South Africa: Serious About Cyberwarfare

Uploaded on 2015-02-23 in NEWS-Cybersecurity News, GOVERNMENT-National

Shortly after 9/11, the South African government introduced measures to fight terrorism in the country, including a Bill allowing the monitoring and interception of communications. It became the Regulation of Interception of Communications and Provision of Communication-Related Information Act (Rica) of 2002. This replaced the Interception and Monitoring Prohibition Act of 1992, which did not deal adequately with technological advances.

Rica regulates interception of communications, including Internet traffic, making it illegal for communications to be intercepted except according to the Act. This provides for a designated judge to issue interception directions requested by the defence force, intelligence services or police, on crime-related or national security grounds and then interception directions are undertaken by the Office of Interception Centres (OIC). The Act requires all communications networks to be capable of surveillance. It places the obligation on all service providers to assist the state in monitoring and intercepting communications. It obliges service providers to store communication-related information at their own expense. All cellphone users must register their SIM cards and provide proof of residential address and identity numbers.

But, argues Privacy International, the grounds for issuing interception directions are too vague: the judge merely needs to be satisfied there are reasonable grounds to believe an offence has been, is being or will be committed. This may not be constitutional: it allows law enforcement officers to speculate. There is no provision in the Act for people whose communications have been intercepted to be informed once the investigation is completed, or if the judge turns down the application for an interception. A key flaw in South Africa's law is lack of public oversight. The public is provided with too little information to monitor whether the Act is achieving its intended results: to fight off genuine threats to national security.

Significantly, the Act does not cover intelligence from foreign signals, or intelligence derived from communication from outside South Africa, whether it passes through or ends in the country. These signals can be intercepted without a direction. These developments strongly suggest that South Africa is serious about developing its cyberwarfare capabilities, and is willing to put copious resources into this effort, in spite of the dubious reasons for doing so.

Jane Duncan is a professor in the department of journalism, film and television at the University of Johannesburg. This is an edited extract from her new book The Rise of the Securocrats: The Case of South Africa, published by Jacana Media            ein news    academia edu

« Big Money: The US Intelligence Budget
Understanding digital intelligence from a British Perspective »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

ComSec LLC

ComSec LLC

ComSec perform threat assessments to identify vulnerabilities and help protect businesses against corporate espionage via electronic eavesdropping.

ISTQB

ISTQB

ISTQB has defined the "ISTQB Certified Tester" scheme that has become the world-wide leader in the certification of competences in software testing.

Organization for Security and Co-operation in Europe (OSCE)

Organization for Security and Co-operation in Europe (OSCE)

OSCE is the world's largest security-oriented intergovernmental organization. Areas of activity include Cyber/ICT security.

Secon Cyber Security

Secon Cyber Security

Secon Cyber Security is an Advanced Managed Security Services Provider with long standing experience of providing cyber security solutions to customers ranging from small to large enterprises.

Osirium

Osirium

The Osirium PxM Privileged Access Management platform addresses both security and compliance requirements by defining who gets access to what and when.

Blockchain Solutions

Blockchain Solutions

Blockchain Solutions Limited is a technological One Stop Solution provider, for Blockchain technology.

BCN Group

BCN Group

BCN Group is an agile IT solutions provider. We are experts in delivering and managing business-critical technology solutions.

Infiot

Infiot

Infiot is a pioneer in enabling secure, reliable access with zero trust security, network optimization, edge-intelligence and AI driven operations for all remote users, devices, sites and cloud.

Persona

Persona

At Persona, we’re humanizing online identity by helping companies verify that their users are who they say they are.

TPx Communications

TPx Communications

TPx is a leading managed services provider offering a full suite of managed IT, unified communications, network connectivity and security services.

DEKRA

DEKRA

DEKRA’s promise is to ensure the safety of human interaction with technology and the environment.

FusionAuth

FusionAuth

FusionAuth is the customer authentication and authorization platform that makes developers' lives awesome.

InfoTrust

InfoTrust

InfoTrust is a leading specialised cybersecurity practice that combines a customer-first consulting approach with next-generation security solutions.

StepSecurity

StepSecurity

StepSecurity provides a comprehensive security platform for GitHub Actions.

Foghorn Consulting

Foghorn Consulting

Foghorn can analyze your cloud to enhance performance and security, while reducing costs. Based on AWS’ 6 Pillars, our AWS WAFR Certified Engineers Will Identify Areas of Improvement.

Ark Infotech

Ark Infotech

Ark Infotech is a provider of cloud management services, selective support services, and technology solutions.