cybersecurity Opinion Article

The Not So Digital Frustrations!

Written by Said Zazai

Nothing is more frustrating than browsing the internet in Afghanistan, oh wait maybe driving on the roads of Kabul city is more exasperating, or electricity that goes off for half the day or standing in the queue at a bank where the tellers often remind me of Zootopia’s Sloth character. But you got my point, for knowledge workers who rely heavily on the information that they are seeking on that one particular website that is inaccessible; browsing experience, internet speed, censorship and outdated data on the website are some of the real energy drainers besides getting distracted by social media. A few days ago, I was reading an article where it said that on average a social media addict gets distracted every 11 minutes and then it takes her/him 20/25 minutes to get back on track. In Afghanistan, government websites are so unreliable and so often inaccessible that it takes you days to get back into the rhythm of whatever you were trying to do on that website.

In the recent past Afghan ministry websites are hacked on a number of times and most of them not once but more twice or more times in a single month. The National Defense Security (NDS) website was hacked last month, Ministry of Communications and IT (MCIT) website was hacked on a number of times and just last night Afghan Telecom Regulatory Authority (ATRA)’s website was pulled down by hackers. Interestingly these government agencies are reluctant on sharing information about the cause of the cyber-attack, let alone sharing information on the damage that might have been caused by the intrusion to that institution.

To add up to the frustration their email system is so unreliable that often times your email that you sent to a government official bounces back the next day. To tackle this problem most officials prefer using their private Gmail and Yahoo email addresses for official use. Well, why not, this gives them a legitimate reason to take all organizational knowledge home with them and when they leave that organization they are still in communication with all the contacts that they have established during their service time.

So where is the problem and who is going to fix this? The way I see it is that it is not an entirely technical problem neither it is entirely a management problem nor it is political only. But it’s a combination of all of them.

The current Content Management System (CMS) was purchased years ago and is being maintained through a service contract by a contractor. But this CMS has a number of technical vulnerabilities that cannot be fixed by patches, plugins and software updates. These vulnerabilities are so common and so widely discussed over the web that any novice hacker can manage to pull a website down at least.

So the first and foremost thing is to upgrade the CMS!

There is only one CMS system used throughout the government. All government ministries and agencies use the same CMS and the same layout hosted at the National Data Center (NDC), which has lots of technical and management problems on its own; Outdated software, end-of-life hardware, capacity overload, lack of Network Operations Center (NOC), lack of resources, lack of senior management understanding of the problem and that too because of the lack of competence of management of the NDC. According to NDC management the capacity of the servers have overloaded to 99%, which sometimes does not even need a hacker to bring it down, it just crashes on its own. The NDC does not provide SSL encryption to any of its client. Meaning all web and email transactions are communicated in plain text and the management were highly uncooperative when I, as a client, requested them for SSL encryption.

There’s technical, management and political asynchrony that leads to the frustration of the users and the general public.

So what is it that people do when websites are down and public information about previous, running and future public projects are required? Where do you find tender related information, new job announcements, contact information and other time sensitive information? Well, usually people go and befriend government senior officials on facebook. Oh yes, all of them are pretty available and active on facebook. No not just managers and directors, you will find all the general directors, deputy ministers and ministers posting their daily schedule on facebook (classified and unclassified information is not categorized here). So the general perception about technology is that you “must have” facebook and that it should be used for the general public, email is only for close friends, and twitter is cool but ‘I don’t know how to use it, I heard all the big stars are there; Messi, Shahrukh  Khan, Tom Cruise and Adele’. But what they don’t know is that Adele does not have access to her own twitter account. Her publicists won’t allow her to have her own twitter account password. So next time when a government website is down, send a friend request to the relevant minister or deputy minister and they will be happy to help, who cares about a website anymore? That is so old school!

About the author

Said Zazai

4 Comments

  • Nice writing sir. it’s true that their websites are outdated and down all the time.. but what will be the real solution to all this? yeah they aren’t looking after it because it just old school for them.

  • Yaqoob Zazai thank you for commenting here. I was being sarcastic when I said that they consider websites as old school. I think the leadership at MCIT or ATRA or any other government agency do not have the strategic understanding of the value that technology can provide them. When it comes to public service delivery nothing has been as successful and valuable than having a website that provides all information and is available 99.9% of the time. No other technology whether its phone or smartphone apps or anything new out there has been able to replace websites and traditional email system. The fact that our government offices use facebook shows that they have no strategy on the use of technology, they have not developed policies on how to communicate with the public. They are on facebook and not on their own official websites and emails because they are lazy and have no understanding of keeping ‘work’ separate from ‘fun’. Our first and foremost solution would be that we find people in the top leadership who understand the value of IT whether they are in agriculture, health, education, defense or any other sector.

    • By utilizing a reliable technology detector on the web, you can determine that their entire CMS is built and hosted using Microsoft products and technologies, namely, ASP.Net, IIS Web Server, and Windows Server. Microsoft products are famous for security vulnerabilities compared to other vendors’ products or open source products. It is a ridiculous idea to host your multisite CMS on a Windows Server. Of course, the rationale behind all of this is that the majority of Afghan IT professionals are Microsoft sheep. The Afghan job market is so Microsoft-oriented that job seekers have no choice but to learn only Microsoft products.

      Why not host their web servers on Linux? why not use Java or Ruby on Rails for web and enterprise applications? why not use PostgreSQL or Oracle Database? Why not base governmental websites on WordPress or Drupal which are maintained by a community of thousands, and security problems are swiftly addressed when they arise? This not only saves millions of dollars for the government, but also provides the opportunity for Afghan IT professionals who want to pursue careers in open source technologies.

      Despite what technologies are used for the current governmental websites, there are many web design and development principles and philosophies that are not present such as accessibility, typography, compatibility, scalability, and many others. This is probably due to the extremely incompetent and amateur technical people that owns the system.

  • Muqdas thanks for sharing your valuable opinion. Most of the contracts and jobs are entirely given on personal relationships basis. I personally know some stories in the government which are horrific and has proven to be devastating. The top leadership are very self-centered and are either private business oriented or campaign for their next higher level public office seat. The engineers are unfortunately not capable of managing the systems, not because of their inability but because of the inability of the top leadership or middle management not allowing them to grow and develop their skills. Most of the directors, general directors and other senior management travel to almost every country on the globe and come back with nothing but their empty brains.

    Now the question of why are they not using linux or drupal or other widely used open source or corporate enterprise application? well because the leadership doesn’t show that commitment. They only do what they are dictated by the donor organizations. They only work on things where the money is flowing. A 5 year world bank funded e-government will collapse at the end of the 5th year, a 2 year USAID funded entrepreneurship program will not stand a chance to sustain in the 3rd year. The leadership have no vision, no strategy and no commitment to develop a sustainable and self-capable information systems.

Leave a Reply