The Computer Society of Kenya

Since 1986

IEBCdatapicDAILY NATION By PATRICK LANG'AT

Thursday July 13 2017

The electoral agency has set up a state-of-the-art data centre and a disaster recovery site for the August 8 elections.

This followed recommendations by the audit firm KPMG and the agency’s own mechanisms from 2015 to ensure integrity of election data.

“The findings of the audit were not a surprise, given that in 2015 the commission had already identified some of the shortcomings that required strategic interventions to ensure security, integrity and availability of critical data held by the commission,” Mr Wafula Chebukati, the Independent Electoral and Boundaries Commission (IEBC) chairman, said in a statement Thursday.

VOTER REGISTER
IEBC did not give the location of the centres but it had already closed to the public Bomas of Kenya and gazetted it as the National Tallying Centre for the August 8 General Election.

“What will be uploaded from the polling stations and constituencies to our systems is what people will see at the Bomas of Kenya, with absolutely no intervention in between,” commissioner Roselyne Akombe had said in a television interview on Monday.

Thursday’s statement followed publication of the full report of the voter register audit, which revealed glaring gaps in data security at IEBC.

They include lack of a disaster recovery site, which the auditors cited as a great risk to the polls.

SERVER ROOM
The data centre at IEBC headquarters had an unreliable uninterrupted power supply (UPS) and a faulty fire alarm system that had not been serviced since September 2015.

The centre’s air conditioning system had failed, with temperatures in excess of 25 degrees Celsius recorded, a small but extremely critical consideration in a server room.

Mr Chebukati however said the challenges had been addressed by the data centre and recovery site.

SECURITY

He said IEBC had tightened security of databases for its critical data, retained the services of firms to provide technical support in data security throughout the election and forged and enhanced partnerships with key players in the ICT security field.

The report, which KPMG submitted last month but was only made public in its entirety on Tuesday night, said the register was susceptible to cyber attacks due to lack of preventive measures.

BACK-UP

It also faulted IEBC’s use of tapes for back-up.

“In the event that back-up tapes were to be destroyed at Head Office, the commission’s ability to recover critical voter registration data will be impaired due to lack of redundancy,” KPMG said.

“There are no detached premises where these back-ups can be restored and tested.”

VOTERS
KPMG also flagged two active default administrator accounts whose passwords had not been changed.

“This significantly increases the risk of unauthorised access to the register of voters,” the auditor said and added that in the last mass voter registration, when IEBC transferred 78 per cent of its enrolment manually, the agency reported that some applications were missing due to the manual transfers.

To prevent the dead from voting — a question the Opposition has posed several times — the auditors called for strict use of biometric voter identification on polling day.

Share this page