SMART TECH: OP-ED
Not so smart to be smitten by new technology
South Africa needs the staff, expertise, training, funding and the political will to implement legislation and policies to mitigate the threat of harmful cyber-attacks.
Smart has become entrenched as a buzzword. Smart cities, smart devices, smartphones – all of it packaged under the Fourth Industrial Revolution (4IR) banner – the technological nirvana driven by unprecedented digital speeds that promises to transform the way we live.
So, when State Security Minister Ayanda Dlodlo and her deputy declared publicly last week that their smartphones had been “cloned” it was nothing short of embarrassing. This should surely serve as a wake-up call to the government and its international partners that the new “smart” age brings with it considerable risks.
President Cyril Ramaphosa is a digital evangelist. As well as promising to reduce data costs and speed up the process of ushering in 5G technology, he raised the prospect again in this year’s SONA of a Smart City just outside Lanseria ( a new “digital dorp”) which will be home to half a million people within the next decade.
More importantly perhaps, is the hope that this new digital ecosystem will be a “driver of growth and a creator of employment”, at a time when unemployment remains stubbornly high. We are already seeing this brave new world take shape with home-grown digital startups offering everything from early warning fire detection systems for South Africans living in townships to forecasting, medical diagnostics and security tracking services.
But for the government to future-proof the economic gains that mass digitisation promises, it has to act now to take stock of some of the very real threats.
Analysts estimate that there are about 570 cyber-attacks in South Africa every hour. Some may be unintentional (for instance, caused by vulnerabilities in old software), others not. With greater access to technology and millions more phone subscribers coming online every year, the need for a concerted effort to make us all more digitally literate cannot be overstated. But it is only part of the solution.
At the global level, self-protection measures include ensuring that South Africa’s leaders help to set the terms of the rules-based system in which cyber operates, ensuring that it’s not weaponised or used as a tool to undermine state sovereignty. South Africa is already helping to shape those rules in a number of high-level UN forums alongside other partners such as Kenya and Morocco.
At state level, it means injecting a sense of urgency across all arms of government that simply having a National Cyber Policy Framework is not enough. There needs to be staff, expertise, training, funding and the political will to implement legislation and policies to mitigate the threat of harmful cyber-attacks.
And it means working more closely with the private sector to fortify South Africa against cyber abuses. Not simply attacks from other states, but attacks from opportunistic criminals who are increasingly exploiting the country’s well-developed financial infrastructure to extract personal data, deny access to online services and extort ransoms from businesses and private individuals.
In the past, technological innovation was largely the monopoly of the state. GPS and satellite technology were initially developed for military use, but access to new technology is increasingly becoming democratised, decentralised and more affordable. That makes it harder to control. It also represents a power shift in favor of the big tech companies who are helping to shape the future of how society functions. That power may need to be checked with new regulatory regimes and codes of conduct which aim to define the limits of digital power. It may also require political pragmatism, with new models of public-private cooperation.
What that means is that private sector innovation and technology will inevitably become part of many countries’ defence strategies, as states lack the capacity and the know-how to protect themselves from digital abuses. That may prove an uncomfortable reality for those who believe that cybersecurity in its broadest sense should remain the concern of the security services.
We need to prioritise cyber resilience now, because when combined with other technologies such as artificial intelligence, and the Internet of Things, faster speeds and ever-increasing amounts of data wafting through cyberspace, the government’s ability to react swiftly when things go wrong is limited – despite some very dedicated individuals in government seeking to fortify our cyber defences.
Algorithms are already outrunning human beings. When the alarm is sounded in response to an abuse of cybersphere that delivers, for example, fake intelligence and fake news, manipulates election processes, constructs deep fakes, (altered video images) and whips up extremist sentiment, the damage has often already been done.
Indeed, election management bodies from across Africa have been meeting in Cape Town this week to discuss how to defend themselves more robustly against attempts to undermine elections by those hijacking social media platforms to peddle disinformation.
So, in practical terms what to do?
Recent discussions between the Institute for Security Studies (ISS) and policymakers suggest more grassroots initiatives, such as public awareness campaigns, could go a long way in helping to ensure South Africa reaps the rewards rather than falls victim to the perils of new digital technologies. That means public education campaigns with clear simple messages – not unlike the HIV/AIDS public awareness campaigns that led to the Treatment Action Campaign (TAC) being heralded internationally as one of the most impactful civil society organisations to date.
It also means more collaboration and confidence-building measures between the private sector and government, to identify potential areas of common interest. And it means ensuring that being cyber-savvy becomes imprinted in our national DNA, such that when a dubious link arrives on your smartphone, tablet, or laptop, the urge to simply “click” is resisted.
Mitigating the risks costs money. In South Africa, where other priorities compete for limited funds, digital security may seem like a “nice to have”.
But unless the government ups its game and adopts a more pragmatic approach to working with the private sector and partnering with other African states seeking to fortify themselves against cyber intrusion and harness the benefits of new tech, the “cloning” of ministers’ phones may seem like “small beer” compared to what could come. DM