Please enable JavaScript to read this content.
The Government's admission that hackers infiltrated the core e-procurement system must, of necessity, raise great concern.
President Uhuru Kenyatta relaunched the Financial Management Information Systems (IFMIS) last August with great fanfare. Recently, the President publicly harangued his Principal Secretaries who were yet to migrate procurement in their respective ministries to the IFMIS platform.
Again, the Government has admitted previously that close to a third of collected revenue is lost, with a huge chunk of it being misappropriated through accounting and procurement fraud. That represents more than Sh500 million of much-needed revenue. The objective of IFMIS (which was rolled out in Government in 2005) was to increase the capacity in public resource management through transparency and accountability in procurement and payment.
But yesterday, State House admitted that for two days last month, "hackers" not only had access to IFMIS, but also authorised illegal payments. The revelation has kicked off a predictable cycle of blame game, pledges of investigation and political mud-slinging.
However, even as the CID work to uncover how a massive breach of a new secure and sensitive system was executed and as politicians on either side of the divide take advantage of this latest political fodder, it is important to take stock of what this means to the Government's handling of public monies. At all times, the State's fiduciary duty is to the taxpayers.
State House insists that no money was lost because the system was able to notice the breach and flag it before any money was moved. The line is that IFMIS flagged the "hacking" and was able to reverse the payments, thereby stemming a potential theft of hundreds of millions of shillings. Yet despite that, no one can rule out sabotage from those who had resisted the new way of doing things. A study by the University of Nairobi established that effective use of IFMIS was largely affected by sabotage and resistance. And that management support was lacking. The capacity and technical know-how was found to be low due to lack of training and the hurried implementation of the system.
Secondly, the knowledge that this is not the first time a Government system is being breached begs a more sober approach than is currently being adopted. First, it would be prudent to clarify that there was no hacking, rather that the logging-in credentials of senior officials in Government were used to get access into the IFMIS system. In which case, investigating officials will have to follow the audit trail and bring to book those found culpable. IFMIS, a customisation of Oracle's E-Business Suite, is touted as one of the world's robust integrated financial management solutions. It should be easy, therefore, to nab the wrongdoers.
Last October, hackers infiltrated prominent Government websites including the IFMIS platform, only weeks after a publicised 'revamp'. The attacks, conducted by a group calling itself Anonymous Kenya, did not stop there. The Twitter accounts belonging to Deputy President William Ruto, Kenya's Defence Forces and their spokesman Emmanuel Chirchir were also hijacked and derogatory messages posted using these accounts.
The Kenyan government has been put on the spot in the past for being exposed and not doing enough to pre-empt cyber threats. Yet it seems that information security is always an afterthought for government bureaucrats even after the decision to migrate its core functions online. To avert future breaches, it is imperative that Government systems are made tamper-proof.