logo
ENFRع
#

Latest news with #SANDF

Command line to control room: SA's infrastructure vulnerable to cyberattacks
Command line to control room: SA's infrastructure vulnerable to cyberattacks

Daily Maverick

time2 days ago

  • Politics
  • Daily Maverick

Command line to control room: SA's infrastructure vulnerable to cyberattacks

South Africa is rapidly digitising its infrastructure, but not necessarily legislating protections against cyberattacks at the same pace. This means we run the risk of becoming a frontline where attackers don't merely steal data, but tamper with infrastructure, and our defences are dangerously out of date. On 23 December 2015, about 23,000 residents of western Ukraine found themselves without electricity. The cause? An Advanced-Persistent-Threat (APT) — that is, a non-state actor, often a proxy for a nation-state, hacking into the power grid and turning off local substations. While that incident was later traced to a Russian-backed Advanced-Persistent-Threat, it was the first noted example of a power grid being disabled by cyberattacks. That was almost a decade ago — connectivity, and the corresponding vulnerability, has only accelerated since then. 'In today's world, you don't need to physically access infrastructure to disable it. You can disable it from a continent away. That's the terrifying shift in power we've seen in cyberwarfare,' says cybersecurity firm ESET's chief security evangelist Tony Anscombe. With more than 25 years of cybersecurity experience, Anscombe paints a picture of both a capable state and private sector where not enough attention is being devoted to the threat that cyberattacks pose. Despite producing world-class cybersecurity experts, South Africa's infrastructure is lagging — and increasingly in the crosshairs of both cybercriminals and state-aligned attackers. Prominent breaches such as those at the South African National Defence Force (SANDF), the Government Employees Pension Fund, and the National Health Laboratories Services show that this is no longer just a consumer nuisance — it's costing the country billions, and is a national security vulnerability. The 2023 SANDF breach exposed both classified data and President Cyril Ramaphosa's personal contact details — underscoring how deeply these attacks can cut. (Not) OK computer South Africa has featured prominently in cybersecurity reports over recent years, especially with regard to our continental performance — and not in a good way. South Africa's connected society and developed telecoms make it a prime target for cybercriminals. Interpol's Africa Cyberthreat Assessment Report of 2025 placed us fifth on the continent in terms of suspected scam attacks, and second in terms of cybercrime detections. This underscores both the benefits — and pitfalls — of our connectivity: we can better detect attacks, but we're also more likely to be targeted. While this offers some defensive potential, South Africa's rapid digitisation without legislative guardrails has left critical systems exposed. The infrastructure that governs water flow, power grids and chemical treatments is increasingly vulnerable to manipulation by both cybercriminals and hostile states. If this seems remote, recall that cyberattacks during the Israel-Iran conflict were used to cause actual flooding in Israeli towns. The 2010 Stuxnet virus reportedly sabotaged Iranian nuclear centrifuges. These are not sci-fi threats — they're documented precedents. And they're not limited to global players. 'We've also seen things like the Uganda water treatment system being targeted,' Check Point's global research group manager Eli Smadja said. 'That's a real infrastructure breach. It wasn't publicised much, but the fingerprints were there. If they can go for Uganda, they can go for anyone.' Target-rich environment 'South Africa is actually among the most attacked countries in Africa, but also one of the most capable at detecting and reporting,' continued Smadja. 'That makes it a double-edged sword: threat actors know there's infrastructure to exploit, but defenders are watching. 'We monitor threat activity across Africa. The same techniques used in Ukraine are now being adapted here — and we've observed probes in South African infrastructure,' he said. According to Smadja, this isn't hypothetical. 'We've seen entire playbooks reused — reconnaissance activity, credential stuffing, port scanning — these are standard steps before a full-scale intrusion.' Check Point has also observed code injections targeting legacy industrial control systems. Probes into protocol vulnerabilities, particularly on outdated systems, often come from known botnets and command-and-control servers. 'South Africa's critical infrastructure is particularly attractive because it operates in a hybrid environment: old tech connected to new interfaces. That creates blind spots,' Smadja said. 'You'll often have a 1998-era controller (a system used to control industrial processes) that is remotely accessed through a 2020s web interface. That kind of mismatch is what attackers look for.' South Africa's geopolitical and economic role in the Southern African Development Community may further raise the country's threat profile. 