Hardly a month after a security expert MP raised alarm about Botswana’s readiness for cyber warfare, it has emerged that it is the Ministry of Transport and Communications ÔÇô and not that of Defence, Justice and Security ÔÇô that is responsible for cyber security. Kanye South MP, Abram Kesupile, considered cyber security to be the responsibility of the Ministry of Justice, Defence and Security and so asked its minister, Shaw Kgathi, about incidences of cyber-attack/crimes reported in the country and the source of such attacks. At a point where he expected an answer, Kgathi told him – on the floor of parliament, that the “question has been re-directed to the Ministry of Transport and Communications.”
From what Minister Kitso Mokaila said in his response, some would be alarmed by the almost casual manner in which Botswana handles cyber attacks, some of which could shut down critical infrastructure like hospitals. “Between 2015 and 2017, we had 12 cyber-related cases being pornography, website defacement and ransonware threat,” the minister said. “We didn’t have cyber attacks that were reported to the police until the ‘wannacry’ attack which happened in 2017. We do not have a centralised point where we coordinate this. It is the intention of the ministry to create that particular unit, but we have a draft strategy that we will be bringing to parliament in the near future.”
Three weeks ago, the Gabane-Mankgodi MP, Pius Mokgware, raised alarm Botswana’s readiness to deal with cyber security warfare. “I don’t think that we have adequate cyber security capabilities,” said Mokgware, who held the rank of major general at the time he retired from the army and has taught security studies at the University of Botswana. The first problem he identified with Botswana’s cyber security is that the country doesn’t have “well-trained” IT experts. Indeed, a report produced by the Botswana Training Authority (which has been renamed the Botswana Qualifications Authority) identifies a “skills gap” in the IT sector.
To get around this problem, Botswana has had to recruit foreign experts which, as Mokgware noted, is not ideal from a cyber security standpoint. The second problem relates to the high rate of staff turnover in the sector which makes it almost impossible to develop institutional capacity. The third problem is that the different agencies in Botswana’s security sector are not marching in lockstep. In one respect, this means that they are not cooperating on issues of cyber security.
“This situation necessarily means that we don’t have a credible cyber security system that can repel enemy attack,” Mokgware said. It seems there is a fourth problem: that the Ministry of Defence, Justice and Security which is statutorily mandated to deal with security issues, has outsourced cyber security to the Ministry of Transport and Communications – which has no such mandate. Not only do the two ministries not work together on this issue, the Ministry of Transport and Communications does “not have a centralised point where we coordinate this.”