Cyber threats do not take holidays, and neither can national vigilance, the South African National Defence Force’s (SANDF’s) Cyber Command has cautioned ahead of the festive season.
Established following the approval of the National Cybersecurity Policy Framework (NCPF), the Cyber Command is mandated to coordinate and implement cyber defence measures as an integral part of the SANDF’s mandate. Within the Department of Defence (DoD), Cyber Command unifies the direction of cyber operations and protects critical information infrastructure and national interests in cyberspace, while providing support to other organs of state when required.
Its current director is Brigadier General Xolani Gilbert Mabanga, who previously served a four‑year tour of duty as Defence Attaché in the People’s Republic of China. He is responsible for directing and overseeing the establishment, capacitation and operationalisation of Cyber Command, including the conduct of cyber operations and the analysis and assessment of cyber threats.
He also leads cyber counter‑intelligence operations and provides strategic direction on cyber support across the DoD. Equally important, he is tasked with maintaining morale and discipline, strengthening fraud‑prevention measures and ensuring sound labour and service‑relations systems.
“Technology alone cannot be a capability to defend a nation,” he notes. “It is disciplined people, following sound processes, equipped with the right technologically advanced tools of trade that ultimately give us resilient capability.”
During the festive season, the SANDF faces a heightened cyber risk environment. Social engineering and phishing campaigns spike as criminals exploit “holiday” themes, year‑end pressure and reduced vigilance. Increased use of personal devices on official networks, a more relaxed security posture in offices and reduced staffing levels create openings for malware, ransomware and supply‑chain attacks. State‑sponsored actors also exploit global festivities to hide reconnaissance, deploy advanced persistent threats and conduct long‑term espionage while security teams are thinly spread. These risks directly threaten the integrity of communications, logistics supply chains, medical and other critical systems that underpin South Africa’s defence capability.
To counter these threats, the DoD invests in continuous awareness and training throughout the year, with particular emphasis during high‑risk periods. Defence Intelligence Division and Command Management Information Systems (CMIS) Division present Information Systems Security courses for all system users, from basic to advanced levels. The DoD intranet runs regular messages, banners and pop‑ups to reinforce safe behaviour, while CMIS teams visit units and bases to brief members on current cyber trends identified by Directorate Departmental Security and Cyber Command within Defence Intelligence Division. These efforts are complemented by broader awareness on physical, document, and cyber security, to foster a culture of professional, security‑conscious conduct across the organisation.
On the technical and operational front, Cyber Command emphasises robust monitoring and incident‑response readiness. Security Information and Event Management systems, security appliances and software must be fully updated and operational, supported by strict access control, multi‑factor authentication, network segmentation of critical systems and hardened devices for any authorised “bring your own device” access.
Operationally, units are expected to conduct pre‑holiday cyber‑readiness drills, enforce patching and backups, publish standby rosters, ensure unused workstations are switched off and prevent the introduction of personal devices or entertainment use on DoD infrastructure. Mabanga is quick to credit his subordinates and seniors for enabling this posture: “Any successes we claim in cyberspace belong first to the men and women who do the work, and to the senior leadership of Defence Intelligence Division who fully back the development of this capability.”
The festive period is meant for rest and family time, but it also creates a perfect storm of reduced vigilance, increased online activity and emotional and logistical stress that adversaries deliberately exploit. Every DoD/SANDF member, both uniformed and civilian, has a personal responsibility to practise good cyber hygiene and safeguard sensitive information. “In cyberspace there is no such thing as being ‘too careful’,” Mabanga cautions. “Every cautious click, every strong password and every report of something suspicious is a small act of defence that helps protect the integrity of our country.”
Rear Admiral (JG) Prince Tshabalala is Director Defence Corporate Corporation and SANDF Spokesperson.
