Lack of technical know-how and not adhering to proper security procedures by the government has cost South Africa millions in taxpayers money, a document leaked as part of Al Jazeera and The Guardian’s “Spy Cables” revealed.
Attributed to the National Intelligence Agency and dated October 2009, the document outlines numerous vulnerabilities and security breaches in the government between 2006 and 2009.
“The outcome of NIA investigations in the past year signalled a disconcerting trend of breaches in the security integrity of [information and communication technology systems],” it states before listing 6 cases.
Former Department of Foreign Affairs
A series of incidents at the former DFA where a scam to register ghost workers resulted in the state being defrauded of millions.
NIA said that since it found the issues at DFA numerous similar cases were reported, including at the Department of Health which was still being investigated at the time (Oct 2009).
Gauteng Shared Services Centre (GSSC)
In June 2009 there was a security breach at the GSSC involving 15 people — five of whom were employees who intended to commit fraud.
According to NIA, the plot entailed accessing the basic accounting system of the GSSC remotely and unobtrusively. This system processes all payments in Gauteng.
Department of Public Enterprises
In April 2009 NIA said it discovered eight malicious software applications downloaded to the laptop of a DPE employee.
“[This] constituted a threat not only to optimal functioning of DPE’s ICTs and its business processes, but also to the intellectual property residing in … e.g. Eskom, Denel, South African Airways, and Transnet,” NIA said.
Department of Sport and Recreation
An employee of the department tried to fraudulently transfer R13 million from it to his personal bank account.
“The system’s time-delay default prevented the transmission of the full amount, resulting in only R955,000 successfully transferred,” NIA said.
NIA said it conducted a two-year investigation into the Companies and Intellectual Property Registration Office with the police and South African Revenue Service.
Among the illegal activities it discovered was that employees were helping syndicates set up duplicate and counterfeit companies, or replacing directors of companies with stolen identities.
These duplicate companies or fake directors were then used to re-route money intended for the legitimate company by informing clients bank details had been changed.
In 2010 the Sunday Times reported investigators had found corruption at CIPRO funded terrorism around the world.
Civil Aviation Authority
In August 2009 pilot examination papers were stolen from the CAA by someone getting unauthorised electronic access to the agency’s computer systems.
NIA said it was clear there are many challenges in improving security in government departments.
“One of the initiatives to rememdy the situation is the envisaged replacement of the [Minimum Information Security Standard] with the National Information Security Regulations (NISR).”
“The NISR is underpinned by a proper legislative foundation, in terms of the Protection of Information Act, and is intended to address specific deficiencies in the MISS.”