Stung by cyber attacks, State resolves to host websites locally
All State-owned websites will be hosted locally in order to curb rising cases of cyber security attacks. This was a key resolution at a crisis meeting held on Thursday between top security officials and the Ministry of ICT. Held at Communication Authority of Kenya (CAK), the meeting was called to discuss the safety preparedness of the government to handle cyber attacks. It comes just days after hacking of the Kenya Defence Forces' social media accounts including the official email account of the military spokesperson Emmanuel Chirchir. In attendance were ICT principal secretary Joseph Tiampati, representatives of the National Intelligence Service, Kenya Defence Forces, CID, CAK director-general Francis Wangusi and ICT Authority chief executive. http://www.nation.co.ke/business/Cyber-Security-Attacks-ICT-Ministry/-/996/2... ______________________ Mwendwa Kivuva, Nairobi, Kenya twitter.com/lordmwesh "There are some men who lift the age they inhabit, till all men walk on higher ground in that lifetime." - Maxwell Anderson
It looks like the sites will be hosted by CAK internally. Of course, that's a recipe for monoculture and some serious problems around stagnation of eGovernment products. Smarter would be: 1. Have compulsory training on basic security for all government employees who work in an office. 2. Get all government employees on a modern OS (OS X Mavericks, Windows 8, Ubuntu 14.04, Android 4.4, iOS 7, etc..). Any hardware than can't support these OSes should be auctioned off. 3. Turn on two-factor authentication wherever possible 4. Aside from totally sensitive information (CBK, MoD, office of President), put everything on a local public cloud like Kili (http://kili.io ). 5. Use vendors to do application implementations that are NOT the hosts of the application (i.e. Seven Seas should implement but not be the host and Kili should host but not write the application - this prevents lock-in and staleness which leads to security holes). 6. For deeply sensitive stuff, deploy private clouds that are not connected to the Internet. Some vendors locally can do this (including Kili of course). -Adam -- Kili - Cloud for Africa: kili.io Musings: twitter.com/varud <https://twitter.com/varud> More Musings: varud.com About Adam: www.linkedin.com/in/adamcnelson On Fri, Jul 25, 2014 at 11:05 AM, Mwendwa Kivuva via kictanet < [email protected]> wrote:
All State-owned websites will be hosted locally in order to curb rising cases of cyber security attacks.
This was a key resolution at a crisis meeting held on Thursday between top security officials and the Ministry of ICT.
Held at Communication Authority of Kenya (CAK), the meeting was called to discuss the safety preparedness of the government to handle cyber attacks.
It comes just days after hacking of the Kenya Defence Forces’ social media accounts including the official email account of the military spokesperson Emmanuel Chirchir.
In attendance were ICT principal secretary Joseph Tiampati, representatives of the National Intelligence Service, Kenya Defence Forces, CID, CAK director-general Francis Wangusi and ICT Authority chief executive.
http://www.nation.co.ke/business/Cyber-Security-Attacks-ICT-Ministry/-/996/2...
______________________ Mwendwa Kivuva, Nairobi, Kenya twitter.com/lordmwesh
"There are some men who lift the age they inhabit, till all men walk on higher ground in that lifetime." - Maxwell Anderson
_______________________________________________ kictanet mailing list [email protected] https://lists.kictanet.or.ke/mailman/listinfo/kictanet
Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/adam%40varud.com
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
Good step by Government. First advantage, no foreign government can gain access to our government's content though legal (or illegal) intercept. There will be growing pains as these are preliminary baby steps - but it is a move in the right direction IMHO Mblayo On Fri, Jul 25, 2014 at 11:25 AM, Adam Nelson via kictanet < [email protected]> wrote:
It looks like the sites will be hosted by CAK internally. Of course, that's a recipe for monoculture and some serious problems around stagnation of eGovernment products. Smarter would be:
1. Have compulsory training on basic security for all government employees who work in an office. 2. Get all government employees on a modern OS (OS X Mavericks, Windows 8, Ubuntu 14.04, Android 4.4, iOS 7, etc..). Any hardware than can't support these OSes should be auctioned off. 3. Turn on two-factor authentication wherever possible 4. Aside from totally sensitive information (CBK, MoD, office of President), put everything on a local public cloud like Kili ( http://kili.io). 5. Use vendors to do application implementations that are NOT the hosts of the application (i.e. Seven Seas should implement but not be the host and Kili should host but not write the application - this prevents lock-in and staleness which leads to security holes). 6. For deeply sensitive stuff, deploy private clouds that are not connected to the Internet. Some vendors locally can do this (including Kili of course).
