<p>Almost 100% of the internet functions via open source standards/technologies, yet the internet is never going to be completely secure.</p>
<p>We need to educate the public that open source technologies/standards are rarely more secure than our personal behaved.</p>
<p>We often blame proprietary client/server technologies for insecurity where network security also fails to stop breaches.</p>
<p>To steal passwords, have not even binoculars been used to note finger movements/positionings on keyboard?</p>
<div class="gmail_quote">On Mar 21, 2013 9:52 AM, "Evans Ikua" <<a href="mailto:ikua.evans@gmail.com" target="_blank">ikua.evans@gmail.com</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
This is something that should have happened already and I wish those involved godspeed in the implementation. Its god that the government is taking this initiative and it will be interesting to see exactly how CCK is planning to get the private sector to participate. Lets have that information soon.<br>
<br>At the same time, just a word of caution, PKI is not a silver bullet for security.� I am not sure if PKI will reduce the instance of cyber insecurity, other than providing for non-repudiation and authenticity. The implementation is much more than just getting the vendor to install the technology. There are many pitfalls and challenges. Then there is there is the education of users, in this case the entire population. Encryption is one of the most complicated subjects there is. <br>
<br>Just my thoughts.<br>Evans<br><br><div class="gmail_quote">On Thu, Mar 21, 2013 at 8:23 AM, Dorcas Muthoni <span dir="ltr"><<a href="mailto:dmuthoni@gmail.com" target="_blank">dmuthoni@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Sounds very good..can you please share with us envisaged use cases especially for Government-2-Citizen, e-commerce providers deploying SaaS solutions.<div>
<br></div><div>Alternatively, please give us a link to more detailed information on services accessible via the infrastructure to application developers.<br>
<br><div class="gmail_quote"><div>On Wed, Mar 20, 2013 at 4:59 PM, Phyllis Nyambura <span dir="ltr"><<a href="mailto:pnyambura@ict.go.ke" target="_blank">pnyambura@ict.go.ke</a>></span> wrote:<br>
</div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div>
<p class="MsoNormal" style="line-height:normal"><b><span style="font-size:14.0pt;font-family:"Trebuchet MS","sans-serif"">Government acts on
driving e-commerce growth</span></b></p><p class="MsoNormal" style="line-height:normal"><br><b><span style="font-size:14.0pt;font-family:"Trebuchet MS","sans-serif""></span></b><span style="font-size:12.0pt;font-family:"Trebuchet MS","sans-serif""></span></p>
<p class="MsoNormal" style="line-height:normal"><b><i><span style="font-size:12.0pt;font-family:"Trebuchet MS","sans-serif"">Establishment of a
secure online environment will be implemented come October <br></span></i></b></p><p class="MsoNormal" style="line-height:normal"><br><b><i><span style="font-size:12.0pt;font-family:"Trebuchet MS","sans-serif""></span></i></b><span style="font-size:12.0pt;font-family:"Trebuchet MS","sans-serif""></span></p>
<p class="MsoNormal"><b><span style="font-size:12.0pt;line-height:115%;font-family:"Trebuchet MS","sans-serif"">Nairobi 20th March,
2013: </span></b><span style="font-size:12.0pt;line-height:115%;font-family:"Trebuchet MS","sans-serif"">The government through the Kenya ICT
board, Communications Commission of Kenya (CCK) and Directorate of E-government,
today held a forum with stakeholders to sensitise them on what it will take to
secure online transactions. Public Key Infrastructure (PKI), is the national
system that the government is implementing to provide digital certification
services.</span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;line-height:115%;font-family:"Trebuchet MS","sans-serif""><br></span></p><p class="MsoNormal"><span style="font-size:12.0pt;line-height:115%;font-family:"Trebuchet MS","sans-serif"">Through the Public
Key Infrastructure (PKI), the government will set up an online identity and
verification system where each citizen will be issued with a unique online
identity (digital certificate) that will be required whenever they take part in
online transactions. The project is being implemented by Korea technology
company Samsung SDS. <br></span></p><p class="MsoNormal"><span style="font-size:12.0pt;line-height:115%;font-family:"Trebuchet MS","sans-serif""><br></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;line-height:115%;font-family:"Trebuchet MS","sans-serif"">�Electronic signing
is the most ensuring method to help solve a lot of the on-line crimes we see
such as hacking, identity theft and forgery of sensitive information.
