Kenic has a new CEO….. 7th in 7 years…

Abdalla Omari is the new Kenic CEO.  At this point I will stop counting coz it means the annual tradition of the board is; lets get a new CEO.

Usually, when people join new organisations, they are asked what they will do to improve the status of the organisation. I imagined these are some of the questions Omari had to answer.

I know I ask some annoying questions that at times people choose to ignore, like the immediate former CEO did. So I just copy pasted the questions, which mainly dealt with growing the registry, stability and resilience.

He gave me one of those answers you give when you want to put people off, like when they bother you too much. Here is the response;

“We are currently in the process of reviewing our Strategic plan. The Strategic Plan review will capture the intended strategies on marketing and price sensitivity challenges which you have raised. The moment the SP document is finalized, we will publish it on our website for all the stake holders to read.
 
I have studied our Technical report on downtime, and seen the latest downtime was in August 2014, after a period of over one year (that is Sept 2013). We are finalizing the process of setting up 3 redundant sites to address any future challenge of the same. This project should be complete in the next 2 weeks.”

Either the guy has no idea. I don’t get how the review of a strategic plan has anything to do with your leadership skills of steering a registry. How will you help that plan if you have no experience in running registry operations? I get it, I am told you don’t need to understand how to run a registry to make it efficient and sustainable; apparently even a farmer can run a ccTLD.

So, who is Abdalla Omari? Here is the CV….

“EDUCATION:

-       M.B.A- Maseno University

-       Bachelors In Management and Leadership- University of Free State, South Africa

-       C.P.A part three

-       Currently pursuing a PhD in Business Management

EXPERINCE:

I have been a General Manager for Avtech Systems Ltd, for around 5 years, before joining KENIC. Avtech Systems Ltd (www.avtechsystems.co.ke), is an ICT based organization which specializes in Electronic Security, Video Conferencing facility set up, Broadcasting Station setup, and audio vision solutions.

During my tenure at Avtech Systems, the organization was among the Top100 finalists competition, for a straight 3 years. KPMG consultants and Nation Media group moderate this competition. In the Top 100 competition of 2012, Avtech System was number one, in the ICT category.

I have also been a Finance Manager for a manufacturing industry called Dimensional Structures Ltd, and a senior accountant for a leading travel organization called, Charleston Travel Limited/fcmtravel (www.fcmtravel.co.ke).

My experienced is wide from Management/leadership, accounting, finance and auditing”

And the story continues…

ICANN to host its regional talkshop in Nairobi next month

The Internet Corporation for Assigned Names and Numbers (ICANN) is set to host a talkshop next month. Why do I call it a talkshop? Because ICANN hasn’t held such a meeting to address key issues affecting Africa stake holders, they just dance around issues of Internet Governance.

If you are new to ICANN, you can read more about it here 

Let us first look at some of the issues the conference will be addressing next month. Here is what I got from their comms department.

“We will be hosting a panel on “Sustaining the power of Global Internet for transformative economic growth” based on the findings of the Boston Consulting Group (BCG) report commissioned by us on sources of e-Friction for the internet economy.  The meeting will focus on two main subject matters:

  • Introduce ICANN to the two business groups invited and display the different avenues for participating in ICANN and possibly IG going forward
  • Highlight the DNS industry as a business and motivate new and potential registrars be seek ICANN accreditation

Present will be a mixture of stakeholders from private business sectors, government officials and media, where avenues of collaboration and participation will be discussed.  Invitations are yet to be sent out. I hope you can make it.  The main speaker will be Chris Mondini, VP Stakeholder Engagement in N. America & Global Business, and will be joined by leading company executives to be announced at a later time. ”

Now, for those who may know Africa’s issues at ICANN, you will know that relegation of African domains is one of the key issues and has been dragging for ages. Redelegation is the process where a country gets back the operations of its country code Top Level Domain, like the way KENIC is in charge of .ke.

So, before we get to issues of Internet Governance, what is the status of redelegations?