-Adam
-- Kili - Cloud for Africa: kili.io Musings: twitter.com/varud <https://twitter.com/varud> More Musings: varud.com About Adam: www.linkedin.com/in/adamcnelson
On Fri, Jul 25, 2014 at 11:05 AM, Mwendwa Kivuva via kictanet < [email protected]> wrote:
All State-owned websites will be hosted locally in order to curb rising cases of cyber security attacks.
This was a key resolution at a crisis meeting held on Thursday between top security officials and the Ministry of ICT.
Held at Communication Authority of Kenya (CAK), the meeting was called to discuss the safety preparedness of the government to handle cyber attacks.
It comes just days after hacking of the Kenya Defence Forces’ social media accounts including the official email account of the military spokesperson Emmanuel Chirchir.
In attendance were ICT principal secretary Joseph Tiampati, representatives of the National Intelligence Service, Kenya Defence Forces, CID, CAK director-general Francis Wangusi and ICT Authority chief executive.
http://www.nation.co.ke/business/Cyber-Security-Attacks-ICT-Ministry/-/996/2...
______________________ Mwendwa Kivuva, Nairobi, Kenya twitter.com/lordmwesh
"There are some men who lift the age they inhabit, till all men walk on higher ground in that lifetime." - Maxwell Anderson
_______________________________________________ kictanet mailing list [email protected] https://lists.kictanet.or.ke/mailman/listinfo/kictanet
Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/adam%40varud.com
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
_______________________________________________ kictanet mailing list [email protected] https://lists.kictanet.or.ke/mailman/listinfo/kictanet
Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/blongwe%40gmail.com
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
The ICT principal secretary,the National Intelligence Service, Kenya Defence Forces, CID, CAK director-general and ICT Authority chief executive think state websites can be made secure simply by moving them to Kenya! We should be very worried! God-forbid that these hackers should get ideas of hacking other government systems that are more crucial to us, we will be annihilated! On 25 July 2014 14:32, Brian Munyao Longwe via kictanet < [email protected]> wrote:
Good step by Government.
First advantage, no foreign government can gain access to our government's content though legal (or illegal) intercept.
There will be growing pains as these are preliminary baby steps - but it is a move in the right direction IMHO
Mblayo
On Fri, Jul 25, 2014 at 11:25 AM, Adam Nelson via kictanet < [email protected]> wrote:
It looks like the sites will be hosted by CAK internally. Of course, that's a recipe for monoculture and some serious problems around stagnation of eGovernment products. Smarter would be:
1. Have compulsory training on basic security for all government employees who work in an office. 2. Get all government employees on a modern OS (OS X Mavericks, Windows 8, Ubuntu 14.04, Android 4.4, iOS 7, etc..). Any hardware than can't support these OSes should be auctioned off. 3. Turn on two-factor authentication wherever possible 4. Aside from totally sensitive information (CBK, MoD, office of President), put everything on a local public cloud like Kili ( http://kili.io). 5. Use vendors to do application implementations that are NOT the hosts of the application (i.e. Seven Seas should implement but not be the host and Kili should host but not write the application - this prevents lock-in and staleness which leads to security holes). 6. For deeply sensitive stuff, deploy private clouds that are not connected to the Internet. Some vendors locally can do this (including Kili of course).
-Adam
-- Kili - Cloud for Africa: kili.io Musings: twitter.com/varud <https://twitter.com/varud> More Musings: varud.com About Adam: www.linkedin.com/in/adamcnelson
On Fri, Jul 25, 2014 at 11:05 AM, Mwendwa Kivuva via kictanet < [email protected]> wrote:
All State-owned websites will be hosted locally in order to curb rising cases of cyber security attacks.
This was a key resolution at a crisis meeting held on Thursday between top security officials and the Ministry of ICT.
Held at Communication Authority of Kenya (CAK), the meeting was called to discuss the safety preparedness of the government to handle cyber attacks.
It comes just days after hacking of the Kenya Defence Forces’ social media accounts including the official email account of the military spokesperson Emmanuel Chirchir.
In attendance were ICT principal secretary Joseph Tiampati, representatives of the National Intelligence Service, Kenya Defence Forces, CID, CAK director-general Francis Wangusi and ICT Authority chief executive.
http://www.nation.co.ke/business/Cyber-Security-Attacks-ICT-Ministry/-/996/2...
