SA Civil Aviation Authority continues wide-ranging investigation into potential security breach

Rolls-Royce, the British maker of plane engines and other power systems, roared back into net profit last year, largely as the pound recovered, the company revealed on March 7, 2018. (Photo: File, AFP)
Rolls-Royce, the British maker of plane engines and other power systems, roared back into net profit last year, largely as the pound recovered, the company revealed on March 7, 2018. (Photo: File, AFP)

The investigation into a possible cyber hack at the South African Civil Aviation Authority (SACAA), discovered a few days ago, is still underway, spokesperson Kabelo Ledwaba said on Thursday.  

He said that despite this, Ledwaba said they had managed to restore almost all of its services. 

While he did not want to discuss in detail the information communication technology (ICT) security systems of the SACAA publicly, Ledwaba said rumours that the organisation does not have cyber security in place was "simply untrue".

"In this digital-driven era, anyone without ICT security will be vulnerable and ultimately cease to exist," he said. 

He emphasised that there is also an email copy that was being circulated alleging that the SACAA is in talks with unknown individual(s) demanding a ransom payment.

"This is a misrepresentation of facts, as the organisation continually receives such and other phishing, emails and spoofs, which are dealt with accordingly by the organisation through its ICT team. So, it is not the first time that such an email had been sent to one or more of our employees," said Ledwaba.
 
He said the investigation is wide-ranging "and for obvious reasons we are not able to go into details about what the organisation is doing".  

On Monday, on closer inspection by its ICT personnel, SACAA noted that some files had suspicious characteristics, which are regarded as anomalies from an ICT perspective. Upon conducting a preliminary investigation, it was decided that some servers should be disconnected from the network in order to address these anomalies.

SACAA notified all the relevant state security authorities about the matter for their consideration, analysis, and possible investigation.

"It is only after the conclusion of the current ongoing investigation that we will know, with absolute certainty, if indeed there was an individual or individuals that may have deliberately attempted to disrupt the SACAA's services," commented Ledwaba said at the time.

"Management took a precautionary decision not to restore some information communication technology services to ensure that proper investigations are conducted, and all anomalies addressed."

He said the perception that there was a total shutdown of services was absolutely not true.

"The decision to shut down the servers has no bearing on the SACAA's ability to oversee a safe and secure air transport network," said Ledwaba.
 
"Preliminary indications are that the data has not been negatively affected and the SACAA has business continuity plans which include multiple back-ups."
 

We live in a world where facts and fiction get blurred
In times of uncertainty you need journalism you can trust. For only R75 per month, you have access to a world of in-depth analyses, investigative journalism, top opinions and a range of features. Journalism strengthens democracy. Invest in the future today.
Subscribe to News24
All Share
55339.58
(+0.99)
Top 40
50692.28
(+0.83)
Financial 15
10790.70
(+3.99)
Industrial 25
74905.70
(+1.05)
Resource 10
52561.57
(-0.49)
All JSE data delayed by at least 15 minutes morningstar logo
Company Snapshot
Voting Booth
Please select an option Oops! Something went wrong, please try again later.
Results
Yes, and I've gotten it.
24% - 69 votes
No, I did not.
52% - 150 votes
My landlord refused
24% - 71 votes
Vote