Swazi Observer

FULL STORY

NATIONAL SECURITY AT RISK OVER MEASLY E5.6M DEBT

By SIBUSISO DLAMINI | 2025-02-03

The country’s national security is being jeopardised over an outstanding debt of just E5.6 million owed by the Royal Science and Technology Park (RSTP) to globally renowned leader in networking and cybersecurity solutions, Cisco for critical networking licences.

Cisco is a prominent company in networking and cybersecurity solutions, renowned worldwide for its role in developing and maintaining critical internet infrastructure.

The company provides a wide range of products, including routers, switches, firewalls, cloud security solutions, and cybersecurity software.

Its technology is widely used by governments, corporations and telecom providers to ensure secure and efficient digital communication.

The failure to settle this relatively small amount has left the country’s cybersecurity — and ultimately its national security—exposed to severe risks, including cyber threats, system failures and potential breaches of government communications.

According to insiders, these licences are vital for maintaining the integrity of the country’s digital infrastructure.

They provide essential security patches, software updates and technical support for Cisco networking equipment used across key government institutions.

Sensitive
Without them, the country’s systems are left vulnerable to attacks that could compromise sensitive state information.

“This is a crisis. E5.6 million is a minuscule amount compared to the risks the country is now facing.

Cybercriminals, hostile entities, or even rogue insiders could exploit these vulnerabilities to gain unauthorised access to government data,” one source disclosed.

According to the insiders, if sensitive state information were to fall into the wrong hands, the consequences would extend far beyond financial loss, potentially escalating into a full-scale national crisis.

They warned that delaying action could only heighten the risks, leaving critical government communications and infrastructure vulnerable to cyber-attacks and unauthorised access, urging immediate government intervention.

“At a time when cyber threats are escalating worldwide, Eswatini is leaving itself exposed over an amount that is negligible compared to the potential damage a security breach could cause,” they complained.

The revelations come just after this publication reported that the government continues to rely on an obsolete e-Cabinet system, which has long surpassed its technological lifespan.
The outdated e-Cabinet system stores classified government communications, policy discussions and strategic decisions.

“The failure to pay E5.6 million for critical cybersecurity licences, coupled with reliance on an obsolete e-Cabinet system, has created a national security risk that government can no longer afford to ignore,” added one of the insiders.

According to them, the system, implemented in 2014 on a 2012 platform, no longer receives security updates and lacks even basic monitoring capabilities.

“This is akin to leaving confidential government documents out in the open. The system doesn’t track user activity, meaning that unauthorised individuals could leak, manipulate, or delete critical state information without detection,” a source warned.

“That outdated system, coupled with the current loss of cybersecurity protections due to unpaid Cisco licences, creates an environment where national security is practically left defenceless,,” they added.

The insiders explained that without the necessary Cisco licences, government networks would not receive vital security updates, leaving critical systems open to cyber threats, malware and unauthorised access.

Valid
“Not having valid licences means no security patches, no technical support, and no way to fix system vulnerabilities. It’s the equivalent of locking your doors but leaving all the windows wide open,” explained one source, warning that this increases the risk of data breaches, espionage and disruptions to essential services.

Another insider emphasised that the debt was technically RSTP’s responsibility, as it was the entity tasked with managing government ICT infrastructure, but argued that, given the stakes involved, government should have ensured that these payments were made without delay.

“This isn’t just about an ICT bill—it’s about national security. The cost of fixing a security breach or recovering from a major cyber-attack would be far greater than E5.6 million. Why is the country gambling with its safety over such a small amount?” they questioned.

Acknowledging the concerns, RSTP Senior Communications Manager Senzo Malaza assured that steps were being taken to address the issue.

While admitting the potential risks posed by the current lapse, he maintained that RSTP was committed to ensuring the country’s digital infrastructure remained protected from emerging threats.

He said the institution was working closely with its parent ministry, the ministry of information, communication and technology, to resolve the licensing backlog urgently.

With the financial year drawing to a close, he expressed optimism that the necessary support would be secured to ensure the licences were fully paid and emphasised that cyber-security remained a top priority and that every effort was being made to prevent the country from being compromised in cyberspace.

Despite recognising these risks, government has yet to take decisive action to resolve the debt or replace the ageing e-Cabinet system.

While e-Government Director Bonga Ndlangamandla acknowledged the system’s security limitations, he disclosed that plans to upgrade the system were initially on the table, they were shelved due to budgetary constraints.

“We hope that funding will be made available in the next budget cycle. Until then, the ministry will continue to implement minor fixes with its limited resources,” he said.

One of the ‘minor fixes’ Ndlangamandla was referring to was that ministers were required to use a Virtual Private Network (VPN) when accessing it remotely.

The insiders, however, argued that VPNs alone are not sufficient to protect a system that is already outdated and vulnerable.

“VPNs provide encrypted access, but they do nothing if the system itself is inherently weak. Government is effectively trying to secure a broken lock with an extra key,” they explained.
They further argued that waiting for the next budget cycle is an unacceptable response to a crisis that puts national security at immediate risk.

“Cyberattacks are not waiting for the next budget cycle. Every day that passes without a solution increases the risk of a breach,” stated the source.

The unpaid licences are part of the wider financial difficulties that the institution’s newly appointed acting Chief Executive Officer, Nomvula Shongwe-Gulwako, is now tasked with addressing.
She inherits these issues from her predecessor, Dr Andile Metfula, at a time when the organisation is already under scrutiny.

Last month, this newspaper revealed that families of deceased RSTP employees have been plunged into financial hardship due to long-overdue pension and death benefits.

In some cases, the delays have stretched over three years, leaving dependents struggling to afford essentials such as school fees and daily necessities.

The prolonged wait has deepened the distress of affected families, who feel abandoned by an institution to which their loved ones dedicated years of service.

Shongwe-Gulwako steps into a role defined by crises, in particular after the significant restructuring RSTP has undergone in the past months since the non-renewal of former CEO Vumile Dlamini’s contract in July last year.

Key Threats Include:
1. Security Vulnerabilities: Without regular security updates, hackers can exploit known weaknesses to infiltrate government networks.
2. Lack of Technical Support: Any system failures or cyber incidents will go unresolved for longer, increasing downtime and disruption.
3. Performance Issues: Unlicensed equipment runs outdated software, causing system inefficiencies and increased downtime.
4. Compliance Risks: Operating without valid licences could result in Eswatini failing to meet international cybersecurity regulations, potentially damaging diplomatic and business relations.
5. Service Disruptions: Government services, banking transactions, and national telecom operations could be affected if network failures occur.

share story