South Africa building database of security specialists as it recovers from major cyber attack

Employment and Labour minister Thulas Nxesi says that government plans to ramp up its cybersecurity capabilities.

Answering in a recent parliamentary Q&A, Nxesi said that the Department of Public Service and Administration has established a Standing Committee on Information Systems Security (SCISS), which is where all government departments are represented to discuss matters related to information security and cyber-security.

“The SCISS has come up with an initiative of departments sharing resources and transferring skills to one another in matters relating to cybersecurity.

“The initiative is still at the beginning stage where a database of cybersecurity specialists in the public sector is being developed,” he said.

“Internal Information Security staff have also subscribed with other global threat security intelligent institutions i.e. Microsoft- Security Slate, Centre for Internet Security (CSI) and Hackers Choice, where we regularly receive ICT security-related awareness’s, newsletters, information on vulnerabilities, viruses and data privacy related breaches that the department should be aware of.”

Major attack

The government’s IT capabilities have come into question in recent weeks after a cyberattack on Transnet’s IT infrastructure caused activity at South Africa’s ports to slow to a crawl.

The state-owned rail and port company was hit by a ransomware attack on 22 July, resulting in the shutting down of its computer systems.

The company told staff not to use laptops, desktops, and tablets connected to the Transnet domain and not access work emails from their personal devices.

Transnet declared force majeure on 27 July. Force majeure is a common clause on contracts that frees all parties from liability when an extraordinary event occurs.

Information security firm Crowdstrike said that the ransomware note found on Transnet’s systems was similar to others they had seen in recent months.

It is linked to ransomware strains known as “Death Kitty,” “Hello Kitty,” and “Five Hands,” said Adam Meyers, vice president of intelligence at Crowdstrike.

These strains were recently found targeting Polish video game maker CD Projekt RED and exploiting security vulnerabilities in SonicWall products.

The attack on Transnet caused operations at its container terminals to grind to a near-standstill. With its IT systems shut off, Transnet had to fall back on manual systems to handle incoming and outgoing ships and the moving of containers.

Read: New rules will impact tech companies in South Africa – what you should know