South Africa creates database of security specialists as it recovers from major cyberattack

Employment and Labor Minister Thulas Nxesi said the government plans to boost its cybersecurity capabilities.

Responding to a recent parliamentary question-and-answer session, Nxesi said the Ministry of Civil Service and Administration has established a Standing Committee on Information Systems Security (SCISS), where all ministries are represented to discuss information security and cybersecurity issues.

“The SCISS has devised an initiative to share resources and transfer skills between departments in the area of ​​cybersecurity.

“The initiative is still in its early stages, where a database of cybersecurity specialists in the public sector is being developed,” he said.

“Inside information security staff have also subscribed to other smart global threat security institutions, namely Microsoft-Security Slate, Center for Internet Security (CSI) and Hackers Choice, where we receive regular information on ICT security, newsletters, information on vulnerabilities, viruses and data privacy breaches of which the ministry should be aware.

Major attack

The government’s IT capabilities have been called into question in recent weeks after a cyber attack on Transnet’s IT infrastructure slowed activity in South African ports.

The State Railways and Ports Corporation has been affected by a ransomware attack on July 22, resulting in the shutdown of its computer systems.

The company told staff not to use laptops, desktops and tablets connected to the Transnet domain and not to access work emails from their personal devices.

Transnet declared force majeure July 27. Force majeure is a clause common to contracts which releases all parties from any liability when an extraordinary event occurs.

Information security firm Crowdstrike said the ransomware note found on Transnet’s systems was similar to others they had seen the past few months.

It is linked to strains of ransomware known as “Death Kitty,” “Hello Kitty,” and “Five Hands,” said Adam Meyers, vice president of intelligence at Crowdstrike.

These strains were recently found targeting the Polish video game maker RED Project CD and exploitation of security vulnerabilities in SonicWall products.

The attack on Transnet led to a virtual halt in operations at its container terminals. With its computer systems at a standstill, Transnet had to fall back on manual systems to manage incoming and outgoing vessels and the movement of containers.

Read: New rules will impact tech companies in South Africa – what you need to know

Previous Brisbane Airport's export park to acquire a new industrial site - Airport World
Next WHO calls for moratorium on COVID booster injections in richer countries - Orange County Register