Winter 2022

Cybersecurity has evolved over the years, and today cyberattacks instigated by cyber-criminals, nation states, or insider threat actors are part of regular headline news. In South Africa and around the world, the number of cyberattacks or incidents in the public and private sectors have been on an increase over the past few years, but are more prominent since the emergence of the COVID-19 pandemic. The ransomware attacks and data breaches are more common. Recent research studies indicate that in 2020 countries such as India reported over 50 000 cybercrimes (12% increase from previous year) and Australia reported a 13% increase in 2020 with one in four of the cyber incidents targeting critical information infrastructure. In August 2021, the Information Regulator indicated that close to 40 organisations reported suffering a security breach in South Africa. All these cyber incidents come at a cost estimated to be at $500 billion per annum, negatively impacting 20% of the businesses; whilst in South Africa, the South African Banking Risk Information Centre (SABRIC) predicts cybercrime losses to be over a billion every year and that the attacks will be increasing. The developed countries are not protected either, as a recent study from Checkpoint indicates that ransomware attacks have increased by 93% in 2021 with Europe, the Middle East, and Africa seeing the highest growth. In the United States, authorities have also observed over 500 attacks in 2021 that have been perpetrated by the Conti ransomware.

As it may be noted from the short context above, cyberattacks do not discriminate between rich and poor people, developing and developed nations, or powerful and powerless nations. As digital transformation gets embraced by industry and government sectors, cyber criminals are also enhancing their modus operandi by finding better ways to breach and disrupt digital systems. At the same time, countries are lagging in finalizing legal frameworks and regulations that could speedily deal with and respond to the increasing number of incidents. In South Africa, the cybercrimes act was only accepted in 2021; this act identifies offences which have a bearing on cybercrime. However, law enforcement still requires skills to fully investigate and prosecute cybercrime, and this challenge is not only limited to South Africa, but the whole of Africa and other countries.
This special issue of the Journal of Information Warfare (JIW) has been put together in collaboration with the Council for Scientific and Industrial Research (CSIR) in South Africa with most of the articles contributed by researchers and experts in the Information and Cyber Security Research Centre. The eight papers in this publication cover five themes in the cybersecurity and cyber warfare domain which, although grounded in the South African context, also speak to the African challenges. The six themes are: policy reviews and analysis; education qualifications and learning; capability building; effective incident response; governance; and skills for 4IR and threat analysis.

Dr Jackie Phahlamohlaka, Lieutenant Colonel M Aschmann, and Mr Theron contributed a thought-provoking piece entitled “National Cybersecurity Implementation in the Republic of South Africa”. In this paper, the researchers boldly claim that there is no visible National Cybersecurity Strategy for South Africa, and they provide a deep analysis on the implications of a lack of national cybersecurity strategy including what could be done to resolve this challenge.

The article by Dr Jabu Mtsweni and Mphahlela Thaba addresses the question of national cybersecurity implementation, with a focus on building an integrated cyber defence capability for African missions appreciating the diverse and contextual challenges faced by the African national defence forces. This article contributes a conceptual approach into how African countries could develop a resilient cyber defence capability to effectively respond to constant cyberattacks. The approach is underpinned by an integrated capability management system, using case studies in large and complex environments, including strategic and capability development learnings from other military domains outside the African continent.

Considering the COVID-19 pandemic and fast pace of digital transformation in Africa, Ms Mwim and others review the cybersecurity policy implementation within South African health institutions, especially since cyber incidents both in African and the world have been observed against the public and private health sector. This paper also identifies possible cybersecurity risks and threats that confront healthcare institutions and examines the extent these challenges have been addressed. In addition, the shortcomings of cybersecurity implementation in South Africa are identified and recommendations are made in terms of cybersecurity governance, policy, education, and awareness to prepare for the imminent fourth industrial revolution by Prof Jansen van Vuuren from the Tshwane University of Technology. Dr Namosha Veerasamy makes critical contributions by providing a forecast on how threats will evolve and develop over time, particularly in the South African digital transformation context.

Dr Craig Gokhale, who untimely passed away in 2021, presents the results of a research study focusing on the Dark Web with the contribution entitled: “Dark Web Traffic Analysis of Cybersecurity Threats through South African Internet Protocol Address Space”. In this article, real cybersecurity threats on the Dark Web are collected and analysis of the results are meant to assist law enforcement agencies to combat cybercrime in South Africa. We trust that this work will also aid the implementation of the cybercrimes act of 2020 in South Africa and wish also to express our condolences to the Gokhale family. We hope that his written work will remind everyone of the good contributions that he has made to the R&D field in South Africa in a short space of time.

Dr van Heerden and Dr von Solms deal with the issue of cybersecurity skills shortage in South Africa, both in the public and private sector. They share some of the initiatives that support cybersecurity education, and one such initiative is the Cyber Security Challenge (CSC) hosted by the National Integrated Cyber Infrastructure System (NICIS) at the CSIR. In addition, results of the impact made by such an initiative which helps grow cybersecurity skills and knowledge are presented.

Lastly, Mr Muyowa Mutemwa presents a cybersecurity architecture that could support effective incident response. He presents the work by detailing Security Operations Centre (SOC) processes, people, and technologies. The main contribution from this article is the six-step process of handling a cybersecurity incident, which is a valuable contribution considering that “it's not a matter of IF, but WHEN” cyber incidents will happen.

The significance of the CSIR focused special issue of the Journal of Information Warfare is entrenched in length of time that the CSIR has been conducting research and technology development in Information and Cyber Warfare supporting different government stakeholders in South Africa and Africa. The CSIR has also successfully hosted the International Conference on Cyber Warfare and Security in 2008, 2015, and 2019.

We trust that you will find the research contributions in this special issue useful in guiding what needs to be done to protect against cyberattacks, to monitor and detect potential attacks, to respond and recover from critical national cybersecurity incidents, and ultimately to maintain cyber security resilience.

Dr Jabu Mtsweni
Head of Information and Cyber Security Centre
Council for Scientific and Industrial Research
South Africa