Discussing security investment within Kenya govt…


The other day, the Kenya Police website was hacked and it made big news, to me it was not big news because previously, administration police website was hacked and no one seemed to care.

The debate was more heated on twitter because the hack was dedicated to the Facebook found, I found it funny but did not understand the connection. One of the tweets was from Larry Madowo, tech journalist and business anchor with NTV. Madowo tweeted that in Kenya there were no security experts, something that angered infosec gurus.

The debate about Madowo’s comments was diverted to the security list and after many exchanges of how government has invested or not invested on security, some techies asked one of them to talk to Infocom PS Bitange Ndemo and tell him that there were a few willing to volunteer their services.

What they didn’t know was that Ndemo is already a member of the list and lurks in the background. Am sure Ndemo also knows the amount of money the government has paid to external security contractors to secure the sites or not.

Read the thread and see where security in Kenya is; what happens to the amount of money allocated to security? Read on..

The guy who was asked to talk to the PS had this to say…

“Word of advise, forget about Kenyan government if you want real
business on Infosec. InterPol cant even entrust kenya-police with
information, not only on email.

InfoSec in KE right now is on Banking and Financial institutions,
International Cooperations and Orgs.”

The response was…

“You have hit the point n I agree with you 101%. I once tried but got soooo frustrated by the so called E-Ngava thing full of Bcom kids. After I shifted my attention somewhere else I can afford a bottle of champagne on my table….

Kenyan Govt has played aloof to the need of infosec. Needless to say, they pay Security companies millions and millions of shillings for even highly sensitive installations, yet the work done is very questionable.

In totality the hacking of the Kenya Police Website is merely a scratch on the surface. I wonder what the ICT Board’s take on policies and machineries surrounding Infosec.

My friend ua talking of ICT BOARD….Thats a dead lot full of corrupt heads…NO apologies..How many times have they given out the so called “..project funds..” to companies..kumbe hizo companies ni zao tu..lol ”

After the thread went on for some time, Ndemo responded

“It is not true that the Government does not want to use some of the best
brains in the country.  It is attually difficult to attract the best
brains to Government at the current salaries considering our level of
development.  Several adverts in E-Government go without serious
responses.  We cannot create a special class of salaries since it would
create discontent in the entire civil service.

Indeed we somehow use these great brains for many issues including the
current police problem.  No matter what security you have if you do not
have honest workers, it is an excercise in futility.  There is an obvious
breach of trust when someone dishes out the password.  You have seen the
damage to America when an insider decided to walk out with unauthorized

Civilization means that whatever we speak or write about anybody can be
packed by evidence.  It is therefore appalling to see claims of corruption
within the ICT Board without substantiation.  We can indeed help this
country if we point out corruption when we see it.  Similary we must be
careful in accusing someone if we have no evidence.  The damage we are
creating by making careless statements is not to the accused but the whole
country because when you travel out of this country you become Kenya’s
Ambassador. You are as good as the image of your country.  As we fight the
corruption vice, we also must potray to the world that we are dealing with
it in an honest and fair manner.  This is because corruption afflicts
every country.  The difference lies in the speed at which action is taken.

Larry’s statement was regretable because the statement went far and wide
at the time the entire world has created an image of Kenya as an emerging
ICT innovation hub.  We should take a moment to think before saying
something in this borderless world.
Discussing security investment within Kenya govt...


  1. And the article is full of grammatical and typographical errors! Please consider revising it to safeguard your journalistic reputation.

  2. We must first agree that ICT Board has no business maintaining the website of our security forces. That being the case, I also find it regrettable Ndemo’s take that they can’t pay techies top cash since it will create schisms in the Civil service. Heck, we are talking about security here for heaven’s sake!

    I believe that the Presidential Escort always draws higher rate salaries than other members of the police. Ditto Diplomatic Police. So that issue does not arise at all and its defeatist to say the least.

    What has happened in US about wikileaks does not compare to what has happened to the police website. WikiLeaks was about revealing info that the public ought to have known but was kept secret[at least in Kenya,it was a confirmation of what we had always known] So, Ndemo should drop that straw and look for another one to hang on to.

    When we have sites like StateHouse, Police, Admin Police and Finance being hacked, something is seriously wrong with out security priorities. Of all places, StateHouse? The system there should be top-notch, one that is highly encrypted and not available to each and every Jimmy, Lucy or Kagai! For starters, how does StateHouse regulate those who enter there? Do they have data-cards or what? You can get where am going to with this……..

    Next, how does Treasury manage its financial systems? How are the systems at CBK, DoD, Parliament.

    How secure are national installations and does the Telco towers feature as such strategic installations?

    What I am on here is that unless we have a comprehensive security policy on our systems, then we are doomed and these hacking will go on for a long time. Next time, you will read that CBK was hacked into and the consolidated fund emptied!

    I know that a system is only as secure as long as the techies behind it are reliable………… but if it takes paying them millions to keep that system foolproof, by the dogs of Egypt, pay them two, they are worth it!

    • Information security takes money- money that to most execs would rather be spent in other ways- one of which is to hire a physical guard to guard the computer- pun intended!!

  3. Web security ? Wait a few years we are getting a Nuke plant.(with all that sun for solar farms)

Comments are closed.