Cyber-attack attempts against Eskom have declined during the recent easing of electricity supply curbs. (Sean Gallup/Getty Images)
- Attempted cyber attacks against Eskom have declined in recent months.
- Eskom's chief information security officer said some of the attacks may have been the result of residents unhappy with electricity rationing.
- The threat of cyber attacks to critical infrastructure is increasing.
- For more financial news, News24 Business homepage.
Since the easing of electricity supply restrictions enjoyed by the country, attempted cyber attacks on Eskom’s systems have declined.
This was according to Eskom's chief information security officer, Sithembil Songo, who told News24 on the sidelines of Gitex Africa, a tech and start-up conference in Morocco last week, that cyber attacks on Eskom's systems had decreased over the past three months.
Songo was taking part in a panel discussion at the conference on protecting critical infrastructure from digital threats.
Songo said the majority of cyber attacks against Eskom were distributed denial of service (DDOS) attacks, which attempt to flood a server, service or network with internet traffic in an attempt to disrupt its normal operation.
DDOS attacks can be carried out by large, sophisticated malicious actors or individuals with extensive knowledge of computer systems. DDOS attacks are typically aimed at affecting the availability of a service.
Songo suspects many of the attacks were carried out by residents frustrated by electricity rationing.
She said Eskom's increased reliance on digital systems made cyber resilience at the company even more important.
“The cyber threat landscape is changing and becoming more severe. Why? Because the attack surface has expanded. Before there were only a few power plants, now there are more power plants due to decentralization. There is more data and more networks that need to be monitored,” she said.
Songo, who took up his role at Eskom two years ago, said Eskom had increased its investment in cybersecurity systems by more than 100 per cent since he joined.
Eskom's chief information security officer Sithembile Songo and Sasol's chief information security officer Ishaq Jacobs spoke during a panel discussion at the Gitex Africa technology conference. (William Brederood/News24)
She acknowledged that when she took over, the utility was vulnerable to DDOS attacks, had a vulnerable email system, and had a manual system for investigating incidents.
He said the company had recently deployed artificial intelligence tools as part of a layer of defence to improve visibility across Eskom's systems, significantly improving its ability to respond to incidents.
“There is no correlation.”
Songo acknowledged that the volume and sophistication of cyber attacks has increased in recent years.
She said there had been an increase in attempts to install malicious software, known as malware, on Eskom's systems.
“We've seen so many ransomware attacks in the past year, and that's because there's what's called 'ransomware as a service,' where you can just buy the ransomware and launch an attack without even needing to be an expert.”
Responding to questions, international cybersecurity provider Kaspersky told News24 that its systems detected 3.6 million internet-borne threats on users' computers between January and March this year.
Notably, ransomware Trojans, a form of cyber extortion, increased 189% year-on-year, according to the company.
Songo said the team responsible for protecting Eskom from cyber attacks only has around 30 people.
“My team is nearly 30 people, but we have around 44,000 users. [30] There is no correlation when we have to house over 40,000 people.
“Needless to say, there is a global shortage of cybersecurity skills and we are not immune to that,” she said.
precedent
The impact of cybercrime on critical infrastructure was made clear in July 2021 when Transnet was hit by a cyber attack, forcing the logistics operator to declare force majeure.
Sasol chief information security officer Ishaq Jacobs, who also spoke on the Gitex panel, explained that the hack, which took down the digital systems of a number of Transnet ports, had hit companies including Sasol hard.
Transnet was forced to revert operational systems at the port to manual and declared force majeure after failing to fulfil its contractual obligations during the said period.
Read | Transnet declares force majeure at South African ports following cyber attack
“In South Africa and Africa, the consequences could be very disastrous,” he said.
Jacobs explained that organizations must be prepared to respond to cyber incidents because they will inevitably affect them at some point.
News24 visited Morocco for the Gitex Africa conference, the trip was sponsored by event organisers Kaoun International and Gitex Africa.
