NEC XON has responded to media reports that the South African National Defence Force's (SANDF’s) network and data were “compromised” due to “open access SIM card/WiFi enablement” at its relay towers.
The reports claimed NEC XON − an African integrator of ICT solutions and a subsidiary of NEC, a global Japanese company − was to blame for the alleged breaches.
However, NEC XON denies responsibility, saying its contract to maintain the Department of Defence’s (DOD’s) infrastructure ended last year.
According to media reports, the SANDF's computer management system was left vulnerable after a contractor installed SIM cards and open access WiFi on the countrywide relay systems. The system is responsible for backing up all of the military’s internal databases, including its personnel database and logistics systems.
Defence Intelligence reportedly wrote to the SANDF's command and management information systems division and Armscor, demanding no further contracts or cooperation with the involved company, NEC XON, which it alleged “has already compromised the military's security”.
NEC XON responded to questions from ITWeb, stating its contract to maintain the infrastructure with the DOD ended on 31 March 2023.
It said: “For the past 17 months, a different service provider has been in charge of maintaining the appropriate infrastructure. The DOD expressed no such concerns before or after our contract, so it is surprising that these anonymous allegations have surfaced now.”
The company stated it “takes such baseless allegations seriously, as it adheres to strict standards of ethical conduct, and expects all its business associates to do the same”.
It added: "The WiFi-enabled SIM cards installed by NEC XON at SANDF relay sites do not allow access to the SANDF's secure network (the Defence Information System Network, or DISN)."
The WiFi only allows for the secure operation of the relay towers' UPS system (power supply and diesel generator), such as stopping and starting the generator.
Furthermore, the Centurion-based ICT integrator stated that “complete physical and logical separation is maintained between the UPS and the DOD network – precisely for reasons of security. The one gives no more access to the other than hacking a network-enabled home UPS would provide access to a completely separate laptop.
“At no point has there been open access WiFi at any of the DOD relay towers − only a WiFi link between the UPS management system and the diesel generator.
”Access to any SANDF data and/or systems via the SIM cards and/or the generator WiFi link is implausible.”
While SIM-based WiFi access to the UPS systems is secure, the business argues that even if someone were to gain access using a SIM card, they would only be able to view data such as fuel levels, battery charge levels and generator temperature, contrary to prior unsubstantiated media reports.