Latest news with #SANDF
eNCA
6 hours ago
- Business
- eNCA
Treasury shoots down SANDF funding criticism
JOHANNESBURG - National Treasury is responding to criticism from Navy Chief Admiral Monde Lobese. He accused Treasury of sabotaging the SANDF during a Joint Standing Committee of Defence meeting. Lobese says Treasury cannot operate like a super department or a government on its own. The SANDF has been allocated 1.7 percent of the country's GDP, just over R57-billion. But, Treasury has hit back, saying it's wrong to suggest the department is responsible for the army's funding crisis. It says Cabinet decides on allocations. In addition to funding distributed for this financial year, the SANDF has also been allocated R4.3-billion in the 2025 Medium Term Expenditure Framework and R5.5-billion for early retirement for the current and next financial years.
eNCA
7 hours ago
- Business
- eNCA
Treasury fires back at SANDF funding criticism
JOHANNESBURG - National Treasury is responding to criticism from Navy Chief Admiral Monde Lobese. He accused Treasury of sabotaging the SANDF during a Joint Standing Committee of Defence meeting. Lobese says Treasury cannot operate like a super department or a government on its own. The SANDF has been allocated 1.7 percent of the country's GDP, just over R57-billion. But, Treasury has hit back, saying it's wrong to suggest the department is responsible for the army's funding crisis. It says Cabinet decides on allocations. In addition to funding distributed for this financial year, the SANDF has also been allocated R4.3-billion in the 2025 Medium Term Expenditure Framework and R5.5-billion for early retirement for the current and next financial years.
eNCA
2 days ago
- Politics
- eNCA
Could coup d'état comments impact SA's image?
JOHANNESBURG - This week in Cape Town, Minister in the Presidency Khumbudzo Ntshavheni made a bold revelation, warning of the risk of a possible coup d'état in South Africa. Unveiling National Security Strategy and National Intelligence Estimate documents, she assured the nation that preventative measures are in place, and praised the role of the SANDF and police services.
Daily Maverick
3 days ago
- Politics
- Daily Maverick
Command line to control room: SA's infrastructure vulnerable to cyberattacks
South Africa is rapidly digitising its infrastructure, but not necessarily legislating protections against cyberattacks at the same pace. This means we run the risk of becoming a frontline where attackers don't merely steal data, but tamper with infrastructure, and our defences are dangerously out of date. On 23 December 2015, about 23,000 residents of western Ukraine found themselves without electricity. The cause? An Advanced-Persistent-Threat (APT) — that is, a non-state actor, often a proxy for a nation-state, hacking into the power grid and turning off local substations. While that incident was later traced to a Russian-backed Advanced-Persistent-Threat, it was the first noted example of a power grid being disabled by cyberattacks. That was almost a decade ago — connectivity, and the corresponding vulnerability, has only accelerated since then. 'In today's world, you don't need to physically access infrastructure to disable it. You can disable it from a continent away. That's the terrifying shift in power we've seen in cyberwarfare,' says cybersecurity firm ESET's chief security evangelist Tony Anscombe. With more than 25 years of cybersecurity experience, Anscombe paints a picture of both a capable state and private sector where not enough attention is being devoted to the threat that cyberattacks pose. Despite producing world-class cybersecurity experts, South Africa's infrastructure is lagging — and increasingly in the crosshairs of both cybercriminals and state-aligned attackers. Prominent breaches such as those at the South African National Defence Force (SANDF), the Government Employees Pension Fund, and the National Health Laboratories Services show that this is no longer just a consumer nuisance — it's costing the country billions, and is a national security vulnerability. The 2023 SANDF breach exposed both classified data and President Cyril Ramaphosa's personal contact details — underscoring how deeply these attacks can cut. (Not) OK computer South Africa has featured prominently in cybersecurity reports over recent years, especially with regard to our continental performance — and not in a good way. South Africa's connected society and developed telecoms make it a prime target for cybercriminals. Interpol's Africa Cyberthreat Assessment Report of 2025 placed us fifth on the continent in terms of suspected scam attacks, and second in terms of cybercrime detections. This underscores both the benefits — and pitfalls — of our connectivity: we can better detect attacks, but we're also more likely to be targeted. While this offers some defensive potential, South Africa's rapid digitisation without legislative guardrails has left critical systems exposed. The infrastructure that governs water flow, power grids and chemical treatments is increasingly vulnerable to manipulation by both cybercriminals and hostile states. If this seems remote, recall that cyberattacks during the Israel-Iran conflict were used to cause actual flooding in Israeli towns. The 2010 Stuxnet virus reportedly sabotaged Iranian nuclear centrifuges. These are not sci-fi threats — they're documented precedents. And they're not limited to global players. 'We've also seen things like the Uganda water treatment system being targeted,' Check Point's global research group manager Eli Smadja said. 'That's a real infrastructure breach. It wasn't publicised much, but the fingerprints were there. If they can go for Uganda, they can go for anyone.' Target-rich environment 'South Africa is actually among the most attacked countries in Africa, but also one of the most capable at detecting and reporting,' continued Smadja. 'That makes it a double-edged sword: threat actors know there's infrastructure to exploit, but defenders are watching. 'We monitor threat activity across Africa. The same techniques used in Ukraine are now being adapted here — and we've observed probes in South African infrastructure,' he said. According to Smadja, this isn't hypothetical. 