Wednesday, November 29, 2023

Security threat DIS boss described last month is more than three years old

That there is no hurry in Botswana is a truism that is reflected in daily public life but that this also involves matters related to national security should be of grave concern to everybody.

Three years ago, then Kanye South MP, Abram Kesupile, asked then Minister of Justice, Defence and Security, Shaw Kgathi, about incidences of cyber-attack/crimes reported in the country and the source of such attacks. Kesupile directed the question to this particular minister because from a common-sense perspective, cyber security is the responsibility of the Ministry of Justice, Defence and Security. However, Kgathi re-directed the question to then Minister of Transport and Communications, Kitso Mokaila, who, in his response, stated that “We do not have a centralised point where we coordinate this.”

That was August 2017 and appearing before the parliamentary Public Accounts Committee late last month, the Director General of the Directorate of Intelligence Services and Security, Brigadier Peter Magosi, gave clear indication that there is still no centralised point where national cyber security is coordinated. Worse, there is no cyber security to speak of.

“The entire system in Botswana is vulnerable,” Magosi told the PAC. “If anybody decides to hit DIS, DIS will go dark. If anybody hits the Botswana Defence Force, the same will happen, so is the Ministry of Transport and Communications and even the Independent Electoral Commission and we will be doomed.”

Odder still is that while parliament itself was made aware of this security gap some three years ago by one of its own with expertise in security matters, it has still not taken action to close it.

Three weeks before Kesupile asked his question, then Gabane-Mankgodi MP, Pius Mokgware, had raised alarm Botswana’s readiness to deal with cyber security warfare.

“I don’t think that we have adequate cyber security capabilities,” said Mokgware, who held the rank of major general at the time he retired from the army and has taught security studies at the University of Botswana.

The first problem he identified with Botswana’s cyber security was that the country doesn’t have “well-trained” IT experts. Indeed, a report produced by the Botswana Training Authority (which has been renamed the Botswana Qualifications Authority) identifies a “skills gap” in the IT sector. To get around this problem, Botswana has had to recruit foreign experts which, as Mokgware noted, is not ideal from a cyber security standpoint. In 2009, a parliamentary question revealed that the central bank’s IT manager was a Zimbabwean national. The second problem relates to the high rate of staff turnover in the sector which makes it almost impossible to develop institutional capacity. The third problem is that the different agencies in Botswana’s security sector are not marching in lockstep. In one respect, this means that they are not cooperating on issues of cyber security.

“This situation necessarily means that we don’t have a credible cyber security system that can repel enemy attack,” said General Mokgware three years ago to describe a problem that last month, Brigadier Magosi said Botswana is still living with.


Read this week's paper