“Re delegations have been a concern for close to 10 African countries in the last three years. We did have successful relegation in a few of them so far,  including : Mali, Botswana; Gabon;..Currently pending are Togo, Uganda, Guinea Bissau,Mauritius, Namibia (the worst scenario so far) , Zambia, and Cameroon.Some of the delay is due to incomplete submission of request or an ignorance of the IANA procedures by some requestors.”

So, for years, ICANN has known that countries have a problem or are ignorant on IANA rules, so, why not hold a conference on how to deal with IANA or address some of their problems? Why is it so easy to discuss IGF matters while for years, you can’t deal with relegation or at least pretend to care and hold a panel on how to answer those IANA questions. First, that IANA website can be a maze.

Most of the operational registries are manual

It is no contest that when it comes to tech, Africa adopts last. That is why the domain name business is still lagging behind. That is why you wonder, if most registries are stymied by manual operations, why are they discussing IGF matters, shouldn’t the priority be those ICANN experts to help with this? Yes, countries have a right to help, but if ICANN is to act like it cares about Africa, then let it do a better job at it.

There will be an argument that there is the annual DNS forum and the current training on DNSSEC, if the operations are manual, how does this help? It is like going to talk cyber security and benefits of e-commerce to a community that has no access to computers or the internet, what is priority?

ICANN even has a training scheduled on root zone signing, in a continent struggling with redelegations and manual operations. Here is what they have to say:

“One of the flagship projects in the Africa Strategy is Promoting DNSSEC adoption in Africa and to this effect we have already conducted 8 DNSSEC trainings in 8 countries in Africa, Kenya Included. In FY15, we have budgeted for another 5 countries. So, the DNSSEC Roadshow is about capacity building on the DNS security  which include 1)awareness building at country (cctld) level, 2) Training on DNS security an 3) Country root zone signing.”

L-root copies in Africa

If there is one thing about ICANN that has somehow worked, I think its the L-root copies. Maybe its because they partnered with AFRINIC, or maybe its because the L-root doesn’t require the country to have an IXP, just the telco is enough. I say somehow because if you ask me, most telcos in Africa should have it but again, the legal department at ICANN takes its time.

“As of today we are processing a number of L-Root requests (4) to add to the ones we have in Africa (9) ; Some of the delay depends on the necessary  due diligence to be conducted by  Legal department.”

For a continent where telcos are the major ISPs, the copies should be much more. Root server copies contribute to the resilience of the internet in a country. I will probably get a chance with AFRINIC to understand the actual hold up for these process.

So, do you still think our priorities are in IGF issues? Yes, when it comes to politics between ICANN and the ITU, ICANN will need countries on its side.

But does ICANN seriously have the issues of the continent at heart? Do they understand the priorities? Do we understand what ICANN means with its Africa Strategy?

Can you imagine if the current merry-go round about .africa happened to .EU or .asia? Or any domain that China or Russia have an interest in? Do you think ICANN would hide under their rules the way they are doing now?

Somehow I thought Fadi Chehade would be different as ICANN president, I remember listening to him talk about Africa when he was appointed and I thought, “this guy is too good to be true” years later I am looking at it and thinking, “this guy maybe all about talk, policy papers and nothing practical.”

He still has time to deliver whatever but if you are going to be concerned about Africa, start with the priorities!

//

 

Govt should centralise to improve security

In the last two weeks, a group calling itself Anonymous Kenya has terrorized government folks by hacking social media accounts belonging to Kenya Defence Forces, their spokesperson and the deputy president.

The response from government folks was just laughable. Just watch this KTN interview with Evans Kahuthu, the guy tasked with Information Security at the ICT Authority.  It was the week that the accounts were hacked, exposing the governments behinds and this guy dances on the fence with jibber jabber….. he didn’t say anything and the presenters/interviewers….well, that warrants a post on its own. I spoke to Evans later and he explained his challenges, off the record, but still, as an info sec rep in a government, this guy should have more teeth. Who should give him the teeth? Read on…

A lot has been said in the media and a lot of that is available online. But beyond all that, I thought it was better to look at the root causes, other than the symptoms.