'We've seen entire playbooks reused — reconnaissance activity, credential stuffing, port scanning — these are standard steps before a full-scale intrusion.' Check Point has also observed code injections targeting legacy industrial control systems. Probes into protocol vulnerabilities, particularly on outdated systems, often come from known botnets and command-and-control servers. 'South Africa's critical infrastructure is particularly attractive because it operates in a hybrid environment: old tech connected to new interfaces. That creates blind spots,' Smadja said. 'You'll often have a 1998-era controller (a system used to control industrial processes) that is remotely accessed through a 2020s web interface. That kind of mismatch is what attackers look for.' South Africa's geopolitical and economic role in the Southern African Development Community may further raise the country's threat profile. 'If you want to send a message or disrupt a region, targeting South Africa's systems — power, water, or logistics — achieves impact,' said Smadja. And not all attackers are foreign. Local ransomware gangs are increasingly mimicking the tactics of Advanced-Persistent-Threats, including delayed payloads, supply chain infiltration, and backup disabling. What this means for you If a substation is hacked, your power could be cut without explanation. If a water system is tampered with, your supply could change without warning — and you'd never know if it was a cyberattack. Even when no data is stolen, critical services can be disrupted, with no public communication or accountability. Infrastructure on the edge 'If you're going to run an industrial system, you should segment the network so that operational tech is not accessible through the corporate side. That's not always happening,' warned Anscombe. Municipal water systems show similar gaps. Check Point has recorded targeted scans and login attempts. 'We've seen reconnaissance scans and access attempts directed at water systems, power grids, logistics. These aren't random — they're calculated,' said Smadja. South Africa's current attack surface: large targets, small defences Despite solid detection capability, South Africa lacks a mandatory breach reporting regime for infrastructure. 'There needs to be an obligation to report. If an entity suffers a cyberattack, there should be a legal requirement to notify a central authority,' said Anscombe. Under the Protection of Personal Information Act (Popia), only personal data breaches must be disclosed. If a water pump is hacked, or a substation disabled, there's no legal requirement to inform the public. 'When systems go dark, people assume it is load shedding. But there is a real risk of an invisible trigger. The threats we track in Africa show real intent,' said Smadja. The law vs the reality South Africa's cyber governance remains fragmented. The Critical Infrastructure Protection Act (Cipa) addresses fences and guards, but not firewalls. The Protection of Personal Information Act protects personal data but offers little for industrial control systems that govern our infrastructure, and despite escalating cyber threats, no dedicated critical information infrastructure law exists. Oversight is split with the State Security Agency (SSA) running the cybersecurity hub without legal enforcement powers, while the Department of Communications and Digital Technologies sets policy but lacks operational control. Experts say this siloed architecture leads to regulatory paralysis. Professor Sizwe Snail ka Mtuze, adjunct professor of cyberlaw at Nelson Mandela University and a key drafter of the Cybercrimes Act, told Daily Maverick that South Africa is struggling with 'a lack of centralised legal authority on cybersecurity.' He notes, 'Right now, you've got POPIA looking at data breaches, SSA managing the hub, and DCDT working on policy, but no one really able to enforce infrastructure-specific protections.' The Information Regulator confirmed this in response to Daily Maverick's queries, warning of systemic non-compliance in the public sector. 'Public entities do not invest in compliance with POPIA as compared to private entities,' the regulator stated. 'In some instances mitigation measures are not implemented, leading to repeat compromises of identified vulnerabilities.' Notably, none of South Africa's major infrastructure operators – including Eskom, Rand Water, or Transnet – reported a single high-risk data breach in the past two years, despite ongoing cyberattacks. This, combined with the Regulator's statements and the data showing cyberattacks in South Africa suggests a worrying culture of under-reporting or non-compliance. In her 15 July Budget vote speech, Minister in the Presidency Khumbudzo Ntshavheni noted: 'We are finalising consultation on the draft cybersecurity strategy' and emphasised a state investment push into advanced interception, AI, and analytics capabilities. But without a unified legal regime or enforcement authority, implementation remains uncertain. The Department of Communications and Digital Technologies and the Information Regulator of South Africa had not responded to Daily Maverick's queries by the time of publication. IoT: innovation or open door? South Africa's infrastructure future hinges on Internet of Things (IoT) — but it is being rolled out without minimum standards. Devices like smart meters and programmable logic controllers, which govern a lot of industrial processes in factories and utilities, are often installed without firmware update paths or password security. 'The problem with IoT is two-fold: there's no update mechanism, and many of these devices are built without even basic password protections,' warned Anscombe. Many were foreign-made and integrated via local vendors — increasing supply chain exposure. What must be done, and urgently Establish a national computer security incident response team with enforcement powers. Mandate disclosure of infrastructure-related cyber breaches. Pass legislation to govern Critical Information Infrastructure. Enforce cybersecurity procurement standards for public infrastructure. 'The adversary only needs one entry point. And if it's your power grid or water supply, the consequences go far beyond business disruption,' said Anscombe. DM
News24
3 days ago
- News24
State to appeal 12 SANDF soldiers' bail in murder of Frans Mathipa, double kidnapping
The State will appeal a decision handed down at the Randburg Magistrate's Court, Johannesburg, to grant bail to 12 SANDF members accused of kidnapping and murder. Fani Mahuntsi/Gallo Images via Getty Images