Interested individuals will apply for a digital certificate using their name
and ID number and later called in for a face-to-face authentication process by
the Accredited Certificate Authority. Following the verification process, the
applicants will then be authorized to download the digital certificate to the
PC or USB (HSM token),� explained Evans Kahuthu, Project Manager Information
Security at the Kenya ICT Board.� </span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;line-height:115%;font-family:"Trebuchet MS","sans-serif""><br></span></p><p class="MsoNormal"><span style="font-size:12.0pt;line-height:115%;font-family:"Trebuchet MS","sans-serif"">The online
certificate will be a unique Internet ID (a cryptographic key) that will
facilitate access to on-line government services leading to increased online
business. <span><br></span></span></p><p class="MsoNormal"><span style="font-size:12.0pt;line-height:115%;font-family:"Trebuchet MS","sans-serif""><span>�</span></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;line-height:115%;font-family:"Trebuchet MS","sans-serif"">�Going forward, we
will be getting into complex, sophisticated and very hard to investigate
organized cybercrime. It is therefore prudent that the government readies
itself to tackle these new challenges,� said <span style="color:#222222">Francis
Mwaura, Senior Assistant Director, and Directorate of E-Government. </span></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;line-height:115%;font-family:"Trebuchet MS","sans-serif";color:#222222"><span>�</span>�As the government moves to automate and
digitize its records, e-government will handle a lot of sensitive data, and
this calls for security of these records,� added Francis Mwaura.</span></p><p class="MsoNormal"><span style="font-size:12.0pt;line-height:115%;font-family:"Trebuchet MS","sans-serif";color:#222222">� </span><span style="font-size:12.0pt;line-height:115%;font-family:"Trebuchet MS","sans-serif""></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;line-height:115%;font-family:"Trebuchet MS","sans-serif";color:#222222">The
project expected date of completion is October and it will be piloted at the
Kenya Revenue Authority before a roll-out to other government agencies and
ministries. This will mean that those applying for KRA online services e.g tax
returns and pin certificates will have to apply for digital certificates before
they are allowed to transact.</span></p><p class="MsoNormal"><br><span style="font-size:12.0pt;line-height:115%;font-family:"Trebuchet MS","sans-serif";color:#222222"></span><span style="font-size:12.0pt;line-height:115%;font-family:"Trebuchet MS","sans-serif""></span></p>
<p class="MsoNormal" style="line-height:normal"><span style="font-size:12.0pt;font-family:"Trebuchet MS","sans-serif"">�Internet
users have to struggle with a trade-off between convenience and security. As
countries all over the world are making progress in e-government, all offline
activities are being changed into online ones like e-commerce, e-banking,
e-procurement and e-bidding through the internet. That�s why PKI is so crucial
at this time,� said Samsung SDS Vice President, Sungwon Han.</span></p><p class="MsoNormal" style="line-height:normal"><span style="font-size:12.0pt;font-family:"Trebuchet MS","sans-serif""><br> </span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;line-height:115%;font-family:"Trebuchet MS","sans-serif";color:#222222">�</span><span style="font-size:12.0pt;line-height:115%;font-family:"Trebuchet MS","sans-serif"">
�Kenya is taking the lead in East Africa,� said Michael Katundu, Director
Information Technology at CCK, who also chairs the Cyber Security Steering Committee
in the region. </span><span style="font-size:12.0pt;line-height:115%;font-family:"Trebuchet MS","sans-serif"">CCK will be the root certification
authority and will also accredit private companies who will issue certification
to online users on their behalf. Full details of who qualifies to be an accreditter
will be published on CCK website (</span><cite><span style="font-family:"Calibri","sans-serif"">www.<b>cck</b>.<a href="http://go.ke" target="_blank">go.ke</a>)</span></cite><span style="font-size:12.0pt;line-height:115%;font-family:"Trebuchet MS","sans-serif"">. <br>
</span></p><p class="MsoNormal"><br><span style="font-size:12.0pt;line-height:115%;font-family:"Trebuchet MS","sans-serif""></span><span style="font-size:12.0pt;line-height:115%;font-family:"Trebuchet MS","sans-serif""></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;line-height:115%;font-family:"Trebuchet MS","sans-serif"">Immediate
beneficiaries of PKI are those that rely heavily on e-transactions among them;
Banks, Tax bodies (KRA), online businesses and those that hold sensitive
information like Medical service providers, legal entities and government
ministries like the Immigration and Lands.</span></p><p class="MsoNormal"><span style="font-size:12.0pt;line-height:115%;font-family:"Trebuchet MS","sans-serif""><br></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;line-height:115%;font-family:"Trebuchet MS","sans-serif"">In <u>2009</u>, Kenya
passed the amendment legislation introducing the regulation of Electronic
Signatures (E-Signature) into the Kenya Information and Communications Act, <i>Cap
411A </i>(as part of e-transactions).</span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;line-height:115%;font-family:"Trebuchet MS","sans-serif"">Subsequent <u>subsidiary
