Collaboration in a Borderless War

Dr. Jabu Mtsweni is manager of the Information and Cyber Security Research Centre at the Council for Scientific and Industrial Research (CSIR) in Pretoria, South Africa. Mtsweni spoke to ADF about the types of cyber threats African countries face and how they might better prepare to address them. His remarks have been edited to fit this format.

ADF: Please share a little about your background in cybersecurity issues, such as your education and training.

Mtsweni: My background is in computer science, my undergraduate qualification as well as postgraduate, and my Ph.D. includes computer science, but not focusing on cybersecurity initially. I started getting involved or specializing in cybersecurity around 2014. But I have worked in various cybersecurity aspects in small ways since 2003 or so. I have been involved in a number of initiatives like leading a group of researchers — about 15 of them — with a strong focus on supporting the military on the issues of cyberwarfare and building capabilities. Now I support a much bigger team — about 70 people — where we focus on supporting the Department of Defence in South Africa and in other countries, but dealing with the issues of cybersecurity in general in the public sector as well as in the private sector. 

ADF: Briefly explain what CSIR does and your function as manager of the CSIR Information and Cyber Security Research Centre.

Mtsweni: The CSIR is a national government enterprise, which solely focuses on research and development in various socioeconomic domains — it could be water, it could be energy, it could be environment, it could be health, the issues of safety and security, the issues of logistics, the issues of smart places, ICTs [information and communications technologies]. My specific area of focus is obviously in defense and security, where I am leading the Information and Cyber Security Research Centre, where our core focus is about researching and innovating on new ways of protecting ourselves and our organizations and military, as well as building some technologies in a prototype form and then commercializing some of our local IP [intellectual property].

ADF: What is the single biggest and most prevalent cybersecurity threat on the African continent, and how should nations be addressing it?

Mtsweni: I think the biggest threat is obviously the risk to the sovereignty of countries from the digital space point of view. In other words, where the sovereignty of countries’ digital space is compromised, whether through data breaches, through the issues of ransomware, and through the theft of IP, the intellectual property, or sensitive information from the nations in Africa. That threat is big because in geopolitics it’s also about influence, where different countries may want to influence politics or any other thing in Africa. So the issues of data and information being stolen or being compromised becomes the biggest threat in Africa.

The key activity or action that African militaries need to take is about building capabilities from cyberspace. And when we talk about building these capabilities, we are not just talking about technology only; we are not only talking about data. But we are talking about the whole spectrum, where people are capacitated to understand the cyber domain; it’s just like training people to maybe guard airspace or to guard land or sea. We need to drive that capability of empowering or capacitating our forces to be able to understand the cyber realm.

We also need to put processes in place from the policy point of view and have cyber strategies that are going to proactively deal with some of these threats. We need to understand our data. Countries need to understand what it is that they are protecting, because it is very difficult to protect what you don’t understand. If you compare it to land, air and maybe sea, it is very easy to pinpoint the assets that you are protecting, but in cyberspace the realm is a bit wider, so the scope is a bit wider. So we need more awareness, but also more and more training. And of course we need the resources and tools that could aid us to be able to protect ourselves and to be able to detect threats when they are emanating from cyberspace.

ADF: In what ways, if any, does the CSIR or any of its divisions advise and assist the South African National Defence Force on these types of cybersecurity issues you’ve been talking about?

Mtsweni: The CSIR is what we call an independent smart buyer, smart user advisor for a number of government entities, and within the military space and particularly information and cyberwarfare, we play a very critical role. For example, this includes building prototypes for the military so that we can better understand how some of these capabilities can be available for use in a real-life environment. We do a lot of research and development for them so that they can understand the threat landscape. We also do a lot of work in terms of advising them on some of the technologies that they should use or not use, how they can protect themselves from the various threats that are in the cyberspace, and then, obviously, supporting them in building some of these capabilities in order to protect the country and its citizens.

There are a number of examples, but much of the work is classified, so I can’t really speak about specific work or projects per se, but I can speak generally. In terms of training we have supported the military, and there are a number of forces that have been trained, capacitated through the CSIR to deal with issues in cyberspace. We have assisted the military to also understand the importance of setting up its own infrastructure. And now and again, we are called upon and they would ask us to advise them on various matters that concern their domain. 

ADF: More broadly, what should African countries be doing to ensure that their critical national infrastructure, such as the electric grid and water supply, are protected from cyberattacks? 

Mtsweni: I think one of the key things we did on the African continent, but clearly in the African defense space, is the issue of collaboration. I think when it comes to cyberspace, the military from one country to another generally would not work together unless they are fighting against the same enemy. But within cyberspace I think that collaboration becomes very, very key. Why is it important? Because the threats are almost the same in cyberspace and when we collaborate, we can then be able to share threats.

