The South African government’s Cybersecurity Hub, which is tasked with dealing with cybersecurity issues reported by South African residents, left its website’s security certificate in an expired state for a week.

The security certificate, which ensures and displays that the connection between the website and the web browser is secured using an encrypted connection, expired on 12 November, and MyBroadband reported the issue to the government entity on 16 November.

On 19 November, the Cybersecurity Hub team confirmed that it was aware the certificate was expired and was working to resolve the issue.

Later in the day, it confirmed that the issue regarding the expired certificate had been resolved.

CSIRT

The Cybersecurity Hub is mandated by the National Cybersecurity Policy Framework, which was passed by Cabinet in March 2012, and it was first established by the Department of Telecommunications and Postal Services in 2015.

It is run by South Africa’s Computer Security Incident Response Team (CSIRT) and says on its website that it “strives to make Cyberspace an environment where all residents of South Africa can safely communicate, socialise, and transact in confidence”.

It does this by working with entities in government, the private sector, civil society, and the public, and aims to identify and counter cybersecurity threats.

Its full list of responsibilities is:

  • Incident coordination – Receiving, triaging, and responding to requests and reports, and analysing cyber incidents and events.
  • Cybersecurity assessment and advisory – Detailed review and analysis of constituent’s publicly viewable assets.
  • Announcements – Gather and develop security advisories and intrusion alerts to help constituents to protect their systems and networks.
  • Security-related information dissemination – Provision of a comprehensive and categorised collection of relevant publicly available documentation that aids in improving security.
  • Cybersecurity awareness building – Increase security awareness for citizens through the dissemination of various artefacts.
  • Identification of national standards – Identification of appropriate de facto rigorous, semantically correct, clear, and understandable standards.
  • Promotion of national standards – Promote the use of the de facto national standards, which facilitate threat sharing between the constituents of the Cybersecurity Hub via implementation of threat sharing platforms.
  • Establishment of Sector-CSIRTs – Promotion of collective capacity via public-private partnerships for the advancement of cybersecurity best practises all via the establishment of sector-CSIRTs.
  • Skills and training – Development and promotion of a national cybersecurity skills framework approved by relevant national institutions.

Given the role this entity is meant to play in the South African cybersecurity sector, it is concerning that it did not keep its security certificate updated.

Working to identify and resolve threats

MyBroadband asked the entity how many incidents it receives and resolves, but it said it does not generally publish these details.

“However, we can confirm that the Cybersecurity Hub receives numerous cybersecurity incidents during the course of the year, which are recorded and reported on a monthly, quarterly and annual basis,” said the Cybersecurity Hub spokesperson.

“These incidents are reported by the public, national and international organisations and as part of our response we collaborate with relevant national, regional organisations, CERTs, and law enforcement agencies,” it said.

However, the “Recent Vulnerabilities” listed on the website all redirect to a US Department of Commerce website, and the website still uses the header of the Department of Telecommunications and Postal Services – which was merged with the Department of Communications and Digital Technologies in June 2019.

Additionally, its “Awareness Portal” is labelled “South African CyberSecurity Awareness 2017”  – which elicits questions regarding how often this website is updated.

Now read: The Great African IP Address Heist – South African Internet resources worth R558 million usurped with shady domains