When you talk to many folks in the ICT industry, a common theme that is emerging is the fragmentation of government ICT functions; yes the ICT Authority is supposed to be the more consolidated arm, but does it have all the powers? Listen to Evans and you will get it.

BtZtCDLIAAAOVkO

 

 

1. ICT Authority

When e-gov, GITs and the ICT Board merged to form the ICTA, the idea was that all govt functions would be consolidated into one major body that can now advise government and the county ICT reps on the technology directions. Now, I could go on and on but one key thing was that when the hackings happened, even the guys at ICTA weren’t aware of the passwords or who operates what.

It was clear that there was no audit or a centralised doc that can tell you the ICT hardware (servers, laptops etc), Software – think of all money paid to Oracle by government, and the attendant passwords. So when you say, why were we not Secure? Govt folks might ask, didn’t we invest in new locks?

2. Itumbi and his team

There is something about a duel between young and old people. The old guard thinks experience trumps technology, the young think the dinosaurs are hogging power and do not know what they are talking about. Itumbi and his digital team, are in charge or operate the social media accounts. They know their stuff and no one will tell them anything.

I asked whether the ICTA and team Itumbi have ever sat in a room together and I couldn’t get straight answers, so I assumed the answer was no.

So, the ICTA is in charge of ICT direction in this country but do they give advise or direction to team Itumbi? Whether they like it or not, its government security and it matters.

I am not sure what security precaution team Itumbi takes  but clearly, more synergy is needed at least not to have the Deputy President’s personal number exposed. There is no big deal but probably some people will add him to their Whatsapp group on neighbourhood security or something.

3. The Communications Authority

Now, the CAK is the big boy. You know the guy or girl in your school who would threaten or take your piece of bread in high school, yet they have theirs? Well, CAK insist that it can handle all matters tech in the country, even when its clear that that they should handle only policy stuff.

The CAK has been in a tug of war with ICTA to own the Cyber security master plan and the numerous master plans and road maps that this government has specialised in. It has been clear that they can’t handle. Why?

 

KECIRT

Picture this; in May 2012, a group that maybe the now anonymous Kenya set up KE-CIRT twitter account, which has the ca.go.ke as their contact and has been tweeting on tech matters. After the hacks, the account was used to spew disparaging remarks and push the buttons of Anonymous group.

Do you think a government body would be spoiling for a fight with anonymous given the situation?

When I asked the folks at CAK, they said that thats not them bla bla but you are the custodian of KE-CIRT, how would you not know of an account operating in your name, now masquerading as the government body? From 2012? There has been no attempt to at least lock your accounts to avoid squatting?

You can imagine the commotion and phone calls as people tried to find out who was KE-CIRT and others saying how they are helpless and can only depend on Twitter Inc to help.

It is clear that something needs to happen, I don’t have all the answers but something needs to happen now..

:) and the crowd say…….. we have heard that before!

 

KECIRT 2

 

//

Kenic has a new CEO

Kenic, the organisation tasked with managing the .ke domain, has a new CEO. Who may or may not know anything about heading a registry and how to make .ke more stable and resilient. For background on Kenic, you can read more here.

Emma Marube has the difficult task of heading the troubled organisation, as the Communications Authority ponders whether to privatise the entity or retain the multistakeholder model but offer competition on the second level. For example, if someone wanted to provide .com.ke registry services, it may offer competition to .co.ke but at the same time muddle the waters.

We all wish the registry well and we hope that it will be more secure. Most people stopped complaining about perennial outages because…..what will you do? Accept and move on….

I asked for a bio, just to know more about her….. and this is what I got.