______________________ Mwendwa Kivuva, Nairobi, Kenya twitter.com/lordmwesh
"There are some men who lift the age they inhabit, till all men walk on higher ground in that lifetime." - Maxwell Anderson
_______________________________________________ kictanet mailing list [email protected] https://lists.kictanet.or.ke/mailman/listinfo/kictanet
Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/adam%40varud.com
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
_______________________________________________ kictanet mailing list [email protected] https://lists.kictanet.or.ke/mailman/listinfo/kictanet
Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/blongwe%40gmail.com
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
_______________________________________________ kictanet mailing list [email protected] https://lists.kictanet.or.ke/mailman/listinfo/kictanet
Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/mouzmuyer%40gmail.com
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
-- ./mouz
☺ From: kictanet [mailto:kictanet-bounces+nasser.kettani=microsoft.com@lists.kictanet.or.ke] On Behalf Of Mouz via kictanet Sent: vendredi 25 juillet 2014 12:41 To: Nasser Kettani Subject: Re: [kictanet] Stung by cyber attacks, State resolves to host websites locally The ICT principal secretary,the National Intelligence Service, Kenya Defence Forces, CID, CAK director-general and ICT Authority chief executive think state websites can be made secure simply by moving them to Kenya! We should be very worried! God-forbid that these hackers should get ideas of hacking other government systems that are more crucial to us, we will be annihilated! On 25 July 2014 14:32, Brian Munyao Longwe via kictanet <[email protected]<mailto:[email protected]>> wrote: Good step by Government. First advantage, no foreign government can gain access to our government's content though legal (or illegal) intercept. There will be growing pains as these are preliminary baby steps - but it is a move in the right direction IMHO Mblayo On Fri, Jul 25, 2014 at 11:25 AM, Adam Nelson via kictanet <[email protected]<mailto:[email protected]>> wrote: It looks like the sites will be hosted by CAK internally. Of course, that's a recipe for monoculture and some serious problems around stagnation of eGovernment products. Smarter would be: 1. Have compulsory training on basic security for all government employees who work in an office. 2. Get all government employees on a modern OS (OS X Mavericks, Windows 8, Ubuntu 14.04, Android 4.4, iOS 7, etc..). Any hardware than can't support these OSes should be auctioned off. 3. Turn on two-factor authentication wherever possible 4. Aside from totally sensitive information (CBK, MoD, office of President), put everything on a local public cloud like Kili (http://kili.io). 5. Use vendors to do application implementations that are NOT the hosts of the application (i.e. Seven Seas should implement but not be the host and Kili should host but not write the application - this prevents lock-in and staleness which leads to security holes). 6. For deeply sensitive stuff, deploy private clouds that are not connected to the Internet. Some vendors locally can do this (including Kili of course). -Adam -- Kili - Cloud for Africa: kili.io<http://kili.io/> Musings: twitter.com/varud<https://twitter.com/varud> More Musings: varud.com<http://varud.com> About Adam: www.linkedin.com/in/adamcnelson<https://www.linkedin.com/in/adamcnelson> On Fri, Jul 25, 2014 at 11:05 AM, Mwendwa Kivuva via kictanet <[email protected]<mailto:[email protected]>> wrote: All State-owned websites will be hosted locally in order to curb rising cases of cyber security attacks. This was a key resolution at a crisis meeting held on Thursday between top security officials and the Ministry of ICT. Held at Communication Authority of Kenya (CAK), the meeting was called to discuss the safety preparedness of the government to handle cyber attacks. It comes just days after hacking of the Kenya Defence Forces’ social media accounts including the official email account of the military spokesperson Emmanuel Chirchir. In attendance were ICT principal secretary Joseph Tiampati, representatives of the National Intelligence Service, Kenya Defence Forces, CID, CAK director-general Francis Wangusi and ICT Authority chief executive. http://www.nation.co.ke/business/Cyber-Security-Attacks-ICT-Ministry/-/996/2... ______________________ Mwendwa Kivuva, Nairobi, Kenya twitter.com/lordmwesh<http://twitter.com/lordmwesh> "There are some men who lift the age they inhabit, till all men walk on higher ground in that lifetime." - Maxwell Anderson _______________________________________________ kictanet mailing list [email protected]<mailto:[email protected]> https://lists.kictanet.or.ke/mailman/listinfo/kictanet Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/adam%40varud.com The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development. KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications. _______________________________________________ kictanet mailing list [email protected]<mailto:[email protected]> https://lists.kictanet.or.ke/mailman/listinfo/kictanet Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/blongwe%40gmail.com The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development. KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications. _______________________________________________ kictanet mailing list [email protected]<mailto:[email protected]> https://lists.kictanet.or.ke/mailman/listinfo/kictanet Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/mouzmuyer%40gmail.com The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development. KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications. -- ./mouz
Sounds like quite the knee jerk reaction, from people who have not quite grasped the fundamental issues at hand. The problem is not where the sites are hosted! On Fri, Jul 25, 2014 at 11:05 AM, Mwendwa Kivuva via kictanet < [email protected]> wrote:
All State-owned websites will be hosted locally in order to curb rising cases of cyber security attacks.