The other thing that is key is the issue of situational awareness. It is difficult to protect what you don’t know or to react to incidents that you do not see. So it’s important for them to have that situational awareness through buildings, structures such as your national cyber incident response centers or computer security response teams. Over and above that, having real policies that mandate or clarify what the military needs to do or not because in the cyber domain, you have the civilian side, you have the nation-state side and then also the private sector side. 

So just to summarize, in an African context: It’s about collaboration, it’s about situational awareness, and it’s about building this capability that I’ve been talking about, and then over and above that it is about the African countries’ structures such as the African Union having these threat-intelligence sharing units just like what Interpol does. I think the militaries in Africa could be having something like that, but over and above just collaborating on their own, we need to also collaborate with other nations in Europe, in the U.S., because I think it’s important that we have allies and partners. 

ADF: A few countries have created cyber commands or emphasized cyber training within the military. Do you think cybersecurity needs to be a greater point of emphasis within African militaries? What more specifically should militaries be doing to that end? 

Mtsweni: I think that the emphasis on cybersecurity is very important, and I think it is emphasized or made important by the fact that we have already seen a lot of nation-state attacks. And we have already seen a lot of breaches in Africa that are purported to have been instituted by foreign countries. Even in South Africa we have lost some intellectual property — for example, the design of a military plane through cyberattack. So it is very important to have these capabilities, and not just in documents, but in the operational, including the training of the people. There are a few countries that have strong cyber defense — and by defense, I mean offensive and defensive. So we need to get to that because it’s also about building our own tools, because if you look at the U.S. they have their Cyber Command, but they are constantly doing R&D [research and development], building their own tools for defense and for attack when it is necessary.  

ADF: We’ve spoken quite a bit about training in broad terms, but there’s also training on a micro level, that is to say with individual troops. To that point, what specific training or principles should be incorporated into training for all military and security forces to ensure that they have the basic understanding of meaningful and effective cybersecurity practices?

Mtsweni: I think the generic training is obviously understanding networks, because if you don’t understand the technology it’s going to be very difficult for you to either protect or attack it. And the second thing is about training them in just basic cybersecurity awareness. Because if somebody is not aware what threatens the tools that they are using, it could be a problem. So just the basic principles, the use of social media by the military forces, the use of these various technologies, and mobile devices and so on because once they have their awareness, they can then understand what the threats are and how scalable those threats are. 

ADF: State-backed cyberattacks are now a reality in Africa. We’ve seen government agencies hit by ransomware and private businesses hit by foreign-backed hacking in recent years. How concerned are you about states using cyberattacks as a tool of war, and do you think we will see more of it in Africa in coming years? 

Mtsweni: Cyberattacks used as a tool of warfare between nations are on the rise, they are increasing. And sometimes it is also used by just a nation alone, just political parties attacking each other using some of these tools. And definitely we are seeing more of it in Africa. We are seeing it particularly now with social media and a lot of access to technology.

One thing about this question that I wanted to bring forth is that cybersecurity is about power. Those who have tools, those who have people, those who have capability, they are able to then institute some of these attacks. Then you have the ones who do not have [capabilities] in the cybersecurity space, and those are the powerless; they may not be able to respond. So it’s important that African countries prepare themselves for holistic, comprehensive cyber defense capabilities.

ADF: Extremist groups have been using the web for recruitment and spreading propaganda for years, but is there any evidence that extremist groups are trying to use cyber capabilities to launch attacks like ransomware or other types of attacks on the African continent? Is this something countries should be concerned about?

Mtsweni: I think in Africa there is limited use of cyberwarfare tools by extremist groups, but there are incidences even though they are scarce and sparse. In terms of the ransomware, I don’t have much evidence of it, but we have seen extremist groups … targeting governments, and in South Africa we have seen that happening a lot. For example, the Department of Justice was attacked and Transnet was hacked as well, and this was through ransomware, and some of them we may not know because they might not necessarily say, but we are closely looking at this and we see them happening.

ADF: With regard to extremist groups like Boko Haram or al-Shabaab, are you seeing any evidence that those types of groups are going beyond just recruiting on the web and actually weaponizing cyber capabilities to further their jihadist or extremist or political ends?

Mtsweni: I think there is definitely evidence, although it’s limited. But let’s just take a typical example of social media, right? If you look at social media as a cyber tool … it could be used by these extremist groups, so we see them using your deepfakes, using your social media to spread fake news. Because in our context the issue of spreading fake news is also another way of psychological operations if you look at the mental point of view because it’s about influencing people, it’s about pushing propaganda, it’s about changing the narrative. And we see that the use of social media as a form of digital attack is growing in Africa.

In terms of them using the hardcore cyber tools, there’s not that much evidence, but for communication and for the psychological operations attack we see that they’re very strong, particularly in promoting these various conspiracy theories.

ADF: Is there anything else you’d like to mention that I have not asked you about?

Mtsweni: Definitely, cyber terrorism has an impact on human security, and I think the military, including the law enforcement agencies, have a high role to play as we become more digital. It’s important that we build capabilities and we are prepared. Because it’s not a matter of if, but it is a matter of when.