“Our acting CEO is Mrs. Emma Bokea Marube. Prior to the appointment, she has been KeNIC’s Finance and Planning Manager. She holds a Bachelor of Business Management (Finance and Banking) and CPA. (K) Emma has also headed Finance and Accounting in several organisations.”
I followed it up with questions on what she had in store for us and how she is planning to steer the registry to prestige and envy that it once enjoyed in Africa ICT circles.
I got no response.
So we can assume that the new CEO knows or doesn’t know what she is doing. Kenic board has the reputation of hiring people who have no clue about running a registry, so I wasn’t exactly surprised when I got no comment.
We can also assume that she is moonlighting….. if this bio on this site is to be believed.
Marube
Moving on…..
The registry now has 76 registrars, holding domains from 27 as the lowest to 4186 currently held by Safaricom and 4788 held by EAC Directory. The desire for lower costs has seen Safaricom selling the domain at sh 500, which includes hosting. Others are selling the domain for as high as sh 3000 per year.
Ends

Cyber Security report by TESPOK, Serianu is just shoddy

Last year, was the first time I read the Cyber Security report by TESPOK and Serianu, a security company. I remember thinking “why is this report so hollow?” but I thought it was because it was the first year and they didn’t have the materials.

You can imagine the question I asked this time round, when I read this report on TESPOK website. You can read my story for the IT World.

So, what are my issues with the report?

1. Shoddy, sketchy work

If you read the report, the point where you find the statistics, is the honey pot side, which is a security system put in place at TESPOK to capture data from all the ISPs peering or exchanging content at the Kenya Internet Exchange Point.

If you read the other information on areas such as banking, the data is devoid of any statistics or any information that can add value. They may just as well have given this desk research to a journalist and they probably would have come up with a better write up.

The intro is written by a guy from Equity bank, who could at least have alluded to all the fraud and security issues that security experts say Equity Bank is vulnerable to. Not to admit but all that marketing rubbish of how they have the systems in place, even though we know it is a lie.

Some of that info may not be disclosed by if you are security experts, you will have insiders who will indicate how much, say, every bank or at least the major banks are losing to cyber threats.

In short, that report could have been consolidated by the folks at TESPOK, either they are just lazy or they feel that partnering with Serianu given TESPOK more credibility, its an industry body, they needed Serianu to just compile?

 

2. Advertising for Serianu

If you read the report, it has several pages advertising what Serianu does and very minimal or none of what TESPOK does. Again, I ask, who needed who? If TESPOK just needed to advertise Serianu, don’t call it research, call it an advertorial or white paper or something.

 

3. Naming and shaming ISPs

The report talks about ISPs that are prone to malware, again, this is from the Honey pot. The report names the 20 ISPs but doesn’t give their names. When will they ever learn if the information is hidden?

I know that exposing an ISP’s cybersecurity vulnerability affects its bottom line but they will improve if consumers are able to know which ISPs are most secure. Its more like touting yourself as a researcher in media and corruption, then instead of naming the most corrupt media houses, you just give us number one to ten then present the percentages, how does that help us?

Yes, ISPs are members of TESPOK and do not want to be shamed but if you want the ISPs to take the research seriously, then name them, make use of the honey pot and forget these essays that we can google and download.

The closest I got to identifying the ISPs was in the publication of AS numbers for the IPs considered lethal. With the AS numbers I identified Access Kenya, JTL, Safaricom, among others as the culprits.

 

4. Role of KE CERT

I think the best statement was towards the end, when the report says there is a need for a strong CERT in Kenya, this was like a kick to the CCK and their dismal efforts, which you can read on their website.

 

Of course this is just my opinion…….you can read the report and be the judge.

Women in Private sector businesses, what do we need?

Last year, I attended the Women in Construction dinner. You guessed right, women shared stories of struggle to belong, get business or just get the right to sit on the table in big construction business.

The stories went on and on but there were success stories of women who started from the trenches and hacked it somehow.  Just like in normal business, for every successful one, there are several that tried and couldn’t survive the first year.

For the construction industry, getting to sit on the table is far more important to ensure you get the business. For instance, if one was to construct, they go to an architect who is also the project manager, who brings all the other teams; the contractor, electrical and mechanical engineer, structural engineer, quantity surveyor and the telecoms engineers among others. If you are on the architect’s radar, then they will consult you when drawing the bill of quantities and the designs, which means that if the project goes through, then you get it. Those are just details but important nevertheless.