This was a key resolution at a crisis meeting held on Thursday between top security officials and the Ministry of ICT.
Held at Communication Authority of Kenya (CAK), the meeting was called to discuss the safety preparedness of the government to handle cyber attacks.
It comes just days after hacking of the Kenya Defence Forces’ social media accounts including the official email account of the military spokesperson Emmanuel Chirchir.
In attendance were ICT principal secretary Joseph Tiampati, representatives of the National Intelligence Service, Kenya Defence Forces, CID, CAK director-general Francis Wangusi and ICT Authority chief executive.
http://www.nation.co.ke/business/Cyber-Security-Attacks-ICT-Ministry/-/996/2...
______________________ Mwendwa Kivuva, Nairobi, Kenya twitter.com/lordmwesh
"There are some men who lift the age they inhabit, till all men walk on higher ground in that lifetime." - Maxwell Anderson
_______________________________________________ kictanet mailing list [email protected] https://lists.kictanet.or.ke/mailman/listinfo/kictanet
Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/conradakunga%40gmail.c...
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
Central Management of GoK;s website hosting is a step in the right direction as the skills needed to protect government infrastructure can also be centralized. However, it also gives you a single point of failure where if anyone gets in, then the whole government could be compromised. On the other hand, is there any advantage to be had from a security PoV from hosting websites in Kenya? Is there say a Data Center in .KE that can withstand a well co-ordinated DDOS Attack on its infrastructure? Not one. As an example, this ( http://www.itnews.com.au/News/372033,worlds-largest-ddos-strikes.aspx ) DDOS attack on CloudFare sometime back was generating around 400GPS of Traffic. If this was to be directed to our one data center, then KRA, CBK, Immigration, County Revenue sites etc would all be down. So as we put all our 'eggs' in one basket we better watch that basket really really carefully. Regards On Fri, Jul 25, 2014 at 11:05 AM, Mwendwa Kivuva via kictanet < [email protected]> wrote:
All State-owned websites will be hosted locally in order to curb rising cases of cyber security attacks.
This was a key resolution at a crisis meeting held on Thursday between top security officials and the Ministry of ICT.
Held at Communication Authority of Kenya (CAK), the meeting was called to discuss the safety preparedness of the government to handle cyber attacks.
It comes just days after hacking of the Kenya Defence Forces’ social media accounts including the official email account of the military spokesperson Emmanuel Chirchir.
In attendance were ICT principal secretary Joseph Tiampati, representatives of the National Intelligence Service, Kenya Defence Forces, CID, CAK director-general Francis Wangusi and ICT Authority chief executive.
http://www.nation.co.ke/business/Cyber-Security-Attacks-ICT-Ministry/-/996/2...
______________________ Mwendwa Kivuva, Nairobi, Kenya twitter.com/lordmwesh
"There are some men who lift the age they inhabit, till all men walk on higher ground in that lifetime." - Maxwell Anderson
_______________________________________________ kictanet mailing list [email protected] https://lists.kictanet.or.ke/mailman/listinfo/kictanet
Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/ngigi%40at.co.ke
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
-- *Regards,* *Wait**haka Ngigi* Chief Executive Officer | Alliance Technologies | MCK Nairobi Synod Building T + 254 (0) 20 2333 471 |Office Mobile: +254 786 28 28 28 | M + 254 737 811 000 www.at.co.ke
They might also host all twitter and FB accounts locally. :) On a more serious note, CAK is the regulator. Is it the right partner to host government content? When we say we want to separate the regulator from control of government, is it something we can achieve? Probably ICTA would have been a more preferred host. Regards ______________________ Mwendwa Kivuva, Nairobi, Kenya twitter.com/lordmwesh "There are some men who lift the age they inhabit, till all men walk on higher ground in that lifetime." - Maxwell Anderson On 25 July 2014 04:31, Ngigi Waithaka <[email protected]> wrote:
Central Management of GoK;s website hosting is a step in the right direction as the skills needed to protect government infrastructure can also be centralized. However, it also gives you a single point of failure where if anyone gets in, then the whole government could be compromised.
On the other hand, is there any advantage to be had from a security PoV from hosting websites in Kenya? Is there say a Data Center in .KE that can withstand a well co-ordinated DDOS Attack on its infrastructure?
Not one.
As an example, this ( http://www.itnews.com.au/News/372033,worlds-largest-ddos-strikes.aspx ) DDOS attack on CloudFare sometime back was generating around 400GPS of Traffic. If this was to be directed to our one data center, then KRA, CBK, Immigration, County Revenue sites etc would all be down.