'If you want to send a message or disrupt a region, targeting South Africa's systems — power, water, or logistics — achieves impact,' said Smadja. And not all attackers are foreign. Local ransomware gangs are increasingly mimicking the tactics of Advanced-Persistent-Threats, including delayed payloads, supply chain infiltration, and backup disabling. What this means for you If a substation is hacked, your power could be cut without explanation. If a water system is tampered with, your supply could change without warning — and you'd never know if it was a cyberattack. Even when no data is stolen, critical services can be disrupted, with no public communication or accountability. Infrastructure on the edge 'If you're going to run an industrial system, you should segment the network so that operational tech is not accessible through the corporate side. That's not always happening,' warned Anscombe. Municipal water systems show similar gaps. Check Point has recorded targeted scans and login attempts. 'We've seen reconnaissance scans and access attempts directed at water systems, power grids, logistics. These aren't random — they're calculated,' said Smadja. South Africa's current attack surface: large targets, small defences Despite solid detection capability, South Africa lacks a mandatory breach reporting regime for infrastructure. 'There needs to be an obligation to report. If an entity suffers a cyberattack, there should be a legal requirement to notify a central authority,' said Anscombe. Under the Protection of Personal Information Act (Popia), only personal data breaches must be disclosed. If a water pump is hacked, or a substation disabled, there's no legal requirement to inform the public. 'When systems go dark, people assume it is load shedding. But there is a real risk of an invisible trigger. The threats we track in Africa show real intent,' said Smadja. The law vs the reality South Africa's cyber governance remains fragmented. The Critical Infrastructure Protection Act (Cipa) addresses fences and guards, but not firewalls. The Protection of Personal Information Act protects personal data but offers little for industrial control systems that govern our infrastructure, and despite escalating cyber threats, no dedicated critical information infrastructure law exists. Oversight is split with the State Security Agency (SSA) running the cybersecurity hub without legal enforcement powers, while the Department of Communications and Digital Technologies sets policy but lacks operational control. Experts say this siloed architecture leads to regulatory paralysis. Professor Sizwe Snail ka Mtuze, adjunct professor of cyberlaw at Nelson Mandela University and a key drafter of the Cybercrimes Act, told Daily Maverick that South Africa is struggling with 'a lack of centralised legal authority on cybersecurity.' He notes, 'Right now, you've got POPIA looking at data breaches, SSA managing the hub, and DCDT working on policy, but no one really able to enforce infrastructure-specific protections.' The Information Regulator confirmed this in response to Daily Maverick's queries, warning of systemic non-compliance in the public sector. 'Public entities do not invest in compliance with POPIA as compared to private entities,' the regulator stated. 'In some instances mitigation measures are not implemented, leading to repeat compromises of identified vulnerabilities.' Notably, none of South Africa's major infrastructure operators – including Eskom, Rand Water, or Transnet – reported a single high-risk data breach in the past two years, despite ongoing cyberattacks. This, combined with the Regulator's statements and the data showing cyberattacks in South Africa suggests a worrying culture of under-reporting or non-compliance. In her 15 July Budget vote speech, Minister in the Presidency Khumbudzo Ntshavheni noted: 'We are finalising consultation on the draft cybersecurity strategy' and emphasised a state investment push into advanced interception, AI, and analytics capabilities. But without a unified legal regime or enforcement authority, implementation remains uncertain. The Department of Communications and Digital Technologies and the Information Regulator of South Africa had not responded to Daily Maverick's queries by the time of publication. IoT: innovation or open door? South Africa's infrastructure future hinges on Internet of Things (IoT) — but it is being rolled out without minimum standards. Devices like smart meters and programmable logic controllers, which govern a lot of industrial processes in factories and utilities, are often installed without firmware update paths or password security. 'The problem with IoT is two-fold: there's no update mechanism, and many of these devices are built without even basic password protections,' warned Anscombe. Many were foreign-made and integrated via local vendors — increasing supply chain exposure. What must be done, and urgently Establish a national computer security incident response team with enforcement powers. Mandate disclosure of infrastructure-related cyber breaches. Pass legislation to govern Critical Information Infrastructure. Enforce cybersecurity procurement standards for public infrastructure. 'The adversary only needs one entry point. And if it's your power grid or water supply, the consequences go far beyond business disruption,' said Anscombe. DM

‘A coup is not discussed on social media': Holomisa says no need to press panic buttons
‘A coup is not discussed on social media': Holomisa says no need to press panic buttons

