Johannesburg - The State Information Technology Agency (Sita) will not be penalised over the hacking of the police’s website.
Sita developed and maintains the SAPS website, which was hacked in mid-May in a cyber attack that resulted in thousands of whistle blowers having their details published online.
At the time, the anonymous hacker claimed the attack was in retaliation for the shootings at Marikana by police last year.
“The service-level agreement between Sita and the SAPS does make provision for penalties for non-performance, but it does not include penalties for information security,” Minister of Public Service and Administration Lindiwe Sisulu said in a written reply to Parliament.
“Sita has done vulnerability scans on websites hosted by Sita, including www.saps.gov.za. A process has been initiated since February 2013 to resolve the reported vulnerabilities in the web applications. This is unfortunately a tedious process as it requires the redevelopment of large portions of the application.”
Freedom Front Plus MP Anton Alberts asked Sisulu who ran the website, what security measures it had, and whether the contract provided for fines for hacking incidents.
Alberts referred to the hack as compromising “information on 17 000 persons in the witness protection programme”, but Sisulu said the information was not of people in witness protection.
“The records downloaded were of persons who provided information to the South African Police Service.
“After the attack, a team of experts were put together and the following actions were performed on the SAPS web server environment: security architectural review; security standards review; high-level vulnerability assessment on hosting infrastructure; technical assessment on SAPS website; and security configuration review for the firewalls.”
The Star