By Eliaser Ndeyanale
A United States of America cyber security consulting and software developer is threatening to sue the Namibia Institute of Pathology (NIP) N$200 million for default of payment of a cyber-security contract.
Although The Patriot could not confirm the value of the contract but documents in its possession shows that currently NIP owes NetSecurity U$136,324.50 or N$200 million at Tuesday this week’s exchange rate.
NIP entered into a three-year agreement with NetSecurity in 2017 for software subscription service, ThreatResponder® Platform in 2017 of which NIP made the first payment of U$67, 750 (N$990,776.00) on 01 January 2018.
While the second payment of N$990,776.00 was due in July 2018, that payment was not done. NetSecurity demands that it should be paid with interest.
NetSecurity also expected a payment of U$58,850 (N$860,601. 80) in January 2019 and this amount too has not been paid.
Other remaining payments are that of N$860,601.80 which is due in July 2019 and two others which are expected in January 2020 and July 2020.
According to NetSecurity website, ThreatResponder® Platform is an all-in-one threat intelligence, analytics, detection, prevention, response, and hunting platform which provides threat visibility of enterprise.
Quizzed about the matter, NIP acting chief executive officer Mecky Nghipandulwa, confirmed to The Patriot this week that the pathological service provider had awarded the United States of America based company NetSecurity a contract in 2017, but refused to shed more light saying the matter is internal.
“I don’t know how the information is getting to you but these are internal matters. So, that agreement as you rightly put it, was awarded to NetSecurity during 2017. That is all I can say for now. I have no further information to give you,” she said.
In his letter to Nghipandulwa, president and chief executive officer of NetSecurity, Inno Eroraha urged NIP to pay N$200 million before 21 February 2019 saying that if no such payment or arrangement has been made, NetSecurity would have no option but pursue legal or collection action of the full amount due to NetSecurity with all interest and fees. “This letter is to inform you that Namibia Institute of Pathology (NIP) has been in default of payment of the invoices due to NetSecurity for our ThreatResponder® Platform software subscription service.
Over the past several months, we have been in communication with Mr. (Stanley) Karuhumba. Per his last e-mail to us in which you were carbon copied, it is obvious that NIP is intentionally withholding payment due to your internal investigation, which has absolutely no bearing on our software.
While your investigation is ongoing, our software continues to protect NIP’s valuable digital assets and network-around the-clock.
Per NetSecurity’s software agreement, below is the payment schedule to which NIP agreed for ThreatResponder® Platform. All amounts shown are in United States Dollar,” Eroraha wrote in his letter which was is copied to NIP board chairperson Dr Diina Shuuluka, NIP chief financial officer Sakeus Kamati, NIP’s acting chief information and technology officer Karuhumba, NetSecurity chief financial officer Ramy William and NetSecurity legal counsel Jon Schiffrin.
Text messages sent to Eroraha were not responded to at the time of going to print after Karuhumba refused to comment on the matter saying that he needed to get authorisation from Nghipandulwa.
NIP board spokesperson Frans Kwala said that NetSecurity was given a tender without following tender procedures.
“This service provider was declined by the procurement and the then IT executive went straight to Katiti and he approved it,” he said.
In his legal opinion to Nghipandulwa, lawyer Orban Sibeya recommended for Anti-Corruption Commission (ACC) to investigate sacked NIP chief executive officer, Augustinus Katiti over the matter.
“The conduct of Mr Katiti to award the cyber security contract to NetSecurity (is) contrary to procurement processes, the minister of finance as well as the procurement committee for gratification of NetSecurity is amounts to corruption in contravention of the amount of the ACC Act.
NetSecurity was appointed through direct procurement by Mr Katiti after all members of the procurement committee of NIP disapproved and did not recommend such direct procurement. This procurement was aggravated by the conduct of Mr. Katiti and Ms. Garises who engaged NetSecurity, a service provider for NIP to investigate private matters relating to the pornographic materials and communications allegedly carried out by Mr. Katiti,” Sibeya said.
Katiti did not respond to questions sent to his mobile and e-mail at the time of going to print.
Asked about the value of the contract, Katiti said “this information is leaked to you by board members (Diina Shuuluka and Frans Kwala) and officials of NIP (Gibson Imbili and Mecky Nghipandulwa). It is therefore a redundant question since you have already the answer. He also refused to reveal whether NetSecurity is a foreign or local company and who the owners are. “I have absolutely no idea,” he said.
On the question of why cyber security software was necessary to NIP, Katiti said that NIP being a healthcare institution, is undoubtedly one of the biggest targets of cyber attackers.
“Just imagine the catastrophic and profound impact on patient care and disclosure of confidential medical information of thousands of patients in the event of a successful cyber-attack on an institution like NIP? I do not think of any logically thinking patient that would make use of the services of NIP if they were pretty well aware that NIP was completely unable to guarantee the confidentiality of patient information because of the wishes of the board of directors of NIP. It is for this very reason that during my tenure as CEO that NIP needed and urgently installed cybersecurity software. Was it therefore unreasonable to install cybersecurity software to safeguard very confidential patient information?” he asked.
Katiti further added that he does not work for NIP therefore failed to understand why a newspaper is of the opinion that it is newsworthy to publish old and maligned stories without any meaningful value simply in order to please those board members and officials of NIP who leak information about the very institution that they are supposed to serve and protect against negative publicity that is so obviously damaging to the reputation and the image of the institution.
“NIP faces serious operational challenges because of lack of leadership, both at board and senior management levels. NIP board is so besotted and infatuated with Katiti, that they are ignorant of the fact that two servers of NIP containing confidential patient information and electronic mail of NIP were recently hacked with malicious malware. These are the board members entrusted with confidential patient information, who would rather focus on providing false and misleading information to the public about contracts that were submitted to them at both the audit committee as well as board meetings.
All new tenders awarded and contracts entered into with service providers were submitted to the board tender sub-committee (new tenders), board audit committee (new contracts), and to the board of directors at least once every three months. Even a person with below average IQ will very confidently tell you (and rightfully so) that the board of directors of NIP is very dysfunctional and consider that their primary focus shall be to leak misleading information to The Patriot newspaper.”