Cyber Warfare: South Africa’s ‘Strategic Reserve’ for Defence

June 2, 2020

Jesutimilehin Akamo


This article seeks to examine South Africa’s (SA) approach to cyber warfare. Cyberwarfare involves actions by an individual, private, or public entity to attack the computer and information networks of another via the use of technology. SA is open to attack, and the government adopts a defensive approach through the strategic reserve for the SA National Defence Force (SANDF). It is an in-house cybersecurity unit created by a defence and security acquisition agency, Armscor, owned by SA. It highlights why attackers face SA, and how, its implications, and what more does SA need to do.



Reconstructed Scenario is based on the following judgments:

KJ1. It is almost certain that most cyber-attackers are motivated by the money they get from cyber attack


KJ2. Data protection is highly likely to be the priority of SA’s cyber strategy for the next decade


KJ3. SA will highly likely invest more money into strengthening its cyber intelligence within the next 5 years.



Reconstructed Scenario


Information plays a critical role in society, without it societies cannot progress. At some point, it became weaponised. Although it is the same, there have been fundamental changes through a technological revolution. Now, South Africa (SA)’s military has become dependent on ICT and it uses a defensive and reactive to its security. It is likely adopted from a non-military cyber strategy. It is manageable for cyber-attacks on financial systems. However, using it for military purposes is insufficient. Grey Dynamics Intelligence Assessment reports that any cyberspace user is vulnerable to attack.



Why ‘Vultures’ Gather


An expert from SA, Elmarie Bierman examined online and offline criminals as the same. This is because they will ‘go where the money is’. Hence, ‘If your data can be monetised, they will go after your data, and if your people have access to this data, they will target your people.’ Bierman is the Director and Founder of the Cyber Security Institute, South Africa.


Her judgements show that cyber-attacks in SA focus on data. Research on the cyber-attacks SA experienced within the last two decades supports this. See the figure below. Data is attacked the most, the piechart consists out of 54 selected major cyber-attacks.




Denial of Service and financial are second and third on the list. They are both linked with data exposure. Attackers deny the access of service providers and consumers for finance. If failed, they threaten to expose data. For example, on 24 October 2019, there was a Ransomware attack in Johannesburg. Attackers launched a Distributed- Denial of Service (DDoS) attack and demanded Bitcoins. Figure 1 below shows the message from hackers.



Hackers launched another similar attack for Bitcoin. In both events, they delayed financial transactions and service deliveries, or temporarily paused operations. Economic factors motivated attackers. Institutions responded to it and some have been able to make recoveries. Following Bierman, the reason for these attacks is money. They can sell to a third party, or threaten/blackmail the owner of the data for money. In both occasions SA was reactive and it has been inadequate. Attackers use phishing, identity theft, and ransomware. SA loses about R2.2 billion yearly within the last 5 years.


In cyber warfare countries and individuals, or individuals contracted by governments, are the attackers. An example is Russia or Russians in Eastern Europe. In SA’s case, however, there is no evidence that there has been a state-sponsored attack against it, but it has been on the look-out for Russia’s digital footprint and that of others. SA has experienced attacks from private individuals or groups.



‘Strategic Reserve’ for Defence


The strategy is a series of planning and actions aimed at making warfare condition inconducive for the enemy to win. The strategic reserve is used to pursue a strategy or cope with unexpected events. SA put Armscor in charge of its strategic reserve for defence.


Armscor is a defence and security acquisition agency owned by South Africa (SA). They created an in-house cybersecurity unit which aims to develop a competitive cyber warfare capability for SA. Its primary functions are prevention, detection, recovery and response, as they work with the Department of Defense to counter cyber-threats to the military. According to them, their software system detects, prevents and recover from various cyber-attacks. This is what they called “a strategic reserve for the SA National Defence Force (SANDF)”.


Distributed- Denial of Service attack is an example to highlight how important it is to be proactive. It will be dangerous if attackers deny the military access to data or its operating service in a hybrid attack, information/data (intelligence) theft, a military operation (involving communication or drones), air movements (civilian or military), and others. The reactive measure would mean that SA would have suffered the damage, forced to do what the attackers/hackers demand, or lose the battle (in hybrid warfare).


SA’s cybersecurity is not proactive, judging from its ability to prevent attacks. This shows the increasing number of attacks. Kaspersky, a global IT company, recorded that cyber-attacks in SA increased by 22% by the first quarter of 2019, recording about 577 cyber-attacks every hour.



Way Forward


A way to strengthen SA’s strategic reserve is to strengthen its cyber threat intelligence. SA needs to focus on improving its capability to track, analyse, and counter of digital security threat. Local experts emphasize the need to get more people trained and equip them with the software and hardware tools they need to gather intelligence from the dark web.



Image: Euromoney (link)

Related Post