RECENT revelations by the Pegasus Report should serve as a wake-up call for President Cyril Ramaphosa and other leaders across the world.
An investigation by the Guardian newspaper, Pegasus Report, showed that leaders and journalists are not immune to cyber threats.
The Pegasus Project is a collaborative journalistic investigation into the Israeli NSO Group and its clients. The Israeli company sells surveillance technology to governments worldwide. Its flagship product is Pegasus, spying software – or spyware – that targets iOS and Android devices. Once a phone is infected, a Pegasus operator can secretly extract chats, photos, emails and location data, or activate microphones and cameras without a user knowing.
In the case of Ramaphosa, it showed that he might have been a spy victim by the Rwandan government, although this is denied by the Kagame government. The report also showed that we can no longer trust the iPhone as an unhackable phone.
This week, the most important question among people who look after Ramaphosa should be: What should President Ramaphosa do about the Pegasus Report? The response to the issue cannot be about a single country. Globally, there should be a consensus that leaders of the world cannot use ordinary devices. When Barack Obama became US president he was requested to stop using ordinary phones. Although he was reluctant initially, he had to eventually accept a more protected phone which was designed for him only. When the iPad came out, in 2010, the president wanted one. National-security advisers created the ObamaPad, a “hardened”, more secure iPad.
Last week, French President Emmanuel Macron had to change his cellphone and number to a more secure version after he was reportedly identified in the Pegasus Report. Macron, France’s youngest modern leader, has presented himself as a tech-savvy fan of cellphones, placing two iPhones on the desk behind him for his official portrait when he was elected in 2017.
The latest revelations will probably change how presidents in France choose their cellphones. Never again will they choose what they want based on how cool it seems.
Ramaphosa is known to use Apple products. Recently, he misplaced his iPad and could not start his address without Apple device. His watch is also an Apple device. Recent revelations by the Pegasus report should trigger a change of devices for the president. Part of the change should include a more secure and hardened device for the sake of national security. Leaders of the world can no longer just use off-the-shelf devices. Due to the nature of cyber attacks, it’s necessary that leaders take extra steps to protect their communication tools. Device manufacturers should develop unique devices for world leaders to avoid another Pegasus situation.
Macron has ordered multiple investigations to be carried out after his phone number, as well as those of his former prime minister and most of his 20-strong cabinet, appeared in the leaked database at the heart of the Pegasus project.
In addition to investigations, in the long run, countries need to have independent means of communications that are not reliant on products developed in other countries. South Africa should work towards the ability to produce a local phone and devices that can be hardened for the head of state and other leaders whose protection is important for national security.
In the same week that the Pegasus report revealed the information about Ramaphosa, national transport operator Transnet was hacked.
Although there are investigations to understand what is behind the cyberattack, it’s important for South Africa to take a step back and acknowledge that there’s poor technology security for the country.
The developments should inspire a move towards appreciating the need to take cybersecurity seriously. Part of this should include a national cybersecurity task force, strategies, and a culture that acknowledges that digital spaces present real security risks. Across national entities, there should be cybersecurity leaders to protect national institutions against cyber threats.
It’s a known fact that South Africa lacks the necessary cybersecurity skills and these security developments should also inspire the development of cybersecurity professionals to protect not only government entities but also business entities.