<div>Dear Roy et al,</div><div><br></div><div><br></div><div>I am miffed at all the hullabaloo caused by the hacking of the 100 websites. Late last year CCK hosted a workshop at the Nairobi Safari club which was widely publicised that brought together stakeholders to discuss this issues in fact the immediate former Chair of ISACA Kenya Chapter made a very elaborate presentation. In the first place the workshop was not a news item despite the efforts made by the organisers to bring in Cyber Security experts from George Mason University and the creme de la creme in the local Cyber Security community. To me this is a non issue because we are aware but somebody somewhere is aware of what needs to be done and should be held accountable, if you don't lock the door to your house at night and thieves come in , do you blame the police? We must shun mediocrity.</div>
<div><br></div><div>Best Regards</div><br><div class="gmail_quote">On Wed, Jan 18, 2012 at 12:17 PM, Walubengo J <span dir="ltr"><<a href="mailto:jwalu@yahoo.com">jwalu@yahoo.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<table cellspacing="0" cellpadding="0" border="0"><tbody><tr><td valign="top" style="font:inherit">--- On <b>Wed, 1/18/12, Walubengo J <i><<a href="mailto:jwalu@yahoo.com" target="_blank">jwalu@yahoo.com</a>></i></b> wrote:<br>
<blockquote style="border-left:2px solid rgb(16,16,255);margin-left:5px;padding-left:5px"><br>From: Walubengo J <<a href="mailto:jwalu@yahoo.com" target="_blank">jwalu@yahoo.com</a>><br>Subject: [kictanet] Government Websites Hacked :- What next?<br>
To: <a href="mailto:jwalu@yahoo.com" target="_blank">jwalu@yahoo.com</a><br>Cc: "<a href="mailto:kictanet@lists.kictanet.or.ke" target="_blank">kictanet@lists.kictanet.or.ke</a>" <<a href="mailto:kictanet@lists.kictanet.or.ke" target="_blank">kictanet@lists.kictanet.or.ke</a>><br>
Date: Wednesday, January 18, 2012, 12:07 PM<div><div class="h5"><br><br><div><table border="0" cellpadding="0" cellspacing="0"><tbody><tr><td style="font:inherit" valign="top">
<p style="margin-bottom:0in"><br>
</p>
<p style="margin-bottom:0in"><b>Government Websites Hacked :- What
next?</b></p>
<p style="margin-bottom:0in"><br>
</p>
<p style="margin-bottom:0in">It has been all over the social
network. Most government websites hosted on the .<b><a href="http://go.ke" target="_blank">go.ke</a></b> domain
were hacked by some Indonesian cyber-security student. Apparently
after several hours of teaching, the lecturer encouraged the students
to test their skills on selected government sites and what better
target than Kenya? After all Kenya is reputed to be the hub for ICT
technologies in East and Central Africa. Better still, with the
recently implemented multiple undersea fiber cables, Kenya present
high quality internet speeds that are necessary for launching
sophisticated attacks from within and the outside world.</p>
<p style="margin-bottom:0in"><br>
</p>
<p style="margin-bottom:0in">With that hindsight or profiling, the
hacker must have made a good choice of a target - a target that has
its technological development way ahead of its cyber security
advancement. Within hours over one hundreds of governments sites
including the not so lucky <a href="http://www.treasury.go.ke/" target="_blank">http://www.treasury.go.ke/</a>,
http//<a href="http://www.lands.go.ke" target="_blank">www.lands.go.ke</a> and <a href="http://www.roads.go.ke" target="_blank">www.roads.go.ke</a> just to select a few. By
the time of going to press, twelve long hours after the attack, most
of these sites continue to be down.</p>
<p style="margin-bottom:0in"><br>
</p>
<p style="margin-bottom:0in">Think about it, if Vision 2030 is to be
believed, most Kenyans will be engaging governments e-services
through these sites. Think of what would happen if this type of
attack is repeated 5years from today. Ever seen the hue and cry when
MPESA is down for 10minutes? Think of that and then think disaster
when Ministry of Lands, Roads (electric trains?) and Treasury get
shut down in future - by a local university student doing her
security practicals on government sites.</p>
<p style="margin-bottom:0in"><br>
</p>
<p style="margin-bottom:0in">The Social network is abuzz with chants
of whom to blame. Is it eGovernment Directorate, is it the Converged
Regulator who runs the National CSIRT (Cyber Security Incidence
Response Team) or should it be the security agent, NSIS - with its
mega-billion funds to invest in security? For ISACA-Kenya, we think
it is a wakeup call for everyone, to realize that Cyber Security is
not a one-man or woman show. Just like the ongoing "Linda-Nchi"
initiative in Somali where we are all affected - each and everyone
must contribute to the overall safety of the other. Security is
indeed not entirely the Chief of General Staff's problem, but rather
a collective problem requiring a collective approach.</p>
<p style="margin-bottom:0in"><br>
</p>
<p style="margin-bottom:0in"><br>
</p>
<p style="margin-bottom:0in"><br>
</p>
<p style="margin-bottom:0in">So in conclusion, a safer digital
environment is going to take a lot more and deliberate exercise to
involve and educate each stakeholder. Most notably ofcourse the
Telecommunication Operators, Hosting and Content Managers,
Regulators, Law Enforcement, Judiciary, the ICT professionals and
Users. The cyber-security of our country is going to be as good as
the weakest link in these and possibly a wider group of stakeholders.
This is a wakeup call for a concerted and holistic look at how such
an National Cyber-Security program could be achieved.</p>
<p style="margin-bottom:0in"><br>
</p>
<p style="margin-bottom:0in">Signed</p>
<p style="margin-bottom:0in">Roy Akalah</p>
<p style="margin-bottom:0in"><b>President</b></p>
<p style="margin-bottom:0in"><b>ISACA-Kenya Chapter</b></p>
<br></td></tr></tbody></table></div><br></div></div>-----Inline Attachment Follows-----<br><br><div>_______________________________________________<br>kictanet mailing list<br><a href="http://mc/compose?to=kictanet@lists.kictanet.or.ke" target="_blank">kictanet@lists.kictanet.or.ke</a><br>
<a href="http://lists.kictanet.or.ke/mailman/listinfo/kictanet" target="_blank">http://lists.kictanet.or.ke/mailman/listinfo/kictanet</a><br><br>Unsubscribe or change your options at <a href="http://lists.kictanet.or.ke/mailman/options/kictanet/jwalu%40yahoo.com" target="_blank">http://lists.kictanet.or.ke/mailman/options/kictanet/jwalu%40yahoo.com</a><br>
<br>The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and
development.<br><br>KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.</div>
</blockquote></td></tr></tbody></table><br>_______________________________________________<br>
ke-internetusers mailing list<br>
<a href="mailto:ke-internetusers@bdix.net">ke-internetusers@bdix.net</a><br>
<a href="http://www.bdix.net/mailman/listinfo/ke-internetusers" target="_blank">http://www.bdix.net/mailman/listinfo/ke-internetusers</a><br>
<br></blockquote></div><br><br clear="all"><div><br></div>-- <br>Barrack O. Otieno<div>+254721325277</div><div>+254-20-2498789<br>Skype: barrack.otieno</div><br>