So as we put all our 'eggs' in one basket we better watch that basket really really carefully.
Regards
On Fri, Jul 25, 2014 at 11:05 AM, Mwendwa Kivuva via kictanet < [email protected]> wrote:
All State-owned websites will be hosted locally in order to curb rising cases of cyber security attacks.
This was a key resolution at a crisis meeting held on Thursday between top security officials and the Ministry of ICT.
Held at Communication Authority of Kenya (CAK), the meeting was called to discuss the safety preparedness of the government to handle cyber attacks.
It comes just days after hacking of the Kenya Defence Forces' social media accounts including the official email account of the military spokesperson Emmanuel Chirchir.
In attendance were ICT principal secretary Joseph Tiampati, representatives of the National Intelligence Service, Kenya Defence Forces, CID, CAK director-general Francis Wangusi and ICT Authority chief executive.
http://www.nation.co.ke/business/Cyber-Security-Attacks-ICT-Ministry/-/996/2...
______________________ Mwendwa Kivuva, Nairobi, Kenya twitter.com/lordmwesh
"There are some men who lift the age they inhabit, till all men walk on higher ground in that lifetime." - Maxwell Anderson
_______________________________________________ kictanet mailing list [email protected] https://lists.kictanet.or.ke/mailman/listinfo/kictanet
Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/ngigi%40at.co.ke
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
-- *Regards,*
*Wait**haka Ngigi* Chief Executive Officer | Alliance Technologies | MCK Nairobi Synod Building T + 254 (0) 20 2333 471 |Office Mobile: +254 786 28 28 28 | M + 254 737 811 000 www.at.co.ke
The important thing is to be using multiple hosting providers and different levels of protection. And of course, Twitter cannot be moved to Kenya :-) You're right that an in-country host is no more secure than one anywhere else from a cyberattack point of view. However, from a regulatory point of view it's much different. Right now the EU can compel Kenyan groups to hand over data because the data resides there. That's not an issue with a local host like Kili. Anyway, local hosts are way faster - that's the most important thing. Having the data local (i.e. Kili) literally makes it 40% faster. Also, for the CloudFlare attack, because there are only 3 routes into the country, a big DDOS from outside probably wouldn't be as intense as it could be to a host in the EU or US. The important thing is that media, government, and enterprises aren't in a position to host on the Internet - they need modern cloud providers like Amazon or Rackspace to help them - or if they're in Kenya, take advantage of a better service for the same price - Kili. -Adam -- Kili - Cloud for Africa: kili.io Musings: twitter.com/varud <https://twitter.com/varud> More Musings: varud.com About Adam: www.linkedin.com/in/adamcnelson On Fri, Jul 25, 2014 at 11:59 AM, Mwendwa Kivuva via kictanet < [email protected]> wrote:
They might also host all twitter and FB accounts locally. :)
On a more serious note, CAK is the regulator. Is it the right partner to host government content? When we say we want to separate the regulator from control of government, is it something we can achieve? Probably ICTA would have been a more preferred host.
Regards
______________________ Mwendwa Kivuva, Nairobi, Kenya twitter.com/lordmwesh
"There are some men who lift the age they inhabit, till all men walk on higher ground in that lifetime." - Maxwell Anderson
On 25 July 2014 04:31, Ngigi Waithaka <[email protected]> wrote:
Central Management of GoK;s website hosting is a step in the right direction as the skills needed to protect government infrastructure can also be centralized. However, it also gives you a single point of failure where if anyone gets in, then the whole government could be compromised.
On the other hand, is there any advantage to be had from a security PoV from hosting websites in Kenya? Is there say a Data Center in .KE that can withstand a well co-ordinated DDOS Attack on its infrastructure?
Not one.
As an example, this ( http://www.itnews.com.au/News/372033,worlds-largest-ddos-strikes.aspx ) DDOS attack on CloudFare sometime back was generating around 400GPS of Traffic. If this was to be directed to our one data center, then KRA, CBK, Immigration, County Revenue sites etc would all be down.
So as we put all our 'eggs' in one basket we better watch that basket really really carefully.
Regards
On Fri, Jul 25, 2014 at 11:05 AM, Mwendwa Kivuva via kictanet < [email protected]> wrote:
All State-owned websites will be hosted locally in order to curb rising cases of cyber security attacks.
This was a key resolution at a crisis meeting held on Thursday between top security officials and the Ministry of ICT.
Held at Communication Authority of Kenya (CAK), the meeting was called to discuss the safety preparedness of the government to handle cyber attacks.
