The South African government is repositioning cyber security as a core component of its national security strategy, with a renewed focus on counter-intelligence and protective security, following a series of high-profile cyber attacks on state institutions.
This shift in approach was outlined yesterday by minister in the Presidency Khumbudzo Ntshavheni, during a media briefing in Cape Town, where she released the public versions of the National Intelligence Priorities and National Security Strategy (NSS) 2024-2029.
The announcement coincided with her tabling of the 2025 State Security Agency budget vote in Parliament.
At the briefing, Ntshavheni emphasised the historic nature of the publication, describing it as the first time core intelligence frameworks have been shared in a structured, transparent way without compromising national security.
She provided a holistic review of threats facing the nation, including illegal migration, espionage, transnational organised crime, climate change, domestic instability – and notably − cyber crime.
“It [NSS] seeks to ensure our national response to complex security issues − from illegal migration, espionage, cyber threats and transnational organised crime, to climate security as well as domestic instability, among others − is informed, proactive and coordinated.”
Ntshavheni noted that faced with the increased threat of cyber crime, the country will bolster cyber forensic capability to effectively address and regulate online technologies and crypto-currencies that are exploited to facilitate illicit financial flows.
The minister added that SA is set to adjust its cyber security posture to accommodate counter-intelligence and protective security at its core.
She pointed out that the country will also address cyber security vulnerabilities at organs of state, including in procurement, supply chain management and reliance on foreign-based companies within national security domains.
Cyber security also forms part of the eight key pillars of SA’s national security strategy. This pillar aims at strengthening the sovereignty of SA in the information space through enhancing risk awareness, encouraging the country’s stakeholders to assume responsibility for their cyber security and building the necessary capabilities.
Another pillar identified in the national security strategy is the protection of cyber space and the environment, said Ntshavheni.
This pillar is aimed at ensuring the country’s scientific and technological development is independent and competitive. It further ensures there is enough investment in research and development capacity and that the country’s intellectual property is protected.
Another pillar relates to the protection and promotion of technology and innovation.
Under attack
The prioritisation of cyber as a key national security threat comes as several South African government entities have recently fallen victim to cyber attacks, raising concerns about the public sector’s cyber security readiness, amid rising global threats.
In January, the South African Weather Service (SAWS) confirmed its ICT systems went down due to a criminal security breach. It revealed its aviation and marine services were affected, as well as e-mails and website.
After the attack, SAWS CEO Ishaam Abader told members of Parliament that the entity did not achieve most of its targets during its fourth quarter, largely as a result of the cyber security breach.
In May, South African Airways revealed it was hit by a significant cyber incident. SA’s flagship carrier said the breach temporarily disrupted access to the airline’s IT systems, prompting swift response measures to mitigate its effects.
Other government entities that have recently been impacted by cyber attacks include the Department of Justice and Constitutional Development, South African National Space Agency, Transnet and the Companies and Intellectual Property Commission.
Cyber security expert Simphiwe Mayisela, managing director of SS Consulting, concurs that cyber security is a key threat to the South African government because the state increasingly relies on digital infrastructure to deliver essential services, manage sensitive data and support critical national functions.
“This reliance exposes government systems to a wide range of cyber threats, including data breaches, ransomware and espionage. The sophistication and frequency of cyber attacks are escalating, often targeting vulnerabilities in public sector networks. Such incidents can disrupt service delivery, undermine public trust and compromise national security, making cyber security a matter of strategic importance,” says Mayisela.
Lionel Dartnall, country manager for SADC at cyber security company Check Point Software Technologies, adds that cyber attacks and threats are the new weapons in a systemic and growing sophisticated war against organisations and institutions.
“In South Africa, government and military institutions are among the most affected sectors, placing national infrastructure at heightened risk from both cyber criminal and state-linked actors.”
According to Check Point’s Threat Intelligence Report, the South African government and military organisations are attacked on average 3 803 times per week. This is compared to a global average of 1 938.
Says Dartnall: “These government institutions manage vast amounts of sensitive citizen data and operate essential services and infrastructure. As digital transformation accelerates across the public sector, any gaps in cyber defences expose the state to serious risks – from data breaches to service disruption and even economic destabilisation. The result could potentially be catastrophic, through disruptions to the grid or the country’s water supply, for example.”
Essential adjustment
Mayisela believes adjusting SA’s cyber security posture to accommodate counter-intelligence is vital because many cyber threats are orchestrated by well-resourced, organised actors – including foreign intelligence services and criminal syndicates – seeking to infiltrate government systems for strategic gain.
“Counter-intelligence capabilities enable the government to detect, deter and neutralise these threats proactively, rather than merely reacting to incidents after the fact. Integrating counter-intelligence into cyber security ensures a holistic approach, protecting not only data and infrastructure but also the integrity of decision-making processes and national sovereignty,” he comments.
Dartnall points out that the threat landscape has evolved far beyond conventional cyber crime. “Today, nation-state actors and organised groups often pursue intelligence gathering, political disruption and cyber espionage.
“South Africa must enhance its cyber posture to include strong counter-intelligence capabilities that can detect, deter and neutralise these covert operations. This will require improved threat intelligence, better inter-agency coordination, and greater investment in cyber skills and technologies to protect national sovereignty and secure decision-making processes.”
Mayisela says to further strengthen cyber security, government should invest in continuous skills development for public sector employees, ensuring they are equipped to recognise and respond to cyber threats.
He adds that there should be a concerted effort to modernise legacy IT systems, implement robust access controls and enforce regular security audits.
Dartnall warns that firewalls, anti-virus software and patching are no longer enough. “Check Point recommends a ‘prevention-first’ posture – multi-layered defences, zero-trust architectures, regular vulnerability testing, and incident response protocols that assume a breach has already occurred.
“Cyber security training for public sector employees is essential, alongside the creation of a national cyber command or coordination centre to enable faster response and collaboration across departments. Public-private partnerships will also be key to ensuring access to global intelligence and best practices.”
Share