Thanks for sharing Mwesh Agreed that hosting in Kenya will for the most part do NOTHING to stop "cyber attacks". In principle of course, for many reasons, government services should be hosted at home. Security is increasingly becoming a service, not something you do yourself, unfortunately foreign, and mainly US cloud providers are pretty good at it. For most type of attacks, a Gmail account would unfortunately protect better than your average government email account. This of course depends on your threat model, if you are a state, and should rightly be concerned about espionage from foreign government (e.g. maybe that organisation, what was it called again? oh yeah, NSA), then you definitely should host at home. I don't think local hosting will protect better (seems to be a consensus here), but it will give the government of Kenya more control over conducting their own forensics. A nagging thought at the back of my mind, but maybe it was not even a "hack", just someone running wireshark or something and intercepting on the same network as an official who's mail client was not setup for SSL/TLS. If social media accounts are used, its usually the simplest and lamest explanation, phishing attack combined with taking advantage of password reuse. Maybe someone should throw a Cryptoparty and invite the Ministry of ICT along so they can learn about digital security, and how it starts at home? That would be fun www.cryptoparty.in :) Again I restate, of course government sites and communications infrastructures as well as egovernment should be hosted at home. I worry however about the increasing trend of Balkanisation of the internet, which is aggravated by NSA revelations and cyber threats. Its all well and good to argue from a security perspective to host at home, the EU for example is trying to make European clouds as a response to the NSA. However be wary if this ever becomes an excuse for government to request more data is stored locally. Brazil wants Google data centers hosted locally, Russia has a law requiring all internet companies to store data locally. Why? To make it easier for these governments to conduct surveillance on their own citizens of course. One should generally fear ones own government the most when it comes to surveillance. So there is some good in this proposal, and some potential bad in the general trends underpinning it. On 25 July 2014 10:05, Mwendwa Kivuva via kictanet <[email protected]> wrote:
All State-owned websites will be hosted locally in order to curb rising cases of cyber security attacks.
This was a key resolution at a crisis meeting held on Thursday between top security officials and the Ministry of ICT.
Held at Communication Authority of Kenya (CAK), the meeting was called to discuss the safety preparedness of the government to handle cyber attacks.
It comes just days after hacking of the Kenya Defence Forces’ social media accounts including the official email account of the military spokesperson Emmanuel Chirchir.
In attendance were ICT principal secretary Joseph Tiampati, representatives of the National Intelligence Service, Kenya Defence Forces, CID, CAK director-general Francis Wangusi and ICT Authority chief executive.
http://www.nation.co.ke/business/Cyber-Security-Attacks-ICT-Ministry/-/996/2...
______________________ Mwendwa Kivuva, Nairobi, Kenya twitter.com/lordmwesh
"There are some men who lift the age they inhabit, till all men walk on higher ground in that lifetime." - Maxwell Anderson
_______________________________________________ kictanet mailing list [email protected] https://lists.kictanet.or.ke/mailman/listinfo/kictanet
Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/alex.comninos%40gmail....
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.