Armscor cybersecurity unit up and operational

2025

The State-owned defence and security acquisition agency Armscor has created an in-house cybersecurity unit which plans to develop a globally competitive cyber warfare capability that will be “a strategic reserve for the SA National Defence Force (SANDF)”.

The unit, according to the latest Armscor newsletter, is responsible for ensuring current security measures are enhanced by the establishment of an integrated security operation centre (SOC). The SOC has as its main functions prevention, detection, recovery and response.

“The unit is tasked with developing practices that prescribe and monitor handling of information security threats and responding to incidents by assessing suspicious activities and abnormalities in the information systems environment. It will also ensure known vulnerabilities are addressed using virus detection and patching software, as well as performing user access audits and addressing information security related inquiries,” the newsletter reports.

The Armscor unit will, it is presumed, work closely with the Department of Defence (DoD) to counter cyber-threats to the military. In this regard recent DoD annual reports have stated work on development and implementation of the cyber-defence strategy is still at the establishment of an office stage, which is dependent on funding.

Three immediate cyber threats “likely to affect the defence industry” are listed by the publication. They are data breaches, malware deployed as an advanced persistent threat and artificial intelligence used for hacking.

In-house Armscor is running its Umbiko newsletter as an employee awareness programme and there are software systems in place to detect, prevent and recover from cyberattacks.

Armscor offers advice for the local defence industry to avoid cyberattacks. In the first instance awareness and alertness are primary means of knowing an attack is imminent or coming via social media or unknown phone calls. This is because cyber attackers trick people into allowing access to sensitive information.

“It is important not to open emails from unknown sources or forward them,” the newsletter states adding “phishing, pretexting, baiting, quid pro quo and tailgating” as examples of social engineering used by hackers and others intent on accessing data not belonging to them.