legislation</u> to operationalise this framework was designed in 2010 in the
form of Kenya Information and Communications (Electronic Certification and
Domain Name Administration) Regulations, 2010.</span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;line-height:115%;font-family:"Trebuchet MS","sans-serif"">�</span></p>
<p class="MsoNormal" style="line-height:normal"><b><i><span style="font-size:12.0pt;font-family:"Trebuchet MS","sans-serif"">For more information
contact <a href="mailto:pnyambura@ict.go.ke" target="_blank">pnyambura@ict.go.ke</a></span></i></b><span style="font-size:12.0pt;font-family:"Trebuchet MS","sans-serif""></span></p>
<p class="MsoNormal" style="line-height:normal"><span style="font-size:12.0pt;font-family:"Trebuchet MS","sans-serif"">�</span></p>
<p class="MsoNormal"><span style="font-family:"Trebuchet MS","sans-serif"">�</span></p>
<br clear="all"><br>-- <br>Phyllis Nyambura<br>Communication Writer<br>Kenya ICT Board<br><br>Telposta Towers, 12th Floor, Kenyatta Ave<br>P.O. Box 27150 - 00100 Nairobi, Kenya<br>t: + 254-020-2211960/62 | m: <a href="tel:%2B%20254%20%280%29%20789396433" value="+254789396433" target="_blank">+ 254 (0) 789396433</a> | e: <a href="mailto:pnyambura@ict.go.ke" target="_blank">pnyambura@ict.go.ke</a><br>
<br>Visit: <a href="http://www.ict.go.ke/" target="_blank">www.ict.go.ke</a><span style="padding-right:16px;width:16px;min-height:16px"></span><span style="padding-right:16px;width:16px;min-height:16px"></span><br>
Become a fan: <a href="http://www.facebook.com/kenyaictboard" target="_blank">www.facebook.com/kenyaictboard</a><span style="padding-right:16px;width:16px;min-height:16px"></span><span style="padding-right:16px;width:16px;min-height:16px"></span><br>
Follow us on twitter: @kenyaICTboard<br>---------------------<br><b>Our Vision</b>: Kenya becomes a top 10 ICT hub<br><b><br>Our Mission</b>:
To champion and actively enable Kenya to adopt and exploit ICT, through
promotion of partnerships, investments and infrastructure growth for
socio economic enrichment<br>
<b><br>Our Quality Policy</b>: Kenya ICT Board is committed to
consistently deliver quality ICT services and manage projects that
support the growth of Information and Communication Technology, to
satisfy the needs and expectations of customers.<br>
Kenya ICT Board shall comply with all requirements and continually
improve the effectiveness of the Quality Management System. Kenya ICT
Board leadership shall establish and review quality objectives in line
with this policy and ensure commitment of all employees.
<br></div></div><div>_______________________________________________<br>
kictanet mailing list<br>
<a href="mailto:kictanet@lists.kictanet.or.ke" target="_blank">kictanet@lists.kictanet.or.ke</a><br>
<a href="https://lists.kictanet.or.ke/mailman/listinfo/kictanet" target="_blank">https://lists.kictanet.or.ke/mailman/listinfo/kictanet</a><br>
<br></div>
Unsubscribe or change your options at <a href="https://lists.kictanet.or.ke/mailman/options/kictanet/dmuthoni%40gmail.com" target="_blank">https://lists.kictanet.or.ke/mailman/options/kictanet/dmuthoni%40gmail.com</a><div>
<br>
<br>
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.<br>
<br>
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.<br>
</div></blockquote></div><span><font color="#888888"><br><br clear="all"><div><br></div>-- <br>Muthoni<br><br>My Blog: <a href="http://rugongo.blogspot.com/" target="_blank">http://rugongo.blogspot.com/</a><br>
--------------------------------------------<br>
Mahatma Gandhi once said:-<br>
<br>First they ignore you,<br>Then they laugh at you,<br>Then they fight you,<br>AND THEN YOU WIN!!!
</font></span></div>
<br>_______________________________________________<br>
kictanet mailing list<br>
<a href="mailto:kictanet@lists.kictanet.or.ke" target="_blank">kictanet@lists.kictanet.or.ke</a><br>
<a href="https://lists.kictanet.or.ke/mailman/listinfo/kictanet" target="_blank">https://lists.kictanet.or.ke/mailman/listinfo/kictanet</a><br>
<br>
Unsubscribe or change your options at <a href="https://lists.kictanet.or.ke/mailman/options/kictanet/ikua.evans%40gmail.com" target="_blank">https://lists.kictanet.or.ke/mailman/options/kictanet/ikua.evans%40gmail.com</a><br>
<br>
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.<br>
<br>
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.<br>
</blockquote></div><br><br clear="all"><br>-- <br><b>----------------------------------------------------<br>Kind Regards,<br>Evans Ikua,</b><br><a href="http://lanetconsulting.com" target="_blank">lanetconsulting.com</a>,<br>
<a href="http://lpi-eastafrica.org" target="_blank">lpi-eastafrica.org</a>,<br><a href="http://ict-innovation.fossfa.net" target="_blank">ict-innovation.fossfa.net</a>,<br>Skype: @ikuae<br>Cell: +254-722-955831<br>
<br>_______________________________________________<br>
kictanet mailing list<br>
<a href="mailto:kictanet@lists.kictanet.or.ke" target="_blank">kictanet@lists.kictanet.or.ke</a><br>
<a href="https://lists.kictanet.or.ke/mailman/listinfo/kictanet" target="_blank">https://lists.kictanet.or.ke/mailman/listinfo/kictanet</a><br>
<br>
Unsubscribe or change your options at <a href="https://lists.kictanet.or.ke/mailman/options/kictanet/murigi.muraya%40gmail.com" target="_blank">https://lists.kictanet.or.ke/mailman/options/kictanet/murigi.muraya%40gmail.com</a><br>
<br>
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.<br>
<br>
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.<br>
</blockquote></div>