In that dinner, there was a government rep that said that women owned companies should get work of clearing bushes in road projects. He got booed with people wondering whether women can’t handle big engineering stuff. For me, even clearing bushes is a great start and you need low level education and that sector is dying to get something to do.

These stories can be heard from the 27 percent women owned businesses in Sub Saharan Africa and across the globe. You can read more global stats from this World Bank Post.

That was last year.

Last month, the Connected Government Summit had a Fireside Chat on women and I had a chance to congratulate Eunice Kariuki on this development because it was time we started this conversation in tech. There is need for more tech business owners and if there is a way more women can get in, the better.

There is no dispute that growing women in business increases employment and women are known to be better managers. You can read some insights on how and who supports women in business.

For the women in tech, there is need to get beyond the text book and learn from the men;

  1. Support each other- men will meet over drinks and will discuss upcoming projects and in the process will explain procedures on what to do to get it. Doesn’t mean you will get it but there is insider information, which is key. Some of the insider info helps in determining to move on because the project is taken.
  2. Not all support or help amounts to corruption. Yes, women in leadership positions like to pontificate a lot but I wish there is a course on what help amounts to holding my hand and what amounts to corruption. For some, even advising you on procedure on what to do or what makes you fail in tenders is frowned upon. Maybe you don’t have this or that certification, but they won’t even say that. For the men, they will gladly tell you.
  3. Having women as mentors. Once in a while, I like to sit on the feet of some who have made it in the business and seek knowledge. Tow months ago, I got very vital advise that changed my two year business strategy. I mean real advise on real cases. This helps businesses grow. Of course, women must also realise who can or can’t help; some can’t mentor you because they want to always be the only ones and will step on your head just to rise above you. That is life.
  4. Progress the debate. I think we need to move to the next level and think what else we can do apart from talk. We need to do or find strategies to get it done.

In short, we need more women in the private sector business and we definitely need to prop each other. I think I have been lucky to get a lot of support from women older than me in both informal and formal sectors.

This matter is so important that McKinsey has a quarterly report, you can find it here.

 

 

 

Update: Liquid Telecom gets internet working

After a day of internet not working, Liquid Telecom got the internet up and running. There are about 400 people with more than one gadget, which probably makes the hitches understandable.

I bumped into Paul Statham, Chief Commercial Officer at Connected and I promised to do an update; that the internet is now working.

 

Oracle, Dimension Data, govt contracts and the great wall of silence

For those who have been following the tech sector closely, you will know that there is a lot of money floating around for big projects. The only challenge is that very few projects go to local companies; you can cite the common excuses given, lack of capacity, financial backing, etc

This means that most of these projects are deployed by big international corporations. One of the contract requirements is that these companies must transfer skills etc etc… we all know how it goes.

Oracle

Let us take the example of IFMIS I wonder how many people remember what exactly it does. Well, read it here . This project is using Oracle. Apparently government paid for 14 modules and only three or four have been implemented. The project started in 1998.

Apart from that, it is said that the government has spent about Ksh 100 million on Oracle licenses across the various government ministries. Just calculate the amount of money paid in licenses annually.

That is why, in my estimation, the greatest winner in the whole government digitisation favours Oracle because the government can not afford to vote away from the investment.

So, is Oracle happy at the continued support that it will receive from government going forward? I caught up with Gilbert Saggia, head of Oracle in Kenya and asked for just five minutes.

“I can not talk in the absence of my PR person, maybe we can do this tomorrow?”

Well, companies have rules and regulations but I haven’t seen him or got a reply to my email, so we assume that was the answer he wanted me to have.

Dimension Data

Three years ago, Dimension Data won the tender to implement Unified Communications within government. It is a way for government to stop using landlines and reduce the communication costs.

I have not gotten the actual costs, some people privy to the tender say it was $16 million while others insist it was about $30 million. Take your pick.