It comes just days after hacking of the Kenya Defence Forces’ social media accounts including the official email account of the military spokesperson Emmanuel Chirchir.
In attendance were ICT principal secretary Joseph Tiampati, representatives of the National Intelligence Service, Kenya Defence Forces, CID, CAK director-general Francis Wangusi and ICT Authority chief executive.
http://www.nation.co.ke/business/Cyber-Security-Attacks-ICT-Ministry/-/996/2...
______________________ Mwendwa Kivuva, Nairobi, Kenya twitter.com/lordmwesh
"There are some men who lift the age they inhabit, till all men walk on higher ground in that lifetime." - Maxwell Anderson
_______________________________________________ kictanet mailing list [email protected] https://lists.kictanet.or.ke/mailman/listinfo/kictanet
Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/ngigi%40at.co.ke
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
-- *Regards,*
*Wait**haka Ngigi* Chief Executive Officer | Alliance Technologies | MCK Nairobi Synod Building T + 254 (0) 20 2333 471 |Office Mobile: +254 786 28 28 28 | M + 254 737 811 000 www.at.co.ke
_______________________________________________ kictanet mailing list [email protected] https://lists.kictanet.or.ke/mailman/listinfo/kictanet
Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/adam%40varud.com
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
I suppose we also need to move all the social media accounts locally? I mean seriously! First things first. The Government needs to have proper infrastructure to manage all their Digital Assets. This should start with the right HR Resources. A CIO is called for as a matter of urgency with a clear mandate to organize, invest, execute and ensure the security of all these Assets. This doesn't only include Websites. These are just portals to access information. It includes the digital migration to digital IDs, the Land Registry, the Company Registry, immigration etc. You get the picture. Having the CAK all of a sudden being asked to host government websites is a waste of our resources and detracts the CAK from doing the job they are there to do. Regulation. I urge CAK to resist and reject these demands on their scarce resources. They could however second competent staff to assist the Central Government achieve this. This may sound harsh but someone needs to take control and stop these knee jerk reactions to serious breaches of our Digital Assets! Brand Kenya is under serious threat as the so called Hub of ICT in Africa. Ali Hussein +254 770 906375 / 0713 601113 Twitter: @AliHKassim Skype: abu-jomo LinkedIn: http://ke.linkedin.com/in/alihkassim Blog: www.alyhussein.com "I fear the day technology will surpass human interaction. The world will have a generation of idiots". ~ Albert Einstein Sent from my iPad
On Jul 25, 2014, at 11:31 AM, Ngigi Waithaka via kictanet <[email protected]> wrote:
Central Management of GoK;s website hosting is a step in the right direction as the skills needed to protect government infrastructure can also be centralized. However, it also gives you a single point of failure where if anyone gets in, then the whole government could be compromised.
On the other hand, is there any advantage to be had from a security PoV from hosting websites in Kenya? Is there say a Data Center in .KE that can withstand a well co-ordinated DDOS Attack on its infrastructure?
Not one.
As an example, this ( http://www.itnews.com.au/News/372033,worlds-largest-ddos-strikes.aspx ) DDOS attack on CloudFare sometime back was generating around 400GPS of Traffic. If this was to be directed to our one data center, then KRA, CBK, Immigration, County Revenue sites etc would all be down.
So as we put all our 'eggs' in one basket we better watch that basket really really carefully.
Regards
On Fri, Jul 25, 2014 at 11:05 AM, Mwendwa Kivuva via kictanet <[email protected]> wrote: All State-owned websites will be hosted locally in order to curb rising cases of cyber security attacks.
This was a key resolution at a crisis meeting held on Thursday between top security officials and the Ministry of ICT.
Held at Communication Authority of Kenya (CAK), the meeting was called to discuss the safety preparedness of the government to handle cyber attacks.
It comes just days after hacking of the Kenya Defence Forces’ social media accounts including the official email account of the military spokesperson Emmanuel Chirchir.
In attendance were ICT principal secretary Joseph Tiampati, representatives of the National Intelligence Service, Kenya Defence Forces, CID, CAK director-general Francis Wangusi and ICT Authority chief executive.
http://www.nation.co.ke/business/Cyber-Security-Attacks-ICT-Ministry/-/996/2...
