The Government Internet eXchange Point (GIXP) will allow government ministries and agencies to peer -- connect directly without going through third parties -- ensuring that the contents are not exposed to malicious hackers, data miners and eavesdroppers, among other security threats.
"The government has concerns about security and privacy; the concerns are well-founded and GIXP will create a sense of control and security," said Michuki Mwangi, general manager at Kenya Internet eXchange Point (KIXP).
Government ministries, agencies and ISPs (Internet service providers) have been peering at the KIXP, which is operated under a public-private partnership. However, there have been concerns that information from security agencies and the Kenya Revenue Authority has been passing through infrastructure that the government has no tight control over.
"Managing secure information during transit is one of the most difficult tasks to implement and maintain effectively," said Alkesh Soneji, Kenya country manager for Cyberoam, a security product company. "In the current network-centric business the challenges are about validating a person’s identity, control[ling] access, and maintain[ing] integrity and privacy of data."
But the government has downplayed the security concerns, arguing that GIXP is motivated by the need by the government to set the pace in ICT infrastructure investment and to attract international investors.
"Investing in GIXP will demonstrate the government is serious about data protection and integrity; this is a major concern for major investors in business process outsourcing," said Bitange Ndemo, permanent secretary in the Ministry of Information and Communication.
The exchange point will also peer at the KIXP, and the Communications Commission of Kenya will be given the task of ensuring smooth operations. There are no details on whether CCK will put in place security features such as deep packet inspection or whether the government will develop its own data encryption.
KIXP's Mwangi feels that if GIXP is what the government needs to accelerate the e-government process, then it is a worthwhile investment for everybody in Kenya. However, he cautions that security has to be considered in tandem with other investments in ICT.
Security comes after the infrastructure is in place and human resources are trained, added Mwangi. Having a peering point will not shield them from any potential security problems if other aspects are not well taken care of.
The majority of security problems come from within an organization, rather than from external sources,said Tyrus Kamau, a security consultant based in Nairobi. "The government should realize that building walls and fences needs to be backed by internal security mechanisms,"Kamau said.
Apart from the security guarantee that the government will give to investors and the public, Ndemo says, GIXP will provide redundancy to KIXP and vice versa, ensuring that forms and other communications submitted online to government agencies are well-protected.