Dear Roy et al, I am miffed at all the hullabaloo caused by the hacking of the 100 websites. Late last year CCK hosted a workshop at the Nairobi Safari club which was widely publicised that brought together stakeholders to discuss this issues in fact the immediate former Chair of ISACA Kenya Chapter made a very elaborate presentation. In the first place the workshop was not a news item despite the efforts made by the organisers to bring in Cyber Security experts from George Mason University and the creme de la creme in the local Cyber Security community. To me this is a non issue because we are aware but somebody somewhere is aware of what needs to be done and should be held accountable, if you don't lock the door to your house at night and thieves come in , do you blame the police? We must shun mediocrity. Best Regards On Wed, Jan 18, 2012 at 12:17 PM, Walubengo J <jwalu@yahoo.com> wrote:

--- On *Wed, 1/18/12, Walubengo J <jwalu@yahoo.com>* wrote:

From: Walubengo J <jwalu@yahoo.com> Subject: [kictanet] Government Websites Hacked :- What next? To: jwalu@yahoo.com Cc: "kictanet@lists.kictanet.or.ke" <kictanet@lists.kictanet.or.ke> Date: Wednesday, January 18, 2012, 12:07 PM

*Government Websites Hacked :- What next?*

It has been all over the social network. Most government websites hosted on the .*go.ke* domain were hacked by some Indonesian cyber-security student. Apparently after several hours of teaching, the lecturer encouraged the students to test their skills on selected government sites and what better target than Kenya? After all Kenya is reputed to be the hub for ICT technologies in East and Central Africa. Better still, with the recently implemented multiple undersea fiber cables, Kenya present high quality internet speeds that are necessary for launching sophisticated attacks from within and the outside world.

With that hindsight or profiling, the hacker must have made a good choice of a target - a target that has its technological development way ahead of its cyber security advancement. Within hours over one hundreds of governments sites including the not so lucky http://www.treasury.go.ke/, http//www.lands.go.ke and www.roads.go.ke just to select a few. By the time of going to press, twelve long hours after the attack, most of these sites continue to be down.

Think about it, if Vision 2030 is to be believed, most Kenyans will be engaging governments e-services through these sites. Think of what would happen if this type of attack is repeated 5years from today. Ever seen the hue and cry when MPESA is down for 10minutes? Think of that and then think disaster when Ministry of Lands, Roads (electric trains?) and Treasury get shut down in future - by a local university student doing her security practicals on government sites.

The Social network is abuzz with chants of whom to blame. Is it eGovernment Directorate, is it the Converged Regulator who runs the National CSIRT (Cyber Security Incidence Response Team) or should it be the security agent, NSIS - with its mega-billion funds to invest in security? For ISACA-Kenya, we think it is a wakeup call for everyone, to realize that Cyber Security is not a one-man or woman show. Just like the ongoing "Linda-Nchi" initiative in Somali where we are all affected - each and everyone must contribute to the overall safety of the other. Security is indeed not entirely the Chief of General Staff's problem, but rather a collective problem requiring a collective approach.

So in conclusion, a safer digital environment is going to take a lot more and deliberate exercise to involve and educate each stakeholder. Most notably ofcourse the Telecommunication Operators, Hosting and Content Managers, Regulators, Law Enforcement, Judiciary, the ICT professionals and Users. The cyber-security of our country is going to be as good as the weakest link in these and possibly a wider group of stakeholders. This is a wakeup call for a concerted and holistic look at how such an National Cyber-Security program could be achieved.

Signed

Roy Akalah

*President*

*ISACA-Kenya Chapter*

-----Inline Attachment Follows-----

_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke<http://mc/compose?to=kictanet@lists.kictanet.or.ke> http://lists.kictanet.or.ke/mailman/listinfo/kictanet

Unsubscribe or change your options at http://lists.kictanet.or.ke/mailman/options/kictanet/jwalu%40yahoo.com

The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.

KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.

_______________________________________________ ke-internetusers mailing list ke-internetusers@bdix.net http://www.bdix.net/mailman/listinfo/ke-internetusers

-- Barrack O. Otieno +254721325277 +254-20-2498789 Skype: barrack.otieno