South Africa’s cyber defences are running on outdated code: Ricardo Teixeira
Key topics:
The SANDF’s Cyber Command is small, opaque and poorly integrated into core defence operations
Legacy COBOL systems and outdated infrastructure expose vulnerabilities to modern cyber attacks
Urgent reforms: ring-fenced funding, doctrinal shift, joint training, and civil-military cooperation
Sign up for your early morning brew of the BizNews Insider to keep you up to speed with the content that matters. The newsletter will land in your inbox at 5:30am weekdays. Register here.
Support South Africa’s bastion of independent journalism, offering balanced insights on investments, business, and the political economy, by joining BizNews Premium. Register here.
If you prefer WhatsApp for updates, sign up to the BizNews channel here.
By Ricardo Teixeira*
Modern war rarely begins with artillery barrages or tanks crossing borders. Increasingly it begins in the shadows, with networks probed for weaknesses and malicious code planted to disrupt communications and paralyse decision-making.
Malware can blind air-defence radars, corrupt logistics data and disable critical infrastructure before a single shot is fired. The South African National Defence Force (SANDF) says it understands this shift, yet its response remains hampered by chronic underinvestment, personnel shortages and fragmented organisation.
Defence Minister Angie Motshekga’s recent reply to a parliamentary question from Inkosi Russell Cebekhulu, along with disclosures in the Department of Defence Annual Report for FY2024/25, gives little cause for reassurance. Motshekga emphasised that cyber capability is already “inherent” in SANDF doctrine and cited its presence in the Military Strategy and Joint Force Employment Strategy. On paper this looks progressive. In reality the SANDF’s Cyber Command sits under the Defence Intelligence Division, a structure that limits transparency and leaves outsiders unsure about its true size or readiness. The scant information released to Parliament reinforces the impression that the command remains small, under-resourced and peripheral to the force’s main warfighting units.
The annual report notes that the Department of Defence is participating in the government’s effort to establish an Integrated Cybersecurity Centre under the Justice, Crime Prevention and Security (JCPS) cluster. It has drafted a Cyber Defence Strategy and an Implementation Action Plan, but these remain under internal consultation and have yet to be fully approved. The slow pace of institutionalising cyber defence is striking when compared with the rapid evolution of global threats.
The minister acknowledged funding constraints yet insisted that Defence Intelligence continues to integrate key cyber-security and electronic-warfare elements into the services. These efforts are laudable but insufficient. Cyber resilience requires continuous investment and highly skilled operators who are scarce and expensive worldwide. The current defence budget makes this difficult to achieve.
A further weakness is technological. Much of the Department of Defence’s core administrative and logistics systems still run on COBOL-based programming, a relic of the 1970s and 1980s. These legacy platforms are notoriously hard to maintain, vulnerable to modern malware and difficult to integrate with contemporary cyber-security tools. They also make it harder to attract young cyber specialists who have little interest in outdated code. Unless these systems are modernised, even the most sophisticated cyber-defence concepts will be undermined by brittle infrastructure.
South Africa’s strategic environment makes underinvestment increasingly perilous. The country is exposed to the full spectrum of cyber threats, from ransomware gangs to state-backed espionage. Critical national infrastructure such as the electricity grid, ports and water supply is especially vulnerable to disruption during conflict or political crises, as has been demonstrated by previous cyber-attacks. The blurring of conventional and asymmetric warfare means adversaries can inflict real damage without crossing a border. To believe a lightly funded, poorly co-ordinated Cyber Command can defend this terrain is naive.
The Cyber Gap
The SANDF has long relied on its signal formation to provide communications across the force. Within this formation, the 5th Signal Regiment plays a central role in electronic warfare, tasked with intercepting and jamming hostile transmissions and protecting friendly networks. This legacy structure preserves valuable technical expertise and ensures that communications and electronic functions remain part of South Africa’s military order of battle.
Yet these units were built for an era when “signals” referred to radios, morse code, field telephones and line-of-sight communications. They were not designed to handle full-spectrum cyber defence, network intrusion detection or large-scale digital operations. As a result, cyber capability remains fragmented across the SANDF, lacking a single chain of command.
South Africa therefore needs more than experienced signal regiments. It needs a centralised, properly resourced Cyber Command that can work alongside other formations while directing both defensive and offensive cyber operations across all domains. This command must be integrated into operational planning so that cyber and electronic effects are coordinated in real time. A patchwork of units, each with its own doctrine and equipment, cannot withstand a sustained and coordinated assault on military networks or national critical infrastructure.
