Very recently, the Carnegie Endowment for International Peace stated that South Africa has adopted a national cybersecurity strategy and established a military Cyber Command. But for years, other issues have been ranked above cybersecurity, such as corruption, poverty, and racial injustice”. While all these issues are crucially important, neglecting cybersecurity, particularly the security of the National critical infrastructure can be disastrous. Recently, Fin24 firmly emphasised that “cybercriminals are on a ‘concerted effort’ to target SA’s critical infrastructure”.
The fact is that South Africa has identified cybersecurity as a key national priority and has so far adopted a national cybersecurity strategy and established a military Cyber Command. However, according to the Carnegie source, not giving cyber protection deserved priority has left Cyber Command under-resourced and unmotivated. We can add that the same happened to the country’s central cybersecurity point, an entity called “Cybersecurity Hub”.
Cybersecurity threats faced by South Africa
Despite South Africa’s various political, economic, and social challenges, it has “leapfrogged into the digital age” and cyberspace has been woven into the fabric of everyday life. With a digital penetration rate of 72 per cent, South Africa is considered “the world’s most internet-addicted country”.
The expansion of the digital cover inevitably expanded the attack surface for criminals to exploit, showing a dramatic increase in cybercrime in the country since the COVID-19 pandemic emerged. For example, according to the South African Council for Scientific and Industrial Research (CSIR), South Africa is the eighth most targeted country in the world for ransomware in 2023. According to some reports, Ransomware attempts among government customers rose a staggering 1,885%! Hence no wonder that the CSIR stated that the impact of cyber-crime on the South African economy is currently estimated at 2.2 billion Rand.
Moreover, in August 2023, it was reported that even the South African National Defence Force (SANDF) had suffered a potentially massive data breach by apparent hacktivists, including the theft of highly classified information.
Minding the above and many other damaging cyber events, cybersecurity experts pessimistically forecast that cyber-crime incidents will continue to rise given South Africa’s weak cybersecurity and poor cyber hygiene.
What is a possible solution?
Showcasing many other cyberattacks on the South African government and its agencies will take a lot of time and space. Cyber-attacks on Transnet, the Reserve Bank, or the Department of Justice, and even the attempted hacks on President Cyril Ramaphosa and many others are well-known.
A more salient question would be what to do to protect South African critical infrastructure, hence safeguarding the well-being of the whole nation. We have already written on this topic several times.
Some international experiences suggest that two measuring parameters are important for assessing the criticality of infrastructure: (1) possible number of casualties if the infrastructure is successfully attacked and (2) damages to the national economy. Therefore, it seems logical that the responsibility for setting goals in protecting national critical infrastructure rests primarily with the government as it has the power to deliver regulation.
The implementation of steps to reduce the vulnerability of corporate assets depends primarily on private sector knowledge and action as well as on a good understanding of operations and potential risks. In South Africa, this knowledge (particularly technical) and experience of the private sector as well as potential funding are dearly needed at all levels of government. However, the question is if the private sector would have adequate commercial incentives to cooperate with the government in funding and addressing vulnerabilities of critical infrastructure. An equally important issue is building trust between the government and the private sector to create an effective partnership for protecting South Africa’s critical infrastructures.
Complexity is another big challenge in protecting critical infrastructure. For individuals to protect their digital equipment and data is a relatively simple task. However, protecting companies is a more intricate mission, which requires the deployment of cybersecurity solutions throughout the entire organization. Protecting industrial facilities and critical infrastructure becomes even more challenging. This protection requires the designing of entire cybersecurity systems specifically dedicated to a particular industrial plant or infrastructure. Designing, implementing, and maintaining these systems, however, still face significant difficulties, one of them being a huge shortage of skilled cybersecurity professionals: engineers, technicians, and strategists.
About skills shortage again as this is a stubbornly occurring theme. As depicted in our previous blog post “Out of 1.2 million civil servants in SA, only 64 have a job title relating to cybersecurity”, there is not only a shortage of cybersecurity skills (both technical and non-technical) but also a yawning gap in deploying cybersecurity experts in the SA government and its agencies.
To address the skill shortage, we can ‘borrow’ experience from nations that have advanced thinking and technology and confronted sophisticated cyber-attacks on their critical infrastructure. To secure necessary expertise, these countries promote the introduction of cybersecurity subjects in high and sometimes primary schools and foster competitions through, for example, hackathons. Though we are still battling to properly introduce general technology subjects in our schools, leapfrogging by introducing cybersecurity within the IT curriculum can give South Africa, in time to come, a leading cybersecurity skills edge on the continent.
Robust implementation of efficient national legislation such as the Critical Infrastructure Protection Bill is another critical success factor for the effective protection of national critical infrastructure.
Safeguarding South Africa’s critical infrastructure requires a concerted effort from all stakeholders. By addressing gaps in cybersecurity readiness, fostering collaboration, and investing in education and legislation, South Africa can bolster its cybersecurity posture and mitigate the risks posed by evolving cyber threats.
Elevate your cybersecurity strategy with NIST Audit and cutting-edge services inspired by the insights of Cybersecurity Futures 2030. Trust our expertise to navigate the dynamic landscape and secure a thriving digital future. Your defense starts here!