The Citizen

time3 days ago

  • Politics
  • The Citizen

‘A coup is not discussed on social media': Holomisa says no need to press panic buttons

The SANDF is now better equipped to respond to potential riots, according to Holomisa. Deputy Minister of Defence and Military Veterans, Bantu Holomisa, has seemingly shrugged off claims about a coup threat, amid growing conversations surrounding South Africa's national security. Minister in the Presidency responsible for State Security, Khumbudzo Ntshavheni, disclosed this week that the security cluster had identified a 'potential risk' of a coup d'état. Ntshavheni also emphasised that the National Security Strategy and National Intelligence Estimates report flagged other risks, including terrorism and violent extremism. Holomisa speaks on coup d'état fears Speaking to the media at 1 Military Hospital in Pretoria on Thursday, Holomisa stressed that the security of the state remains a key priority. 'I don't want to get involved in the reports of what comes from the Cabinet because they are privy to better briefings. 'If there is anyone who has such plans, I think he or she is advised to stop that because it has been exposed. A coup is not discussed on social media, that's not a coup,' he said. The deputy minister assured the public that the South African National Defence Force (SANDF) is fully capable of defending the nation against any serious threat. ALSO READ: Why a military coup d'etat in SA is unlikely He further indicated that the country is not facing any imminent external threats, but the military may be called upon to support the police in managing internal unrest. 'We are not expecting conventional warfare in South Africa. The major threat I foresee is civil disobedience, where we are asked by the police to assist and protect them. 'In that case, we will be ready to assist police, but as far as fighting an outside war with outside players or countries, that is not in the offing.' [B] • Address cybersecurity vulnerabilities at organs of State including in procurement, supply chain management and reliance on foreign-based companies within national security domains. • Investigate activities related to terror financing that are characterised by… — Khumbudzo Ntshavheni (@Khu_Ntshavheni) July 15, 2025 Holomisa added that the army is now better equipped to respond to potential riots since the 2021 July unrest. 'The Minister of State Security did table a report, and they seem to be, at least this time around, ahead of the game. 'Anyone who wants to use violence, I think that the South African security in general, combined, they can deal with that matter. But I don't think that we should start pressing panic buttons.' Security concerns deepen amid Saps allegations Ongoing concerns about national security have also been compounded by serious allegations involving the South African Police Service (Saps). KwaZulu-Natal (KZN) Police Commissioner Nhlanhla Mkhwanazi earlier this month accused Police Minister Senzo Mchunu of working with criminal gangs to dismantle a task team investigating politically motivated killings. Mkhwanazi went on to claim that investigators had uncovered a criminal network tied to a drug cartel, implicating politicians, police officers, metro police and members of the judiciary. In response to the allegations, President Cyril Ramaphosa placed Mchunu on leave and appointed Gwede Mantashe as acting police minister. Professor Firoz Cachalia is set to take over the role in August. Ramaphosa also announced the establishment of a judicial commission of inquiry to investigate Mkhwanazi's claims. NOW READ: 'Where's the proof?': Calls for Ntshavheni to answer for coup claims

Motshekga backs Ramaphosa for waiting for dust to settle on Mkhwanazi allegations before addressing nation
Motshekga backs Ramaphosa for waiting for dust to settle on Mkhwanazi allegations before addressing nation

Eyewitness News

time7 days ago

  • Business
  • Eyewitness News

Motshekga backs Ramaphosa for waiting for dust to settle on Mkhwanazi allegations before addressing nation

Meanwhile, Motshekga, in response to Parliament's portfolio committee chair on defence Dakota Legoete's criticism over a shrinking defence budget, said that Parliament was made aware of the issue because of the department. Last week, Motshekga delivered her department's budget vote, which went from R58 billion in the last fiscus to R57 billion this time around. The minister said that the South African National Defence Force (SANDF) was operating at 50% and remained at risk."Even giving them the figures of what as Parliament, but what also Cabinet should do and the president is very conscious and aware of the problems. He's tasked Treasury to engage with us to see what it is we can do urgently, but the envelope is tight." READ MORE:• Holomisa warns of escalating domestic threats, wants military to enhance SA's internal security • Motshekga tables defence budget, says dept will do more with 'the little we have'

DOWNLOAD THE APP

Get Started Now: Download the App

Ready to dive into a world of global content with local flavor? Download Daily8 app today from your preferred app store and start exploring.
app-storeplay-store