While tech deployment has often been hailed for playing a critical role in the fight against poaching, these technologies bring with them the risk of cyber attacks.
This is based on a study conducted by Orange Cyberdefense Academy’s Christelle Steyn, as part of her thesis titled: “Towards a Critical Review of Cybersecurity Risks in Anti-Poaching Systems in South Africa”.
Poaching is a big problem in SA, with rhinos often being the main target. South Africa, which holds nearly 80% of the world’s rhinos, is the country hardest hit by poaching syndicates.
Resultantly, various technologies such as tracking tags, CCTV and thermal cameras, wireless sensor networks, mobile apps and drones are being used in anti-poaching operations.
However, Steyn has found these technologies to be vulnerable to cyber attacks.
As part of her study, Steyn used a network software emulator to simulate a hypothetical network of anti-poaching technologies that could be applied in the conservation of wildlife species such as rhinos, elephants, pangolins and lions.
Steyn used the simulation to carry out various cyber attacks identified as pertinent to show the risks inherent to such a network. With the data from the simulation, she performed threat modeling to determine the severity of the potential threats faced by anti-poaching networks.
These attacks were then mitigated via system configurations. Steyn says that due to the nature of her simulation, many of the attacks targeted the backbone of the network – the router and the switch.
“These network appliances were found to be the most vulnerable to the broad classes of denial of service (DoS) and man in the middle (MitM) attacks. DoS attacks disrupt a service, while MitM attacks intercept data on the network.
“Through my simulation, I discovered that many security features are not always applied by default when acquiring a new network appliance such as a router or switch. So, from the start, correct and adequate configuration is necessary.
“Since many of the technologies used in anti-poaching operations are connected to another device, a database, a network, or the Internet to transmit data, they are all vulnerable to attack. The systems used to store the collected data are ultimately at most risk, especially if they can be accessed by cyber security compromises of the network or connected devices.”
Steyn points out that as soon as the real-time data that anti-poaching operations require is transmitted over a network, there’s a chance for exploitation.
According to her, not all networks are adequately protected and those that are could still be subject to very sophisticated and state-of-the-art attacks.
“While a typical poaching recruit in the field might have little technical know-how and give the joint operations centre and rangers a wide berth, the syndicates funding them may be able to provide the skills, training, and equipment necessary for someone to gain access to the anti-poaching systems and communications of an area or park.
“Anti-poaching efforts are implemented by governments, non-profit organisations and private entities, with varying degrees of skills and financial resources.”
She advises that communication networks and IT infrastructure must be well set up and securely authenticated for greater protection of information, anti-poaching units and animals.
She also recommends comprehensive antivirus and regular software updates, intruder detection systems and firewalls, an extra layer of protection beyond just a username and password, regular security audits performed by an expert, and the creation of a security-aware culture amongst employees to mitigate some attacks and secure the network overall.
Share