Somaliland Chronicle has received a report from a confidential source of a critical security vulnerability that affects Somaliland’s Financial Management Information System or SLFMIS. SLFMIS is of the components of years long, 20 million dollars World Bank project and implemented by the Ministry of Finance.

Zamzam Abdi Adan with other government official at the launch ceremony of SLFMIS

There have been numerous reports of impropriety at the Ministry of Finance related to the PFM project during the tenure of the former Minister Zamzam Abdi Adan.

President Muse Bihi Abdi with current Minister of Yusuf Mahamed Abdi

New security vulnerabilities are routinely discovered on everything from windows on consumer grade laptops to a system running an important national infrastructure such as the SLFMIS. Unfortunately, 90% of all hacking incidents involved a security flaw.

How important is Somaliland Financial Management Information System or SLFMIS? In layman’s terms it is the bookkeeping system of the Government of Somaliland.

We have consulted cyber security professionals to confirm if indeed there are security vulnerabilities as reported, and they have confirmed that in fact there are numerous vulnerability are critical and need immediate attention or the system should be taken offline and added that only a low level of expertise is required to exploit and access the system.

Norse realtime attack visualizer

“Not sure how much was spent to create this system, but it appears whoever designed it has a tenuous grasp of today’s cyber security risks and has not put any controls in place to protect this system” said an IT professional who was briefed on this issue.

The experts we consulted confirmed that Somaliland’s SLFMIS would not have passed minimum security standards in any small to medium company let alone critical government infrastructure. 

Side by side, Somaliland’s SLFMIS and Somalia’s Revenue Collection System

SLFMIS has been implemented and hosted by PFM Smart. There is a little information about this company whom one of Somaliland’s most valuable data sources resides with but what is clear is that it also implemented Somalia’s Revenue Collection System and is hosting it on the same network as SLFMIS. 

Somaliland government has a history of using unscrupulous foreign companies often established solely for the purpose of the project at hand, PFM Smart seems to be one of those. 

Minister of Finance meeting

On Monday, the Minister of Finance Yusuf Mahamed Abdi has met with yet another foreign company called OBM which works with the ministry on financial reform. It is unclear if this company is related to the PFM.

Somaliland Chronicle has reported and shared our findings with high ranking members of Somaliland government to get the right resources tasked for immediate remediation. Somaliland Chronicle will not discuss the nature of the vulnerability due to its national security implication.