The South African National Defence Force (SANDF) is just as vulnerable to cyberattacks as any other entity or organisation. To prevent or mitigate cyberthreats, the SANDF must increase cybersecurity awareness among its military officers, offer them appropriate training and education, and purchase the required technology.
“Cybersecurity awareness is necessary for transforming not only the SANDF's organisational culture concerning how technology is embraced, but also how threats are perceived and eventually mitigated," says research psychologist and cybersecurity awareness training specialist Dr Kyle Bester.
Bester recently obtained his doctorate in Military Science at Stellenbosch University. The topic of his thesis was “Exploring the views and perceptions of cybersecurity among South African military officers".
Bester says he explored military officers' views and perceptions of cybersecurity as these could provide insight into how the SANDF promotes cybersecurity awareness and mitigates threats.
As part of his study, Bester interviewed senior-ranking officers who were enrolled for a professional military developmental course at the South African National Defence College. He also asked students at the South African Military Academy and the South African National War College to complete a questionnaire that captured their views on information sharing, security orientation, cybersecurity awareness, and cyberculture.
Bester says the military officers were aware of cyberthreats that could harm the SANDF and have adapted their offline and online security behaviour appropriately.
“They were of the view that it was not safe to share organisational information on social media platforms as this may put the SANDF at risk of cyberattacks. They also felt that their personal information was important, which might imply that the ill-considered exchange of personal data in cyberspace might leave them vulnerable to being exploited.
“They were aware of the importance of information security and the consequences associated with a lack of compliance with cybersecurity guidelines in the organisation.
“Information sharing practices were identified as an area of concern, as the information about threats may not necessarily be filtered through all the ranks in the organisation which could make it difficult to identify and respond to them efficiently."
The participants also emphasised the need for education and training to create cybersecurity awareness across the organisation, adds Bester.
According to him, knowledge of and training in cybersecurity threats would influence how military officers interpret and adjust their online security behaviour.
“It could be difficult to implement a uniquely tailored cybersecurity education training programme suited for the various security levels in the organisation because of the SANDF's continued budgetary constraints."
In addition to education and training, the participants also indicated a need for more efficient software and technological tools to deal with cybersecurity threats in the SANDF, says Bester.
“Some also felt more attention should also be paid to best practices and policy guidelines on cybersecurity in the organisation."
Bester points out that the SANDF does realise the importance of cybersecurity, especially since it engages in cyber-surveillance together with law enforcement agencies and intelligence services.
He says the military has an interest in cyberspace as it allows for the identification of internal and external countermeasures, as well as increasing opportunities to achieve greater resilience against threats, thereby extending operational activities and protecting its own interests and maintaining national cybersecurity.
“It is, therefore, of key importance for all military personnel to remain informed about relevant security risks and possible threats they might encounter in a professional or personal context. They are key for maintaining cybersecurity in the SANDF, as well as for employing policies and directives.
“Increased cybersecurity awareness is paramount because military officers are vulnerable to being misled or even forced by nefarious online actors to share sensitive information about operational activities. They could also create involuntary or voluntary points of access for malicious software through which these actors could enter the SANDF's network."
Consequently, further emphasis should be placed on exploring military officers' perceptions concerning cybersecurity as the human component has already been identified as the main vulnerability in managing security, concludes Bester.