______________________ Mwendwa Kivuva, Nairobi, Kenya twitter.com/lordmwesh
"There are some men who lift the age they inhabit, till all men walk on higher ground in that lifetime." - Maxwell Anderson
_______________________________________________ kictanet mailing list [email protected] https://lists.kictanet.or.ke/mailman/listinfo/kictanet
Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/ngigi%40at.co.ke
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
-- Regards,
Waithaka Ngigi Chief Executive Officer | Alliance Technologies | MCK Nairobi Synod Building T + 254 (0) 20 2333 471 |Office Mobile: +254 786 28 28 28 | M + 254 737 811 000 www.at.co.ke
_______________________________________________ kictanet mailing list [email protected] https://lists.kictanet.or.ke/mailman/listinfo/kictanet
Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/info%40alyhussein.com
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
Interestingthe assumption here is that the attacks are coming from outside KenyaNEWSFLASH: perimeter security is dead, research shows that more than 65% of security threats (cyber or otherwise) come from within country, government or organisation. Harry Hare Director | African eDevelopment Resource Centre PO Box 49475 00100 | Nairobi, Kenya Tel +254 20 4041646 | Cel +254 725 650044 From: KICTAnet ICT Policy Discussions <[email protected]> Reply-To: Mwendwa Kivuva <[email protected]>, KICTAnet ICT Policy Discussions <[email protected]> Date: Fri, 25 Jul 2014 04:05:31 -0400 To: Cio_Magazine Hare <[email protected]> Subject: [kictanet] Stung by cyber attacks, State resolves to host websites locally All State-owned websites will be hosted locally in order to curb rising cases of cyber security attacks. This was a key resolution at a crisis meeting held on Thursday between top security officials and the Ministry of ICT. Held at Communication Authority of Kenya (CAK), the meeting was called to discuss the safety preparedness of the government to handle cyber attacks. It comes just days after hacking of the Kenya Defence Forces¹ social media accounts including the official email account of the military spokesperson Emmanuel Chirchir. In attendance were ICT principal secretary Joseph Tiampati, representatives of the National Intelligence Service, Kenya Defence Forces, CID, CAK director-general Francis Wangusi and ICT Authority chief executive. http://www.nation.co.ke/business/Cyber-Security-Attacks-ICT-Ministry/-/996/2 396632/-/g6u9p4z/-/index.html ______________________ Mwendwa Kivuva, Nairobi, Kenya twitter.com/lordmwesh <http://twitter.com/lordmwesh> "There are some men who lift the age they inhabit, till all men walk on higher ground in that lifetime." - Maxwell Anderson _______________________________________________ kictanet mailing list [email protected] https://lists.kictanet.or.ke/mailman/listinfo/kictanet Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/harry%40africanedevelo pment.org The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development. KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
From personal experience, you can find the right talent, you just need to
Mail was compromised along with sites & social media accounts. I agree with those who state that there needs to be a comprehensive security policy in place - a poorly secured site will be hacked whether it's hosted in Kenya or the US. We have experienced this in the last one odd year, especially people who have legacy Joomla/Wordpress websites. They don't update them and next thing you know, they've been compromised. The argument for local hosting though makes sense primarily from a latency perspective. Some counties have opted to go for local hosting e.g. Kiambu ( www.kiambu.go.ke) and there is a significant improvement in performance. Additionally, there's a lot to be said for data residency especially in this age of mass surveillance of other governments by the US etc. However, this needs to be congruent - mail, applications etc all need to be local otherwise it's a little moot to move the site but still have no control of the applications. All I can say is that there is more than enough expertise in cloud/infrastructure/hosting/security etc in Kenya that it can be managed well if the right contractors are chosen. After all, our financial services outfits (Equity, KCB etc) all run their IT systems locally and they've managed to find the expertise. figure out the right incentives (disclaimer, interested party, I'm running the platform on which the Kiambu County site is hosted, Angani). There are options, there is expertise. We just need to figure out where this breaks down for government. Is it the contractors they choose, lack of in house expertise or lack of budget. On Fri, Jul 25, 2014 at 12:40 PM, Harry Hare | African eDevelopment Resource Centre via kictanet <[email protected]> wrote:
Interesting...the assumption here is that the attacks are coming from outside Kenya...NEWSFLASH: perimeter security is dead, research shows that more than 65% of security threats (cyber or otherwise) come from within - country, government or organisation.
Harry Hare
Director | African eDevelopment Resource Centre PO Box 49475 00100 | Nairobi, Kenya Tel +254 20 4041646 | Cel +254 725 650044
From: KICTAnet ICT Policy Discussions <[email protected]> Reply-To: Mwendwa Kivuva <[email protected]>, KICTAnet ICT Policy Discussions <[email protected]> Date: Fri, 25 Jul 2014 04:05:31 -0400 To: Cio_Magazine Hare <[email protected]> Subject: [kictanet] Stung by cyber attacks, State resolves to host websites locally
All State-owned websites will be hosted locally in order to curb rising cases of cyber security attacks.
This was a key resolution at a crisis meeting held on Thursday between top security officials and the Ministry of ICT.
