[kictanet] Government Websites Hacked :- What next?

Walubengo J jwalu at yahoo.com
Wed Jan 18 12:07:59 EAT 2012 



	
	
	
	p { margin-bottom: 0.08in; }a:link {  }




Government Websites Hacked :- What
next?



It has been all over the social
network. Most government websites hosted on the .go.ke domain
were hacked by some Indonesian cyber-security student.  Apparently
after several hours of teaching, the lecturer encouraged the students
to test their skills on selected government sites and what better
target than Kenya? After all Kenya is reputed to be the hub for ICT
technologies in East and Central Africa. Better still, with the
recently implemented multiple undersea fiber cables, Kenya  present
high quality internet speeds that are necessary for launching
sophisticated attacks from within and the outside world.



With that hindsight or profiling, the
hacker must have made a good choice of a target - a target that has
its technological development way ahead of its cyber security
advancement. Within hours over one hundreds of governments sites
including the not so lucky http://www.treasury.go.ke/,
http//www.lands.go.ke and www.roads.go.ke just to select a few. By
the time of going to press, twelve long hours after the attack, most
of these sites continue to be down.



Think about it, if Vision 2030 is to be
believed, most Kenyans will be engaging governments e-services
through these sites. Think of what would happen if this type of
attack is repeated 5years from today.  Ever seen the hue and cry when
MPESA is down for 10minutes?  Think of that and then think disaster
when Ministry of Lands, Roads (electric trains?)  and Treasury get
shut down in future  -  by a local university student doing her
security practicals on government sites.



The Social network is abuzz with chants
of whom to blame. Is it eGovernment Directorate, is it the Converged
Regulator who runs the National CSIRT (Cyber Security Incidence
Response Team) or should it be the security agent, NSIS - with its
mega-billion funds to invest in security?  For ISACA-Kenya, we think
it is a wakeup call for everyone, to realize that Cyber Security is
not a one-man or woman show.  Just like the ongoing "Linda-Nchi"
initiative in Somali where we are all affected - each and everyone
must contribute to the overall safety of the other. Security is
indeed not entirely the Chief of General Staff's problem, but rather 
a collective problem requiring a collective approach.









So in conclusion, a safer digital
environment is going to take a lot more and deliberate exercise to
involve and educate each stakeholder.  Most notably ofcourse the
Telecommunication Operators, Hosting and Content Managers,
Regulators, Law Enforcement, Judiciary, the ICT professionals and
Users. The cyber-security of our country is going to be as good as
the weakest link in these and possibly a wider group of stakeholders.
 This is a wakeup call for a concerted and holistic look at how such
an National Cyber-Security program could be achieved.



Signed
Roy Akalah
President
ISACA-Kenya Chapter

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.kictanet.or.ke/pipermail/kictanet/attachments/20120118/e66ddbfd/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Gov Sites hacked-Press Release v2.pdf
Type: application/pdf
Size: 93539 bytes
Desc: not available
URL: <https://lists.kictanet.or.ke/pipermail/kictanet/attachments/20120118/e66ddbfd/attachment.pdf>

More information about the KICTANet mailing list