, Jun 23, 2014 at 3:50 PM, Ngigi Waithaka via kictanet <kictanet@lists.kictanet.or.ke> wrote:
Had a look at this post this morning http://www.standardmedia.co.ke/article/2000125730/kimaiyo-holds-crisis-meeting-with-kws-kfs-nys-bosses and IMO it vindicates my earlier position that the biggest issue to address in securing our country is lack of Logistics and a quick response team.

The police are not known to have any serviceable helicopter, the last one being the one Prof Saitoti crashed in I think.

So, maybe we ask Safaricom to buy & maintain helicopters instead? Might sound funny, but would have a much bigger impact.

Rgds


On Thu, Jun 19, 2014 at 2:02 PM, Ngigi Waithaka <ngigi@at.co.ke> wrote:
Ali,

Tell them...

Listers,

Decided to do a bit of back-of-napkin math on cost proposal for counter -terrorism as a little lunch exercise.

If you were to hire the best 100 guys coming out of our Universities in Computer Science, Maths & Electronics at say Ksh 250k / month each (Ksh 4M / year) to join an elite hacking unit, comparable to NSA, you would do so at a budget of Ksh 400M / Year. Put in another Ksh 400M for Operations and Ksh 1B / Year would be enough to ran this Unit / Year.

Go ahead and hire top consultants to teach our guys top-notch Network building, configurations and maintenance and hire the top Huwaei guys here on retainer. Lets say we give them Ksh 15M / Year each, being 10 guys, that works out to Ksh 150M / year to hire consultants who can build and maintain as we learn from them.

Our guys would in short order build for you any network you could think of using COTS Equipment and there would *not* be any electronic communication targeting Kenyans that would be out of our reach and more importantly we would be able to roll out and maintain our own security network and perhaps sell our capabilities to Uganda, Ethiopia.

So, Ksh 1.5B / Year you have a crack hacking and maintenance unit.

How much for the communication equipment?
Lets just say you are using the high -end Motorola MC75A, comes at about $2,000 a pop including encryption cards, meaning you can use the already existing mobile networks while giving GoK Personnel their own VPN Channels. If you were to buy one unit for every 2 cops (35,000) in the whole country, you are looking at about Ksh 4B.

It still beats me why we would want to build a 4G LTE Security Network that will at most be used by 100,000 Personnel.

CCTV, these ones should even be done by Youth Companies, but at Ksh 2,000 a pop, you could buy and install 100,000 of these at about Ksh 400M, put another 600M to bring it to Ksh 1B of 100,000 CCTV Cameras installed

So at an initial investment of:
Ksh 1.5B ->Crack Hacking Unit & Maintenance team
Ksh 4B -> Communication Equipment ( 1 in every two cops)
Ksh 1B -> 100,000 CCTV Equipment
Ksh 2B -> Other Equipment (Servers, Computer Equipment, Software)

There is not a pin that would drop around here that we wouldn't know about.

From here, we would need a high - response crack team to tackle security incidences across the country. Say 500 guys of our best commandos.
Again each getting Ksh 4M / year to keep them highly motivated, that's Ksh 2.0B / Year.
Fighting Gear, each guy with Ksh 1M of fighting gear, that's Ksh 500M CAPEX

Now, the expensive part is how to get them there. Say you need to drop 100 guys quickly, what do you need, Transport Helicopters, say you go for the Boeing CH-47 Chinook, that's 25M USD a pop, carrying 50 guys each, we get four of those, so thats 100M USD or Ksh 9B.

Get a few attack Helicopters, at say USD 20M a pop, say we get 10, that's USD 200M thats approx Ksh 15B.

Now we got a team that can hit anywhere in this country at most an 30mins - 1 hours notice.

How much for crack anti-terrorism unit.
CAPEX: Ksh 30B
Per Year Operational Costs (Salaries + Equipment Maintenance): Ksh 5B / year

If you spread the CAPEX over 5 years, say as a loan, you are doing about Ksh 6B / year for 5 years, which to this country is almost a rounding off error seeing that Ministries are taking back hundreds of billions in unused funds every year.

With this, a Turkana herder (now former ngoroko) will be passing a lone cow in Baragoi / Suguta Valley without so much as a second look at it, knowing fire raining from above is just 30 mins away.

So, how does my proposal compare to say the Safaricom Ksh 15B proposal to put a security network in Nairobi & Mombasa?

Jury is out there...


On Thu, Jun 19, 2014 at 12:43 PM, Ali Hussein via kictanet <kictanet@lists.kictanet.or.ke> wrote:
Sitting ducks is what we are.