Lessons from Ukraine
The war in Ukraine illustrates both the potential and the limits of cyber operations in modern conflict. In the weeks before Russia’s invasion in February 2022, Ukrainian ministries, banks and energy firms were hit by destructive malware and denial-of-service attacks. Russian hackers deployed wiper viruses such as HermeticWiper to erase data and sought to undermine morale by disrupting online services. These attacks were timed with disinformation campaigns to sow confusion and degrade Ukraine’s mobilisation.
Once large-scale combat began, however, cyber operations were overshadowed by electronic warfare. Both sides shifted their focus to jamming, intercepting and deceiving one another’s electronic signals. Russia deployed powerful jammers to disrupt GPS guidance, hinder drone operations and degrade Ukrainian artillery spotting and communications. Ukraine responded with its own electronic-warfare units and improvised countermeasures such as frequency-hopping and civilian satellite communication technologies to maintain connectivity. The contest for control of the electromagnetic spectrum became central to battlefield outcomes.
Two lessons stand out. First, cyber-attacks are most effective in the opening stages of a conflict but rarely decisive thereafter. They can disrupt but cannot hold territory. Second, once high-intensity fighting begins, control over electronic signals becomes paramount. Modern forces must therefore integrate cyber and electronic-warfare operators to ensure that their own command networks survive in a contested spectrum.
South Africa should take note. Any future conflict involving the SANDF is unlikely to resemble a traditional set-piece battle. Hybrid tactics are more likely, including sabotage of communications infrastructure, drone incursions and attempts to jam command networks. The SANDF’s Cyber Command and the Signal units’ electronic-warfare assets must be able to function as a single integrated force.
The annual report shows that the SANDF has supported the National Cyber Security Policy Framework of 2012 through participation in the JCPS Cyber Response Committee, yet the Integrated Cybersecurity Centre remains in the design phase. The Cyber Defence Strategy and Implementation Plan have been drafted but not approved. Delays are partly bureaucratic and partly the result of limited funding. Meanwhile, adversaries are becoming faster and more sophisticated. SANDF troops in Eastern DRC under the now terminated SAMIDRC, reported GPS and mobile signal jamming around Goma prior to and after the battle.
Pretoria risks repeating a familiar pattern. South Africa often publishes impressive strategies but fails to match them with resources, leaving critical initiatives half-implemented. Cyber capability cannot be left aspirational; it must be made operational.
Priorities
First, cyber defence must have ring-fenced funding. It cannot be treated as a discretionary expense to be cut when budgets tighten. Stable and protected investment is essential to build a sustainable Cyber Command, that can recruit and retain skilled personnel while modernising ageing technology. Modernisation must include replacing the Department of Defence’s outdated COBOL-based systems, which are increasingly difficult to maintain and integrate with modern cyber-security tools.
Second, doctrinal modernisation is overdue. Cyber effects need to be treated as a core operational domain alongside artillery, aviation and special forces. Commanders must be trained to use cyber offensively to blind enemy sensors or disrupt logistics, and defensively to harden their own networks against attack.
Third, the SANDF needs robust joint training and simulation. Dedicated cyber exercises that replicate realistic attacks would give operators the chance to practise under pressure. Regular exercises integrating cyber and electronic-warfare teams with infantry, armour and air units would sharpen co-ordination and improve reaction times during crises.
Finally, civil-military cooperation is vital. Much of South Africa’s critical infrastructure, from energy utilities to transport and telecommunications, is privately operated. The SANDF will need secure channels for sharing threat intelligence and running joint exercises with these sectors to ensure the resilience of national networks in any conflict.
A fifth priority is international cooperation. Cyber threats cross borders, and intelligence-sharing agreements with allied states could help detect hostile campaigns earlier. Working with partners who have more mature cyber forces would provide access to better training and advanced defensive tools.
The Price of Complacency
Pretoria’s rhetoric signals that it understands the strategic importance of cyberspace. Its budgets and institutional reforms suggest otherwise. Skilled operators continue to drift to the private sector in search of better pay. Organisational changes to integrate cyber and electronic-warfare units have been slow and piecemeal. The SANDF therefore remains vulnerable to attacks that could cripple its command-and-control systems at the outset of a crisis.
The experience of Ukraine shows that cyber capabilities need to be developed well before conflict breaks out. They cannot be improvised once the fighting starts. South Africa still has time to act, but that window is narrowing. If it fails to modernise, the country risks being caught in a future conflict where the first blows land not on the battlefield but on the servers and networks that keep the economy functioning.
In the modern age wars can be lost in the electromagnetic spectrum before the first shot is fired. If Pretoria is serious about building a unified, multi-domain defence force, it must make cyber power a central pillar of national defence strategy and back it with the funding, personnel and technological upgrades needed to turn policy into capability.
*Ricardo Teixeira, who has joined the Daily Friend as Associate Editor, is a journalist, defence analyst, and national security advocate.
This article was first published by Daily Friend and is republished with permission