There has been a decrease in the volume of attempted cyberattacks on Eskom during the most recent period of load shedding relief. (Sean Gallup/Getty Images)

• There have been fewer cyberattack attempts on Eskom in recent months.
• Eskom’s chief information security officer said that some attacks may have been from citizens disgruntled by load shedding.
• The threat posed to critical infrastructure by cyberattacks has been growing.
• For more financial news, go to the News24 Business front page.

Eskom has seen a reduction in the volume of attempted cyberattacks on its system since the reprieve from load shedding that the country has enjoyed.

This is according to Eskom’s chief information security officer Sithembile Songo, who told News24 on the sidelines of the Gitex Africa tech and startup conference, which was held in Morocco last week, that there had been fewer cyberattacks on Eskom systems in the past three months. 

Songo participated in a panel discussion at the conference about protecting critical infrastructure from digital threats.

Songo said that the majority of cyberattacks on Eskom are distributed denial-of-service (DDOS) attacks. These attacks flood a server, service, or network with internet traffic in an attempt to disrupt its normal operation.

A DDOS attack could be performed by large, sophisticated bad actors or individuals with good knowledge of computer systems. DDOS attacks are generally meant to affect the availability of services.

Songo suspects that many of the attacks were being perpetrated by citizens who were disgruntled by load shedding.

She said that Eskom’s increased reliance on digital systems had made cyber-resilience more important at the utility. 

“The cyber-threat landscape is moving and becoming even more significant. Why? Because we have expanded the attack surface. In the past, there used to be a few power stations, but now, because of decentralisation, there are a number of power stations. There is more data, there are more networks that need to be monitored,” she said.

Songo, who took up her role at Eskom two years ago, said that Eskom had increased its investment in cybersecurity systems by over 100% since she joined.

Eskom’s chief information security officer, Sithembile Songo, and Ishaaq Jacobs, the chief information security officer at Sasol, spoke during a panel discussion at the Gitex Africa tech conference. (William Brederode/News24).

She admitted that the utility was vulnerable to DDOS attacks, had a vulnerable email system, and had a manual system for investigating incidents when she arrived.

She said the utility recently deployed an artificial intelligence tool as part of its layers of defence to help provide visibility over the wider Eskom system, which has ushered in significant improvements in its capacity to respond to incidents.

‘Doesn’t correlate’

Songo acknowledged that the volume and sophistication of cyberattacks have been growing in recent years.

She said there had been an uptick in attempts to install malicious software, known as malware, onto Eskom systems. 

“Over the past year, we saw quite a lot of ransomware attacks. That is because we have what is called ‘ransomware as a service’, where you can just purchase ransomware and you don’t even have to be an expert – you can just launch those attacks.”

In response to questions, international cybersecurity provider Kaspersky told News24 that its systems had detected 3.6 million different internet-borne threats on the computers of its users between January and March this year.

The company said that, notably, there had been a 189% growth in ransomware trojans, a form of cyber-extortion, in the same period when compared to the year before.

Songo said there were only about 30 people in her team responsible for protecting Eskom against cyberattacks.

“In my team, I have close to 30 people. But, we have something like 44 000 users. So if you look at [30] people to 40 000-plus people we need to accommodate, it doesn’t correlate.

“It goes without saying that there is a global cybersecurity skills shortage and we are not immune to that,” she said.

Precedent

The impact that cybercrime can have on critical infrastructure was made clear after a cyberattack hit Transnet in July 2021, which forced the logistics operator to declare force majeure.

Ishaaq Jacobs, the chief information security officer at Sasol, who also spoke at the Gitex panel, explained that businesses, including Sasol, were hit hard by the hack, which brought digital systems at a host of Transnet ports to a standstill.

Transnet had to revert to manual operating systems at its ports and declared force majeure as it was not able to fulfil its contractual obligations during the period.

READ | Transnet declares force majeure at SA ports over cyberattack

“In South Africa and Africa, the consequences can be quite catastrophic,” he said.

Jacobs explained that organisations have to be prepared to respond to cyber-incidents as they will no doubt affect organisations at some stage.

News24 was in Morocco at the Gitex Africa conference. The trip was sponsored by Kaoun International, the organisers of the event, and Gitex Africa.