[kictanet] Stung by cyber attacks, State resolves to host websites locally

Fri Jul 25 11:25:57 EAT 2014

It looks like the sites will be hosted by CAK internally.  Of course,
that's a recipe for monoculture and some serious problems around stagnation
of eGovernment products.  Smarter would be:

1. Have compulsory training on basic security for all government employees
who work in an office.
2. Get all government employees on a modern OS (OS X Mavericks, Windows 8,
Ubuntu 14.04, Android 4.4, iOS 7, etc..).  Any hardware than can't support
these OSes should be auctioned off.
3. Turn on two-factor authentication wherever possible
4. Aside from totally sensitive information (CBK, MoD, office of
President), put everything on a local public cloud like Kili (http://kili.io
).
5. Use vendors to do application implementations that are NOT the hosts of
the application (i.e. Seven Seas should implement but not be the host and
Kili should host but not write the application - this prevents lock-in and
staleness which leads to security holes).
6. For deeply sensitive stuff, deploy private clouds that are not connected
to the Internet.  Some vendors locally can do this (including Kili of
course).

-Adam

--
Kili - Cloud for Africa: kili.io
Musings: twitter.com/varud <https://twitter.com/varud>
More Musings: varud.com
About Adam: www.linkedin.com/in/adamcnelson

On Fri, Jul 25, 2014 at 11:05 AM, Mwendwa Kivuva via kictanet <
kictanet at lists.kictanet.or.ke> wrote:

> All State-owned websites will be hosted locally in order to curb rising
> cases of cyber security attacks.
>
> This was a key resolution at a crisis meeting held on Thursday between top
> security officials and the Ministry of ICT.
>
> Held at Communication Authority of Kenya (CAK), the meeting was called to
> discuss the safety preparedness of the government to handle cyber attacks.
>
> It comes just days after hacking of the Kenya Defence Forces’ social media
> accounts including the official email account of the military spokesperson
> Emmanuel Chirchir.
>
> In attendance were ICT principal secretary Joseph Tiampati,
> representatives of the National Intelligence Service, Kenya Defence Forces,
> CID, CAK director-general Francis Wangusi and ICT Authority chief executive.
>
>
> http://www.nation.co.ke/business/Cyber-Security-Attacks-ICT-Ministry/-/996/2396632/-/g6u9p4z/-/index.html
>
>
> ______________________
> Mwendwa Kivuva, Nairobi, Kenya
> twitter.com/lordmwesh
>
> "There are some men who lift the age they inhabit, till all men walk on
> higher ground in that lifetime." - Maxwell Anderson
>
> _______________________________________________
> kictanet mailing list
> kictanet at lists.kictanet.or.ke
> https://lists.kictanet.or.ke/mailman/listinfo/kictanet
>
> Unsubscribe or change your options at
> https://lists.kictanet.or.ke/mailman/options/kictanet/adam%40varud.com
>
> The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform
> for people and institutions interested and involved in ICT policy and
> regulation. The network aims to act as a catalyst for reform in the ICT
> sector in support of the national aim of ICT enabled growth and development.
>
> KICTANetiquette : Adhere to the same standards of acceptable behaviors
> online that you follow in real life: respect people's times and bandwidth,
> share knowledge, don't flame or abuse or personalize, respect privacy, do
> not spam, do not market your wares or qualifications.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.kictanet.or.ke/pipermail/kictanet/attachments/20140725/a56b5180/attachment.htm>