The only solution to this is a homegrown industry able to ensure that National Interests are safeguarded. This starts from killing the culture in security tenders (and other sectors) where the catchphrase is:-

'You must have revenues of $100 million and above to qualify for this tender.' And other such clauses which are geared towards the size of the payoff to corrupt networks as opposed to the best solution.'

Ali Hussein

+254 770 906375 / 0713 601113

Twitter: @AliHKassim

Skype: abu-jomo

LinkedIn: http://ke.linkedin.com/in/alihkassim

Blog: www.alyhussein.com

"I fear the day technology will surpass human interaction. The world will have a generation of idiots".  ~ Albert Einstein

Sent from my iPad

On Jun 19, 2014, at 11:41 AM, Gichuki John Chuksjonia via kictanet <kictanet@lists.kictanet.or.ke> wrote:

US and UK C4ISR programs were the reason they were able to know of the
attacks before hand and pull their people off Coast region. We know of
the company Booz and Allen where Snowden used to work, and the hacks
they did on Huawei equipments.

On 6/19/14, Ngigi Waithaka via kictanet <kictanet@lists.kictanet.or.ke> wrote:
In Intelligence business, you trust no one!

Every country does what is best for it's *own* interests. If putting
backdoors in tech equipment is to the US / Chinese interests, they will do
it and they have done it.

The only you can avoid this, is either you manufacture your own equipment
or on the very least assemble equipment from COTS for sensitive areas or
you also get very adept at identifying & removing the backdoors.

Rgds


On Thu, Jun 19, 2014 at 10:30 AM, Mark Mwangi via kictanet <
kictanet@lists.kictanet.or.ke> wrote:

So we now distrust the Chinese based on the information offered by the
Americans who are running a worldwide spying program tapping just about
everyone? Lets not even get started on the back-doors installed in
equipment built by the Americans.


On Thu, Jun 19, 2014 at 10:22 AM, Matunda Nyanchama via kictanet <
kictanet@lists.kictanet.or.ke> wrote:

On this subject, it is curious that Safaricom's partner in the project
is Chinese Telcom giant Huawei.

Americans have reservations, apprehensive/suspicious Huwawei technology
wrt spying. Here is an excerpt

"U.S. House Intelligence Committee chairman Mike Rogers somewhat
famously said <http://j.mp/ICrmay> last year that Huawei's products
"cannot be trusted to be free of foreign state influence and thus pose a
security threat to the United States and to our systems." The committee
also released a report that accused Huawei of all kinds of bad behavior
including bribery, corruption, and immigration violations. Huawei, of
course, denied the claims
<http://www.huawei.com/en/about-huawei/newsroom/press-release/hw-194454-hpsci.htm>
."

Full article Here.
<http://gizmodo.com/accused-of-spying-huawei-ceo-says-company-is-exiting-1475628703>


----------------------------------------------------------------------------------------------
Matunda Nyanchama, PhD, CISSP; mnyanchama@aganoconsulting.com
Agano Consulting Inc.;  www.aganoconsulting.com; Twitter: nmatunda;
<http://twitter.com/#%21/nmatunda>Skype: okiambe

----------------------------------------------------------------------------------------------
Manage your ICT risks! We are the experts you need! The trusted partners
you deserve!
Call: +1-888-587-1150 (Canada) +254-20-267-0743 (Kenya) or
info@aganoconsulting.com
Licensed by Communications Commission of Kenya (CCK)

----------------------------------------------------------------------------------------------
"The best revenge is massive success" - Frank Sinatra

-----------------------------------------------------------------------------------------------
This e-mail, including attachments, may be privileged and may contain
confidential or proprietary information intended only for the
addressee(s).
Any other distribution, copying, use, or disclosure is unauthorized and
strictly prohibited. If you have received this message in error, please
notify the sender immediately by reply e-mail and permanently delete the
message, including any attachments, without making a copy. Thank you.

_______________________________________________
kictanet mailing list
kictanet@lists.kictanet.or.ke
https://lists.kictanet.or.ke/mailman/listinfo/kictanet

Unsubscribe or change your options at
https://lists.kictanet.or.ke/mailman/options/kictanet/mwangy%40gmail.com


The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform
for people and institutions interested and involved in ICT policy and
regulation. The network aims to act as a catalyst for reform in the ICT
sector in support of the national aim of ICT enabled growth and
development.

