Friends This matter underlines a key aspect that should trigger comprehensive assessment of the way critical infrastructure is managed in this country. As the Treasury indicated a while back, Safaricom's role and especially its MPESA service is a critical cog in the Kenyan economy. A while back there was a task force dealing with regulations to govern critical infrastructure to ensure that this is protected accordingly. This would require designs that assure resilience in the face of potential vulnerabilities (both logical and physical) with continuity at the core of these. I suppose that Safaricom continually assesses (through audits and self-assessment) its vulnerabilities, examines associated exposures and potential impacts with clear action plans on how to address those weaknesses. . I am sure the regulator seeks the same from an assurance perspective as part of the entity's licensing requirements. Without thinking of the worst: cyber-related risks abound too! Regards. ---------------------------------------------------------------------------- ------------------------------ Matunda Nyanchama, PhD, CISSP; Director & Managing Consultant, <mailto:mnyanchama@aganoconsulting.com> mnyanchama@aganoconsulting.com Agano Consulting Inc.; <http://www.aganoconsulting.com/> www.aganoconsulting.com; Twitter: <http://twitter.com/#%21/nmatunda> nmatunda; Skype: okiambe ---------------------------------------------------------------------------- ------------------------------- Manage your ICT risks! We are the experts you need! The trusted partners you deserve! Call: +254-20-267-0743 (Kenya) or info@aganoconsulting.com Licensed by Communications Authority of Kenya (CA)