I tried to get a response from Dimension Data and this is what I got.

DiData

 

ICTA position

I asked Victor Kyalo, ICTA CEO, on why the DD project had to take so long and he explained that political changes, building preparedness etc meant that only two government ministries are interconnected.

The project is expected to be completed soon :)

My question

Why do international companies decline to answer questions on these tenders? Is it:

a) That because government is a client, they have to be the ones to comment, so who are you to comment? Thats if you want more biz.

b) The companies do not want to be associated with failed/stalled/lengthy (insert yours) ongoing projects?

c) They are there for the money and do not care whatever happens to the project, they sold whatever they were selling, they earn from annual support and licenses and anything you would like to ask is none of their business.

It is what it is :)

Of Journalists, press conference and political pressure

Yesterday, the first day of Connected Summit, there was a press conference attended by Info Com PS Joseph Tiampati, ICTA CEO Victor Kyalo, Andrew Waititu, SAP CEO and Edwin Yinda, ICTA Board chair.

This was a routine press conference. If anything, the CS had not arrived and it looked like the only big story would be the affirmation and details of a previous announcement by Deputy President William Ruto that Kenya will have third generation ID cards.

The journalists went on with the usual questions and one sought clarification on the actual cost, Tiampati clearly indicated that the cost would range from 5 to 8 billion Kenya shillings, this was on record, tv, radio etc.

Just like it was a routing press conference, this was a routine story.

Well, that was until Capital Fm was the first to run the story, on radio, online and through text service. That was the time the political pressure kicked in. Apparently, the figures were discussed in a closed door meeting and Tiampati was not supposed to disclose.

And Ruto/his office/his handlers were pissed!

Calls started going into newsroom bosses, demanding a correction, even before the story ran. The issue was that the figures were wrong, it will not cost that much, etc… For the journalists on the ground, they could only stand their ground because there is no way ten journalists with radio and TV clips can be wrong.

In retrospect, you can understand Tiampati, he is the technical guy, he probably sat in those meetings that decided on these figures. He probably has not been briefed on how to doge journalists questions and saturate press conferences with philosophical and abstract BS.

For tech journalists looking for stories, this is the guy to talk to….he will give you a story :) probably anytime :)

Anyway, it was a nice last minute run around for the guys handling PR for Connected Summit.

Here is the correction/clarification sent late in the evening.

“Government to begin digitization of all persons

 The National Digital Registration Exercise targets to establish clean data set registers for all people, establishments, land and assets.

The entire exercise covering all the four data sets budget will be firmed up as soon as design and logistics are finalized (this is still work in progress).

The people registry which is the immediate exercise will target to clean up especially the 0-17 years old records. Details to be captured for those between 12 and above will be to ensure clean data for planning and socio-economic use.

This will be across all the different data users in Government and the private sector who rely on data for their operations.  Effectively through economies of scale this will lead to lower costs and efficiencies across the board.”

:)

ICT Authority to have a desk for ICT related work permits

For the last year or so, the immigration officials have been camping at “tech start up” hotspots, seeking to weed out illegal workers or in other words those with no work permits.

This has been frustrating to “expats” who have maintained that Kenya has no tech capacity etc. I am sure you have read stories of how people can not find appropriate hardware such as key boards, mouse, etc in Kenya.

It seems Fred Matiangi, Info Comm Cabinet Secretary will give the expats a reprieve in the work permit application process.

Since Jane Waikenda took over at Nyayo house, she had a policy of employing stringent measures especially in areas where such capacity is available locally. This didn’t go down well for some ICT companies bringing in unemployed westerners in droves as “expats”. Some have argued that they would move their corporate headquarters to South Sudan or  Congo, just to protest, well, maybe Tanzania or South Africa.

Anyway, Matiangi says he has had discussions with his interior ministry CS and now ICT work permit applications will be treated differently. The ICTA will participate in the process and there will be a desk where the applicants can be helped.

This helps in the transfer of skills :)