KICTANetiquette : Adhere to the same standards of acceptable behaviors
online that you follow in real life: respect people's times and
bandwidth,
share knowledge, don't flame or abuse or personalize, respect privacy,
do
not spam, do not market your wares or qualifications.




--
Regards,

Mark Mwangi

markmwangi.me.ke





_______________________________________________
kictanet mailing list
kictanet@lists.kictanet.or.ke
https://lists.kictanet.or.ke/mailman/listinfo/kictanet

Unsubscribe or change your options at
https://lists.kictanet.or.ke/mailman/options/kictanet/ngigi%40at.co.ke

The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform
for people and institutions interested and involved in ICT policy and
regulation. The network aims to act as a catalyst for reform in the ICT
sector in support of the national aim of ICT enabled growth and
development.

KICTANetiquette : Adhere to the same standards of acceptable behaviors
online that you follow in real life: respect people's times and
bandwidth,
share knowledge, don't flame or abuse or personalize, respect privacy, do
not spam, do not market your wares or qualifications.




--
*Regards,*

*Wait**haka Ngigi*
Chief Executive Officer | Alliance Technologies | MCK Nairobi Synod
Building
T + 254 (0) 20 2333 471 |Office Mobile: +254 786 28 28 28 | M + 254 737 811
000
www.at.co.ke



--
--
Gichuki John Ndirangu, C.E.H , C.P.T.P, O.S.C.P
I.T Security Analyst and Penetration Tester
jgichuki at inbox d0t com

{FORUM}http://lists.my.co.ke/pipermail/security/
http://chuksjonia.blogspot.com/

_______________________________________________
kictanet mailing list
kictanet@lists.kictanet.or.ke
https://lists.kictanet.or.ke/mailman/listinfo/kictanet

Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/info%40alyhussein.com


The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.

KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.

_______________________________________________
kictanet mailing list
kictanet@lists.kictanet.or.ke
https://lists.kictanet.or.ke/mailman/listinfo/kictanet

Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/ngigi%40at.co.ke

The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.

KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.



--
Regards,

Waithaka Ngigi
Chief Executive Officer | Alliance Technologies | MCK Nairobi Synod Building
T + 254 (0) 20 2333 471 |Office Mobile: +254 786 28 28 28 + 254 737 811 000



--
Regards,

Waithaka Ngigi
Chief Executive Officer | Alliance Technologies | MCK Nairobi Synod Building
T + 254 (0) 20 2333 471 |Office Mobile: +254 786 28 28 28 + 254 737 811 000

_______________________________________________
kictanet mailing list
kictanet@lists.kictanet.or.ke
https://lists.kictanet.or.ke/mailman/listinfo/kictanet

Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/peterwakaba%40gmail.com

The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.

KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.



--
Warm Regards, 

PETER WAKABA                 
AFRICA BUSINESS EDITOR,
CCTV AFRICA
           

Every morning in Africa, a gazelle wakes up, It knows it must run faster than the fastest lion or it will be killed. Every morning a lion wakes up, it knows it must outrun the slowest gazelle or it will starve to death. It doesn't matter whether you are a gazelle or a lion. When the sun comes up, you better start running.

- In "The World is Flat" by Thomas L. Friedman.
_______________________________________________
kictanet mailing list
kictanet@lists.kictanet.or.ke
https://lists.kictanet.or.ke/mailman/listinfo/kictanet

Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/baiju%40tele2media.com


The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.

KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.



--
Warm Regards, 

PETER WAKABA                 
AFRICA BUSINESS EDITOR,
CCTV AFRICA
           

Every morning in Africa, a gazelle wakes up, It knows it must run faster than the fastest lion or it will be killed. Every morning a lion wakes up, it knows it must outrun the slowest gazelle or it will starve to death. It doesn't matter whether you are a gazelle or a lion. When the sun comes up, you better start running.

- In "The World is Flat" by Thomas L. Friedman.

_______________________________________________
kictanet mailing list
kictanet@lists.kictanet.or.ke
https://lists.kictanet.or.ke/mailman/listinfo/kictanet

Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/murigi.muraya%40gmail.com


The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.

KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.



--
Warm Regards, 

PETER WAKABA                 
AFRICA BUSINESS EDITOR,
CCTV AFRICA
           

Every morning in Africa, a gazelle wakes up, It knows it must run faster than the fastest lion or it will be killed. Every morning a lion wakes up, it knows it must outrun the slowest gazelle or it will starve to death. It doesn't matter whether you are a gazelle or a lion. When the sun comes up, you better start running.

- In "The World is Flat" by Thomas L. Friedman.