Question CW13 to the Minister of Employment and Labour
02 March 2020 - CW13
Smit, Mr CF to ask the Minister of Employment and Labour
(1) When last did his department use a white hat hacker to identify possible security gaps in their information technology system and cyber security threats; (2) whether he will (a) employ such a hacker or (b) request the relevant Sector Education and Training Authorities to employ it; if not, what is the position in this regard; if so, what are the relevant details?
Reply:
1. The department has never appointed a white hat hacker, instead the department requested State Information Technology Agency (SITA) Information Asset/host Security (ISS) to perform a vulnerability assessment using an automated tools to identify weaknesses which can be exploited by hackers and unauthorised attackers on the network (servers, workstations, printers and switches operating asset/host and packaged applications).
2. The department has embarked on a process of appointing a service provider for Cyber Security Services instead of appointing a white hat hacker. The scope of the appointed service provider will include continuous assessment of the security status of our ICT environment with routine vulnerability scans.
The project is planned to commence from the 1st of April 2020 once the service provider has been appointed, meaning that the appointed service provider will provide the services of the white hat hacker and more.