SA Civil Aviation Authority continues wide-ranging investigation into potential security breach

The investigation into a possible cyber hack at the South African Civil Aviation Authority (SACAA), discovered a few days ago, is still underway, spokesperson Kabelo Ledwaba said on Thursday.  

He said that despite this, Ledwaba said they had managed to restore almost all of its services. 

While he did not want to discuss in detail the information communication technology (ICT) security systems of the SACAA publicly, Ledwaba said rumours that the organisation does not have cyber security in place was "simply untrue".

"In this digital-driven era, anyone without ICT security will be vulnerable and ultimately cease to exist," he said. 

He emphasised that there is also an email copy that was being circulated alleging that the SACAA is in talks with unknown individual(s) demanding a ransom payment.

"This is a misrepresentation of facts, as the organisation continually receives such and other phishing, emails and spoofs, which are dealt with accordingly by the organisation through its ICT team. So, it is not the first time that such an email had been sent to one or more of our employees," said Ledwaba.
 
He said the investigation is wide-ranging "and for obvious reasons we are not able to go into details about what the organisation is doing".  

On Monday, on closer inspection by its ICT personnel, SACAA noted that some files had suspicious characteristics, which are regarded as anomalies from an ICT perspective. Upon conducting a preliminary investigation, it was decided that some servers should be disconnected from the network in order to address these anomalies.

SACAA notified all the relevant state security authorities about the matter for their consideration, analysis, and possible investigation.

"It is only after the conclusion of the current ongoing investigation that we will know, with absolute certainty, if indeed there was an individual or individuals that may have deliberately attempted to disrupt the SACAA's services," commented Ledwaba said at the time.

"Management took a precautionary decision not to restore some information communication technology services to ensure that proper investigations are conducted, and all anomalies addressed."

He said the perception that there was a total shutdown of services was absolutely not true.

"The decision to shut down the servers has no bearing on the SACAA's ability to oversee a safe and secure air transport network," said Ledwaba.
 
"Preliminary indications are that the data has not been negatively affected and the SACAA has business continuity plans which include multiple back-ups."