The Standard Group Plc is a multi-media organization with investments in media platforms spanning newspaper print operations, television, radio broadcasting, digital and online services. The Standard Group is recognized as a leading multi-media house in Kenya with a key influence in matters of national and international interest.

Standard Group Plc HQ Office,
The Standard Group Center,Mombasa Road.
P.O Box 30080-00100,Nairobi, Kenya.
Telephone number: 0203222111, 0719012111
Email: [email protected]

NEWS & CURRENT AFFAIRS

The Nairobian

Alarm as hackers take down crucial State websites

Sci & Tech

By Frankline Sunday | Jun 04, 2019

Attacks, including one on the crucial State’s IFMIS payments system, raise questions on the security of key public data.

The Government’s central payments database and 27 other websites of State agencies remained offline for several hours yesterday after hackers compromised their systems.

An attack on the State’s online portal used to pay suppliers and disburse funds to county governments - the Integrated Financial Management Information System (IFMIS) - was especially worrying, coming in the wake of repeated warnings that security and administrative flaws undermine the critical system.

Similar attacks on the websites of other key State agencies, including the National Youth Service, the Judicial Service Commission and the Energy Regulatory Commission also brought into question the safety of key public data.

The attack on IFMIS rendered the platform inaccessible for the better part of the day, with users being redirected to a page containing the logo of the KURD Electronic Team, the hackers who claim to be behind the attacks.

Keep Reading business

The hackers also claimed to have taken down the Machakos County Assembly website.

By the time of going to press, several of the websites had been restored, with the National Treasury saying the core IFMIS network had been unaffected.

“IFMIS system is up and running,” said a statement from IFMIS. “There has not been any hacking in the Government Financial System. Hackers tried to deface the IFMIS public website. The website and the system are hosted in two different physical environments.”

However, access to the IFMIS site used by government suppliers and prospective bidders to access crucial procurement information was still inaccessible by late evening.

The attacks have put the Government on the spotlight, with the National Treasury and the ICT Ministry hard pressed to explain the security lapse given previous warnings of vulnerabilities in IFMIS and generous budgetary allocations to safeguard the platform. In the 2018/2019 financial year, Treasury received Sh153 million for implementing and maintaining ICT resources, including licence renewal payments to tech giant Oracle for IFMIS as well as procurement of end-to-end connectivity for several counties.

The outage also came weeks to the close of the 2018/2019 financial year where State departments and counties are currently reconciling their payments accounts.

IFMIS was first introduced in the country in 2003 with limited modules for automation and most processes remained manual for several years. The system was then re-engineered in 2012 at a cost of Sh10 billion to include all ministries, government departments, agencies, and later counties.

Several governors, including Kirinyaga’s Anne Waiguru and her Kiambu counterpart Ferdinand Waititu recently blamed Treasury for producing conflicting reports from IFMIS that allocated State functions to county expenditure.