[kictanet] Stung by cyber attacks, State resolves to host websites locally

Fri Jul 25 14:16:14 EAT 2014

Thanks for sharing Mwesh

Agreed that hosting in Kenya will for the most part do NOTHING to stop
"cyber attacks". In principle of course, for many reasons, government
services should be hosted at home. Security is increasingly becoming a
service, not something you do yourself, unfortunately foreign, and
mainly US cloud providers are pretty good at it.  For most type of
attacks, a Gmail account would unfortunately protect better than your
average government email account. This of course depends on your
threat model, if you are a state, and should rightly be concerned
about espionage from foreign government (e.g. maybe that organisation,
what was it called again? oh yeah, NSA), then you definitely should
host at home.

I don't think local hosting will protect better (seems to be a
consensus here), but it will give the government of Kenya more control
over conducting their own forensics.

A nagging thought at the back of my mind, but maybe it was not even a
"hack", just someone running wireshark or something and intercepting
on the same network as an official who's mail client was not setup for
SSL/TLS. If social media accounts are used, its usually the simplest
and lamest explanation, phishing attack combined with taking advantage
of password reuse. Maybe someone should throw a Cryptoparty and invite
the Ministry of ICT along so they can learn about digital security,
and how it starts at home? That would be fun www.cryptoparty.in :)

Again I restate, of course government sites and communications
infrastructures as well as egovernment should be hosted at home. I
worry however about the increasing trend of Balkanisation of the
internet, which is aggravated by NSA revelations and cyber threats.
Its all well and good to argue from a security perspective to host at
home, the EU for example is trying to make European clouds as a
response to the NSA. However be wary if this ever becomes an excuse
for government to request more data is stored locally. Brazil wants
Google data centers hosted locally, Russia has a law requiring all
internet companies to store data locally. Why? To make it easier for
these governments to conduct surveillance on their own citizens of
course. One should generally fear ones own government the most when it
comes to surveillance.

So there is some good in this proposal, and some potential bad in the
general trends underpinning it.

On 25 July 2014 10:05, Mwendwa Kivuva via kictanet
<kictanet at lists.kictanet.or.ke> wrote:
> All State-owned websites will be hosted locally in order to curb rising
> cases of cyber security attacks.
>
> This was a key resolution at a crisis meeting held on Thursday between top
> security officials and the Ministry of ICT.
>
> Held at Communication Authority of Kenya (CAK), the meeting was called to
> discuss the safety preparedness of the government to handle cyber attacks.
>
> It comes just days after hacking of the Kenya Defence Forces’ social media
> accounts including the official email account of the military spokesperson
> Emmanuel Chirchir.
>
> In attendance were ICT principal secretary Joseph Tiampati, representatives
> of the National Intelligence Service, Kenya Defence Forces, CID, CAK
> director-general Francis Wangusi and ICT Authority chief executive.
>
> http://www.nation.co.ke/business/Cyber-Security-Attacks-ICT-Ministry/-/996/2396632/-/g6u9p4z/-/index.html
>
>
> ______________________
> Mwendwa Kivuva, Nairobi, Kenya
> twitter.com/lordmwesh
>
> "There are some men who lift the age they inhabit, till all men walk on
> higher ground in that lifetime." - Maxwell Anderson
>
> _______________________________________________
> kictanet mailing list
> kictanet at lists.kictanet.or.ke
> https://lists.kictanet.or.ke/mailman/listinfo/kictanet
>
> Unsubscribe or change your options at
> https://lists.kictanet.or.ke/mailman/options/kictanet/alex.comninos%40gmail.com
>
> The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for
> people and institutions interested and involved in ICT policy and
> regulation. The network aims to act as a catalyst for reform in the ICT
> sector in support of the national aim of ICT enabled growth and development.
>
> KICTANetiquette : Adhere to the same standards of acceptable behaviors
> online that you follow in real life: respect people's times and bandwidth,
> share knowledge, don't flame or abuse or personalize, respect privacy, do
> not spam, do not market your wares or qualifications.