Yesterday’s edition of the Sunday Times led with a story by Sabelo Skiti, in which he reported on the extreme vulnerabilities of SA’s state IT infrastructure. The problem is so bad that even President Cyril Ramaphosa’s information has been accessible to hackers, to the extent that the journalist showed screenshots thereof to the presidency.
I do not want to repeat the story, except to say that other state entities are similarly vulnerable, though I don’t believe many South Africans care. Cybersecurity, though extremely common and dangerous, is not well understood.
A few years ago I felt compelled to try to convince a few journalist friends to look into the same matter, specifically in the context of the state’s physical infrastructure, much of which is operated using computer networks, which need software. SARS’s customs system, Transnet’s ports and international cargo carriers such as DHL, DSV and others are examples of networks that are integrated.
The same is true for the electricity grid, immigration management system, SAPS, department of justice and constitutional development and so on. These are all systems that are vulnerable to attacks which could halt the country’s ability to conduct daily operations.
I reached out to these former colleagues because I had, for some time, immersed myself in the subject and, because of my professional involvement in the sector, had an informed sense of the relentless attacks SA’s banks and financial institutions ward off daily. It is not by accident that our ability to retain our money in bank accounts and transact is largely safe, but government’s business is not.
These attacks are usually perpetrated two types of actors.
There are cybercriminal gangs who have built and operate huge technological infrastructure to carry out ransomware attacks in various countries, sometimes simultaneously. In recent years private and public entities in SA have experienced these, but they pale in comparison to what the second set of actors can inflict.
In February last year a hacker accessed the water treatment system of a Florida, US, city and attempted to pump a dangerous amount of sodium hydroxide into it. Fortunately a staff member noticed the anomaly and immediately reversed it.
State actors can do much worse and more, and also engage in a different type of “ransomware”, the geopolitical kind. They can shut down our electricity grid and ports, paralyse the immigration system or poison our water-treatment plants to harm or kill millions of people in one attack.
Such attacks can also be used to drive popular discontent in a country as critical services can be curtailed at once or turned into a potent weapon. As a result, powerful countries such as Russia, the US and China allocate billions of dollars annually to cyberdefence and cyber-offensive capabilities. They relentlessly hack into each other’s computer systems to steal information, infect them with ransomware or deploy sleeper files for use in times of war, when shutting down key infrastructure may be useful.
Just more than a year ago the company that provides nearly half of the US east coast’s gas, diesel and jet fuel was hit by a ransomware attack that curtailed gas supplies to businesses, hospitals and homes. The company, Colonial Pipeline, is believed to have paid $5m to have its computer systems released. These days hackers demand payment in crypto currency to make detection difficult.
In February last year a hacker accessed the water treatment system of a Florida, US, city and attempted to pump a dangerous amount of sodium hydroxide into it. Fortunately a staff member noticed the anomaly and immediately reversed it. Sodium hydroxide is used to control acidity in drinking water, but has to be applied in specifically controlled doses to avoid causing harm.
Of course, the US department of justice, through the FBI, was also able to identify the hackers and recover some of the funds paid. They also charged several foreign individuals, a capability SA does not have and is not about to, even though it is clear how imperative it has become.
This defencelessness presents a serious threat to human security, internal stability and geopolitical challenges for the country. With weak IT defence systems, a sophisticated and aggressive actor can hold the government to ransom by making life difficult for ordinary citizens. By this I mean we could be forced to support a particular power if our government and its infrastructure are brought to a standstill at the proverbial click of a button.
Such a scenario is possible. In various summits US presidents have sparred with Russia’s President Vladimir Putin, reminding him that just like his country, they also have cyberwarfare tools to deploy against Russian infrastructure, such as its electricity grid. It would be a miracle if countries such as the US, China and Russia, among others, have not deployed tools to access SA government information.
I also wonder how much of what SA says or does on international issues such as the war in Ukraine is influenced by quiet government-to-government reminders of the destruction foreign powers can unleash on the country if we do not toe the geopolitical line.
This country is a diplomatic player of strategic importance and usually courted by all the major powers, even though our foreign policy capabilities have deteriorated over the years. As such we need a careful balancing act, but this is sometimes undermined by bellicose statements from ANC leaders who believe the world is still in the pre-1990s Cold War.
It must be of grave concern to the public and parliament that our government’s IT infrastructure is so vulnerable. The recent attacks on Transnet and agencies of the department of justice demonstrate this clearly, yet parliament continues to show its severe incapacity by not realising how critical this matter is and calling for inquiries.
I also wonder how much of what SA says or does on international issues such as the war in Ukraine is influenced by quiet government-to-government reminders of the destruction foreign powers can unleash on the country if we do not toe the geopolitical line. Even worse, the extent to which the information of SA’s senior leaders, now in the hands of foreign governments, influences the positions they adopt on our behalf must be of serious concern to all of us.
We may never know how deep this problem runs, but from what we do know, there clearly is one and it is likely to get far worse, with devastating consequences. Parliament needs to take its role seriously and call the State Information Technology Agency, the SAPS and State Security Agency (SSA), among others, to testify before it on their assessment and measures they have taken to fortify the country.
It is absurd that there are videos of testimony by senior officials to other countries’ parliaments on these issues, yet there is nothing similar in a country as globally networked as SA.
As with other threats facing the country, such as climate change-induced flooding, where officialdom is seemingly uncaring, out of depth, ignorant or all three, it is the same with this type of threat. We survive from day to day and are surprised by threats for which we should long have prepared and fortified citizens against.
One day the consequences will, just like the flooding in KZN has shown us, bury hundreds of people because of a weak state and a poor political ruling class.
Would you like to comment on this article?
Sign up (it's quick and free) or sign in now.
Please read our Comment Policy before commenting.