South Africa: Serious About Cyberwarfare

Uploaded on 2015-02-23 in NEWS-Cybersecurity News, GOVERNMENT-National

Shortly after 9/11, the South African government introduced measures to fight terrorism in the country, including a Bill allowing the monitoring and interception of communications. It became the Regulation of Interception of Communications and Provision of Communication-Related Information Act (Rica) of 2002. This replaced the Interception and Monitoring Prohibition Act of 1992, which did not deal adequately with technological advances.

Rica regulates interception of communications, including Internet traffic, making it illegal for communications to be intercepted except according to the Act. This provides for a designated judge to issue interception directions requested by the defence force, intelligence services or police, on crime-related or national security grounds and then interception directions are undertaken by the Office of Interception Centres (OIC). The Act requires all communications networks to be capable of surveillance. It places the obligation on all service providers to assist the state in monitoring and intercepting communications. It obliges service providers to store communication-related information at their own expense. All cellphone users must register their SIM cards and provide proof of residential address and identity numbers.

But, argues Privacy International, the grounds for issuing interception directions are too vague: the judge merely needs to be satisfied there are reasonable grounds to believe an offence has been, is being or will be committed. This may not be constitutional: it allows law enforcement officers to speculate. There is no provision in the Act for people whose communications have been intercepted to be informed once the investigation is completed, or if the judge turns down the application for an interception. A key flaw in South Africa's law is lack of public oversight. The public is provided with too little information to monitor whether the Act is achieving its intended results: to fight off genuine threats to national security.

Significantly, the Act does not cover intelligence from foreign signals, or intelligence derived from communication from outside South Africa, whether it passes through or ends in the country. These signals can be intercepted without a direction. These developments strongly suggest that South Africa is serious about developing its cyberwarfare capabilities, and is willing to put copious resources into this effort, in spite of the dubious reasons for doing so.

Jane Duncan is a professor in the department of journalism, film and television at the University of Johannesburg. This is an edited extract from her new book The Rise of the Securocrats: The Case of South Africa, published by Jacana Media            ein news    academia edu

« Big Money: The US Intelligence Budget
Understanding digital intelligence from a British Perspective »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Morgan Lewis Law

Morgan Lewis Law

Morgan Lewis is an international law firm with offices in North America, Europe, Asia, and the Middle East. Practice areas include Privacy and Cybersecurity.

Logpoint

Logpoint

Logpoint is a creator of innovative security platforms to empower security teams in accelerating threat detection, investigation and response with a consolidated tech stack.

National Institute of Standards & Technology (NIST) - USA

National Institute of Standards & Technology (NIST) - USA

NIST is a measurement standards laboratory, and a non-regulatory agency of the United States Department of Commerce. Areas covered include IT and cybersecurity.

National Cyber-Forensics & Training Alliance (NCFTA) - USA

National Cyber-Forensics & Training Alliance (NCFTA) - USA

NCFTA is a trusted alliance of private industry and law enforcement partners dedicated to information sharing and disrupting cyber-related threats.

Secude

Secude

SECUDE is an established global security solutions provider offering innovative data protection for SAP users.

Women in CyberSecurity (WiCyS)

Women in CyberSecurity (WiCyS)

Women in CyberSecurity (WiCyS) is a non-profit organization dedicated to the recruitment, retention and advancement of women in the cybersecurity field.

Rigado

Rigado

Rigado's mission is to enable commercial IoT success by providing high-performance secure and scalable wireless edge connectivity and network infrastructure.

CyPhyCon

CyPhyCon

CyPhyCon is an annual event exploring threats and solutions to cyber attacks on cyber-physical systems such as industrial control systems, Internet of Things and Industrial Internet of Things.

Depth Security

Depth Security

Depth Security assessment services provide organizations with real-world visibility into threats facing their infrastructure and applications.

Accolite Digital

Accolite Digital

Accolite is an innovative, design thinking software company that guarantees seamless digital experiences with maximum results.

Regulativ.ai

Regulativ.ai

Regulativ.ai is an innovative and comprehensive platform, driven by AI, to address the regulatory and compliance needs of Cyber Security Regulatory compliance and reporting.

Amvia

Amvia

Amvia is a fast-growing telecoms, Internet and Microsoft service provider. We supply voice, data and cyber security services to 100s of small and large companies.

ESC - Enterprise Security Center

ESC - Enterprise Security Center

ESC is a system house specializing exclusively in IT security - Security Implementation & Optimization, Operations, Managed Security Services.

Scrut Automation

Scrut Automation

Scrut Automation's mission is to make compliance less painful and time consuming, so that businesses can focus on running their business.

Aceiss

Aceiss

Aceiss empowers access security, providing unprecedented visibility and insights into user access.

TrustCloud

TrustCloud

TrustCloud is a global company specializing in the orchestration and custody of secure digital transactions including identification, signature, payments, and electronic custody.