SANDF officer corps crucial to cybersecurity


A new addition to the literature on cybersecurity in the wider South African defence sector, specifically the SA National Defence Force (SANDF), reports the SANDF is just as vulnerable to cyber-attacks as any other entity or organisation but many in the officer ranks aware of the importance of information security.

This is according to research psychologist and cybersecurity awareness training specialist Dr Kyle Bester, who recently obtained his doctorate in Military Science at Stellenbosch University. He notes officers were also aware of “consequences” emanating from a lack of compliance with cybersecurity guidelines.

As the SANDF is vulnerable to cyber-attack, to prevent or mitigate cyber threats it must increase cybersecurity awareness among military officers, offer appropriate training and education and purchase the required technology.

Stellenbosch University Senior Science Writer Alec Basson quotes Bester as saying: “Cybersecurity awareness is necessary for transforming not only SANDF organisational culture on how technology is embraced, but also how threats are perceived and eventually mitigated”.

Bester’s thesis topic was “Exploring the views and perceptions of cybersecurity among South African military officers” to provide insight on how the national defence force promotes cybersecurity awareness and mitigates threats.

He interviewed senior officers enrolled for a professional military developmental course at the SA National Defence College. He also asked students at the SA Military Academy and the SA National War College to complete a questionnaire for their views on information sharing, security orientation, cybersecurity awareness and cyber culture.

Bester says officers were aware of cyber threats that could harm the SANDF and adapted their off- and online security behaviour appropriately.

“They were of the view that it was not safe to share organisational information on social media platforms as this may put the SANDF at risk of cyberattacks. They also felt that their personal information was important, which might imply that the ill-considered exchange of personal data in cyberspace might leave them vulnerable to being exploited.

“They were aware of the importance of information security and the consequences associated with a lack of compliance with cybersecurity guidelines in the organisation.

“Information sharing practices were identified as an area of concern, as the information about threats may not necessarily be filtered through all the ranks in the organisation which could make it difficult to identify and respond to them efficiently.”

Participants emphasised the need for education and training to create cybersecurity awareness across the organisation, added Bester.

According to him, knowledge of and training in cybersecurity threats would influence how military officers interpret and adjust online security behaviour.

“It could be difficult to implement a uniquely tailored cybersecurity education training programme suited for the various security levels in the organisation because of the SANDF’s continued budgetary constraints.”

In addition to education and training, participants indicated a need for more efficient software and technological tools to deal with cybersecurity threats in the SANDF.

“Some also felt more attention should also be paid to best practices and policy guidelines on cybersecurity in the organisation.”

Officers on this year’s Junior Command and Staff Course came in for a cyber defence update during a visit to Armscor’s Gerotek facility, west of Pretoria, this month (June).

They were told by Nkosinathi Ngcongwane, Armscor Senior Manager Research and Development, about cyber threats evolving from conventional warfare to the cyber stage and procedures in place to deal with cyber threats.

He, according to Major Kuselwa Kutshwa from SA Army College, told the SA National War College class of 2023 that the State-owned defence and security acquisition company was working to empower the SANDF in both the defensive and offensive aspects of cyber warfare. Stressing it was early days, he gave denial of service attacks as one cyber warfare example. He is reported as saying: “This occurs when an opposing force attacks primary service providers, such as the power supply system like Eskom and the country’s financial system, including a country’s central bank and the Reserve Bank, causing them to malfunction or not function at all. The system will be capable of detecting flaws in any product system or equipment purchased by the SANDF in and outside the country”.

Bester pointed out the SANDF realises the importance of cybersecurity, especially since it engages in cyber surveillance with law enforcement agencies and intelligence services.

According to him the military has an interest in cyberspace as it allows for identification of internal and external countermeasures, as well as increasing opportunities to for greater resilience against threats, extending operational activities, protecting own interests and maintaining national cybersecurity.

“It is, therefore, of key importance for all military personnel to remain informed about relevant security risks and possible threats they might encounter in a professional or personal context. They are key for maintaining cybersecurity in the SANDF, as well as for employing policies and directives.

“Increased cybersecurity awareness is paramount because military officers are vulnerable to being misled or even forced by nefarious online actors to share sensitive information about operational activities. They could also create involuntary or voluntary points of access for malicious software through which these actors could enter the SANDF’s network.”

Bester ends saying: “Further emphasis should be placed on exploring military officers’ perceptions on cybersecurity as the human component is already identified as the main vulnerability in managing security”.

Major Gert PJ de Jager some time ago told an Electronic Warfare South Africa (EWSA) conference in Pretoria the uncontrolled use of social media networks posed security risks to the SANDF and other military forces.

De Jager noted offensive information collection is an important part of military operations and “a valuable input to determine the outcome of battles and victories.” The aim of information collection is to obtain sensitive or secret information for use as intelligence. Some methods of collecting sensitive information, specifically in the online domain, are open source intelligence (OSINT), eavesdropping, espionage and social engineering.

Militaries and non-state actors increasingly rely on social media to obtain intelligence. De Jager said a major concern was military personnel are not happy with the effectiveness of official channels and some resort to unofficial channels such as social networking to convey official information.

The SANDF should take into consideration there is a clear indication of the shift to mobile as preferred devices to keep social networking activities on, especially among the younger generation. This can be estimated to grow in numbers as younger people join the SANDF each year, flagging it as a possible concern in new developments current policies do not cover.

“The SANDF may not be able to stop every member from participating online in social networks, but it should focus on ensuring every member is aware of the importance of information security during the use of social networks. It is evident there will only be more information exposed on social networks as the younger generation increase and mature within the organisation, making it essential to supply them with the correct knowledge of social network risks and implications,” de Jager said.

“Even though military personnel are aware of official information disclosure 75% agree current communication systems (letters, landlines, lotus notes, etc.) of the Army are not sufficient to reach the correct people in time for official communication. To save time nearly half of all personnel use social network applications to inform others of certain work-related aspects.”

De Jager recommends information security awareness and training programmes be an integral part of development for all soldiers.

Defence expert Helmoed Romer Heitman previously cautioned that the internet and social media are points of vulnerability and urged governments and militaries to stay on top of this rapidly evolving sector.

“The internet and social media vastly expanded the distance over which and the space within which the guerrilla or terrorist can act to spread propaganda; carry out psychological operations, including intimidation of families of security force personnel; sensitise targeted groups; gain recruits; provide training, even in the assembly and use of IEDs; activate members; allocate target types or specific targets; initiate attacks or operations and exercise command and control.” None of this, he pointed out, needs large or complex installations.

“The internet and the ever-widening trend for everything and everyone to be connected result in potential vulnerability to cyber operations by governments and irregular forces,” Heitman cautioned.

Examples cited include intense internet espionage carried out by several countries; denial of service attacks on institutions in Estonia in 2007, which may have been carried out for the Russian government by criminal groups; denial of service attacks coinciding with the invasion and excision of parts of Georgia in 2008; cyber-attacks on power plants and portions of the grid in Ukraine since 2017 and recent cases of GPS jamming and spoofing.