Thursday, September 12, 2024

Fresh details heightens fears of a grey zone attack

Fresh information emerged last week reinforcing fears that Botswana may be under a grey zone attack.

In less than a month, two Botswana government departments have complained on what appears to be a grey zone attack Information Operation (IO).

The Minister of Transport and Communication Thulagano Segokgo revealed last week that Botswana is under incessant attacks on her digital information infrastructure.

He said the Computer Incidents Response Team (CIRT) tasked with cybersecurity strategy was witnessing incessant attacks.

Segokgo’s report comes three weeks after the Botswana Police Service complained to the Botswana Editors Forum about a disinformation and propaganda campaign launched against the Botswana government by non-state actors, some based in South Africa.

A grey zone attack is a below the radar offensive which does not cross the threshold of formalized state-level aggression.

In grey-zone conflicts, aggresors  rely entirely on unconventional tools and tactics, such as disinformation, propaganda, and cyberattacks  to render an opposing country ungovernable without engaging in open hostilities.

In the military context it is referred to as asymmetric, and non-kinetic in nature. This means it doesn’t follow a standard recognisable rule or doctrine of war. It doesn’t appear to have a clearly identifiable side and, to such an extent, state-based actors use proxies such as cut-outs and criminal organisations to conduct their objectives through a third party. This affords them deniability, cover and concealment, and obfuscation of their true intentions.

Speaking during the online launch of the National Cybersecurity Risk Assessment (NCRA), Segokgo disclosed that Botswana’s cyberspace was experiencing attacks from malicious actors.

“I am very sad to report to you that our CIRT is seeing a grim picture of non-stop attacks and attempted attacks on all of our Critical National Information Infrastructure (CNII),” the minister said.

Critical National Information Infrastructure (CNII) is crucial to the survivability of a nation. The destruction or disruption of these systems and communication networks significantly affect the economic strength, image, defense and security, government capabilities to function, and public health and safety. CNII is an attractive target for terrorists and hostile nations.

Segokgo said no sector was immune to the attcks that occur every day, minute by minute. “Sadly, these occurrences are happening in many instances, oblivious to you,” he said.

The Australian Army Research Centre  last year published a report,Futures Statement on Accelerated Warfare, warning that “state and non-state actors are using coercive means below the threshold of war to gain advantage and disrupt other actors. These ‘Grey Zone’ actions, combined with information operations and cyber-attacks, are increasing in intensity of competitive actions across diplomatic, information, military and economic elements of national power”.

Rattled by the apparent disinformation and propaganda campaign against the President Mokgweetsi Masisi administration, the Botswana Police Service Public Relations Unit met the Botswana Editors Forum last week to express their concern. Among the names that came up during the discussions was Daniel Kenosi, an incendiary online scribe currently on self-imposed exile in South Africa from where he has been taking pot shots at the Masisi administration. Kenosi’s South African residence status has been a subject of curiosity, spawning speculations that he may be a pawn in the apparent grey zone campaign.

Another name that came up in the disinformation campaign was Moeladilotloko, an online podcaster accused of inciting disturbances in Ntswe le Tau and the Central District.

Inciting negative public opinion and a sense of crisis are often the grey zone attackers most effective tools.  Although they did not say it in so many words, the Botswana Police Service were uneasy that amid the ongoing media feeding frenzy, mainstream journalists may find themselves unwittingly sucked into the disinformation campaign.

Botswana’s National Cybersecurity Strategy was approved by cabinet in October last year. As part of implementing the strategy, NCRA was launched for risk management within the executive management in both public and private enterprises.

Segokgo said, internet use has rapidly increased and contributed to the economy.

“The Statistics Botswana report indicates that household access to internet stood at 40.6% of the total population in 2014 compared to 63% in 2020,” the minister said. Segokgo added that mobile technology growth from 2018 to 2020 was 12% while mobile broadband was 34%,” he said.

The growth in the use of the internet in Botswana invites cybersecurity vulnerabilities and calls for repelling policies. The implementation ghosts which haunt Botswana were banished by Segokgo, as he implored the strategy’s success. “My wish is that this important strategy does not suffer the same consequences of poor implementation,” the minister said, referring to Botswana’s languid implementation.

The NCRA will include cybersecurity risk analyses that can be used to inform national cyber strategy development, capture requirements,  capability gap analysis, capability/capacity base-lining ‘health check’, progress monitoring and risk mitigation delivery.

CNII cyber risk assessment reports will identify the areas of concerns and suggest an appropriate mitigation plan as part of the NCRA.

Out of 180 countries, Botswana scored position 108 in the National Cyber Security Index (NCSI) as of February 2020.  In the Global Cybersecurity Index, the country was ranked number 87. For its ICT Development Index, the country was placed at position 105. Botswana’s Network Readiness Index was a fair number scoring position 101.

General cybersecurity indicators from the NCSI revealed that on a scale of one, Botswana has a weak cybersecurity policy development, scoring a one. The country only has a cybersecurity strategy and no policy unit, or policy coordination format, and a cybersecurity strategy implementation plan. For cyber threat analysis and information, Botswana scored zero out of 5. The NCSI bears that Botswana has no cyber threat analysis unit, and public cyber threat reports are not published annually. The country does not even have a cyber safety and security website.

The NCSI, developed by e-Governance Academy, measures countries’ level of cybersecurity and identifies the main fields of priority that need to be tackled to improve the status of cybersecurity. The index also provides an overview of countries’ preparedness to prevent and fight cyber-attacks and crimes.

RELATED STORIES

Read this week's paper