Held at Communication Authority of Kenya (CAK), the meeting was called to discuss the safety preparedness of the government to handle cyber attacks.
It comes just days after hacking of the Kenya Defence Forces' social media accounts including the official email account of the military spokesperson Emmanuel Chirchir.
In attendance were ICT principal secretary Joseph Tiampati, representatives of the National Intelligence Service, Kenya Defence Forces, CID, CAK director-general Francis Wangusi and ICT Authority chief executive.
http://www.nation.co.ke/business/Cyber-Security-Attacks-ICT-Ministry/-/996/2...
______________________ Mwendwa Kivuva, Nairobi, Kenya twitter.com/lordmwesh
"There are some men who lift the age they inhabit, till all men walk on higher ground in that lifetime." - Maxwell Anderson _______________________________________________ kictanet mailing list [email protected] https://lists.kictanet.or.ke/mailman/listinfo/kictanet Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/harry%40africanedevelo... The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development. KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
_______________________________________________ kictanet mailing list [email protected] https://lists.kictanet.or.ke/mailman/listinfo/kictanet
Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/pkariuki%40gmail.com
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
-- Warm Regards, Phares Kariuki *E*: [email protected] | *Twitter*: kaboro |* Skype*: kariukiphares | *B*: http://www.kaboro.com/ |
Thanks for sharing Mwesh Agreed that hosting in Kenya will for the most part do NOTHING to stop "cyber attacks". In principle of course, for many reasons, government services should be hosted at home. Security is increasingly becoming a service, not something you do yourself, unfortunately foreign, and mainly US cloud providers are pretty good at it. For most type of attacks, a Gmail account would unfortunately protect better than your average government email account. This of course depends on your threat model, if you are a state, and should rightly be concerned about espionage from foreign government (e.g. maybe that organisation, what was it called again? oh yeah, NSA), then you definitely should host at home. I don't think local hosting will protect better (seems to be a consensus here), but it will give the government of Kenya more control over conducting their own forensics. A nagging thought at the back of my mind, but maybe it was not even a "hack", just someone running wireshark or something and intercepting on the same network as an official who's mail client was not setup for SSL/TLS. If social media accounts are used, its usually the simplest and lamest explanation, phishing attack combined with taking advantage of password reuse. Maybe someone should throw a Cryptoparty and invite the Ministry of ICT along so they can learn about digital security, and how it starts at home? That would be fun www.cryptoparty.in :) Again I restate, of course government sites and communications infrastructures as well as egovernment should be hosted at home. I worry however about the increasing trend of Balkanisation of the internet, which is aggravated by NSA revelations and cyber threats. Its all well and good to argue from a security perspective to host at home, the EU for example is trying to make European clouds as a response to the NSA. However be wary if this ever becomes an excuse for government to request more data is stored locally. Brazil wants Google data centers hosted locally, Russia has a law requiring all internet companies to store data locally. Why? To make it easier for these governments to conduct surveillance on their own citizens of course. One should generally fear ones own government the most when it comes to surveillance. So there is some good in this proposal, and some potential bad in the general trends underpinning it. On 25 July 2014 10:05, Mwendwa Kivuva via kictanet <[email protected]> wrote:
All State-owned websites will be hosted locally in order to curb rising cases of cyber security attacks.
This was a key resolution at a crisis meeting held on Thursday between top security officials and the Ministry of ICT.
Held at Communication Authority of Kenya (CAK), the meeting was called to discuss the safety preparedness of the government to handle cyber attacks.
It comes just days after hacking of the Kenya Defence Forces’ social media accounts including the official email account of the military spokesperson Emmanuel Chirchir.
In attendance were ICT principal secretary Joseph Tiampati, representatives of the National Intelligence Service, Kenya Defence Forces, CID, CAK director-general Francis Wangusi and ICT Authority chief executive.
http://www.nation.co.ke/business/Cyber-Security-Attacks-ICT-Ministry/-/996/2...
______________________ Mwendwa Kivuva, Nairobi, Kenya twitter.com/lordmwesh
"There are some men who lift the age they inhabit, till all men walk on higher ground in that lifetime." - Maxwell Anderson
_______________________________________________ kictanet mailing list [email protected] https://lists.kictanet.or.ke/mailman/listinfo/kictanet
Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/alex.comninos%40gmail....
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
participants (11)
-
Adam Nelson -
Alex Comninos -
Ali Hussein -
Brian Munyao Longwe -
Harry Hare | African eDevelopment Resource Centre -
Mouz -
Mwendwa Kivuva -
Nasser Kettani -
Ngigi Waithaka -
Phares Kariuki -
Rad!