Department of Defence aims to beef up cyber security

5470

The South African Department of Defence (DoD) is emphasising the importance of improving the country’s cyber security, and aims to set up a cyber command centre headquarters next year.

This is according to the DoD’s 2017 Annual Performance Plan document, which states that “the DoD will contribute to the development of the National Cyber Warfare Strategy and Implementation Plan.
“During the 2017 MTEF [Medium Term Expenditure Framework], Defence will continue with the implementation of the Cyber Warfare Plan and will contribute, pending resource allocation, towards capacitating a Cyber-security Institution through the establishment of a Cyber Command Centre Headquarters, scheduled for the FY2018/19.”

The Performance Plan says it does not expect the nature of military conflict to change in the air, at sea, on land and the cyberspace in the coming decades, “the means of warfare certainly will continue to evolve. Cyber and terror attacks remain a possibility to contemplate.”

As a result of a changing environment, and the fact that the commercialisation of big data implies that almost any country or belligerent group can access fast, high-powered computational/analytical capacity that can be used for military purposes, the DoD in 2016/17 developed a Cyber Warfare Strategy covering “offensive information warfare actions.”
“It is envisaged that the Cyber Warfare Strategy will be submitted for consideration by the Justice, Crime Prevention and Security (JCPS) Cluster Ministers for approval of the strategy by the JCPS Cluster during the FY2017/18,” the Performance Plan notes.

The DoD believes that information is an asset that requires protection commensurate with its value and that security measures must be taken to protect information from unauthorised modification, destruction or disclosure whether accidental or intentional.

Consequently, the DoD Cyber Security Incident Response Team (CSIRT) will be established to prevent or recover from an information warfare incident through the establishment of a Cyber Warfare Command Centre Headquarters. “For the FY2017/18, the DoD will address phases 2 and 3 of the Cyber Warfare Implementation Plan which entails the finalising functions and structures of the Cyber Warfare Command Centre Headquarters,” the DoD Performance Plan stated.

Defence analyst Helmoed Romer Heitman has stated that “The potential consequences of a major cyber-attack in terms of damage to the economy and to the ability of the country to function are such that this should be regarded as part of the defence domain. This is an intelligence-heavy area, so the requisite intelligence and protection/defence capabilities, and the development or pre-emptive and counter-strike capabilities, should for now lie with Defence Intelligence. Looking forward we may need a separate branch of the Defence Force.”

Heitman points out that there are many potential targets in the cyber domain, including the systems that control electricity and water reticulation, telecommunications, railways, air traffic and some industrial plants. “Those computerised facilities have great advantages, but are also a major and dangerous vulnerability: Consider the cyber-attack on Iran’s uranium enrichment facilities, the denial of service attacks against government offices, banks and similar institutions in Georgia and Estonia, and the more recent attacks on the electricity supply system of the Ukraine. The latter two sets of attacks are more frightening because they were executed remotely, whereas that against Iran required malware to be delivered via a memory stick, something that is easier to guard against. It is also worth remembering that South Africa is one of a few countries in Africa actually vulnerable to cyber-attack.”

In line with the DoD setting up a cyber warfare headquarters, Denel in September last year announced it had established a dedicated business unit to counter the growing global threat to the country’s security and economic interests, as part of its mandate to look after South Africa’s sovereign defence capabilities.

The Denel Tactical Cyber Command Centre (DTC³) will form part of Denel Integrated Systems and Maritime and work closely with local and international partners in the cyberspace domain.