Various technologies, such as tracking tags, closed circuit television cameras and thermal cameras, wireless sensor networks, mobile apps and drones, are being used for intelligence and communications in anti-poaching operations to protect wildlife.
However, these technologies bring with them the risk of cyberattacks, and therefore communication networks and information technology infrastructure must be well set up and securely authenticated for greater protection of information, anti-poaching units and animals.
This is according to cyber-defence company Orange Cyberdefense Academy’s Christelle Steyn. She recently obtained her master’s degree in Socio-Informatics at Stellenbosch University. The title of her thesis was Towards a Critical Review of Cybersecurity Risks in Anti-Poaching Systems in South Africa.
As part of her study, Steyn, who is also a Field Guides Association of Southern Africa-certified field guide with a passion for wildlife conservation, used a network software emulator to simulate a hypothetical network of anti-poaching technologies that could be applied in the conservation of wildlife species such as rhinos, elephants, pangolins and lions.
She points out anti-poaching operations do not want to divulge real world data on the status and capabilities of their systems or their mitigation strategies.
Steyn used the simulation to carry out various cyberattacks identified as pertinent, to show the risks inherent to such a network. With the data from the simulation, she was able to perform threat modelling to determine the severity of the potential threats faced by anti-poaching networks. These attacks were then mitigated using system configurations.
Steyn says, owing to the nature of her simulation, many of the attacks targeted the backbone of the network – the router and the switch.
“These network appliances were found to be the most vulnerable to the broad classes of Denial of Service (DoS) and Man in the Middle (MitM) attacks. DoS attacks disrupt a service, while MitM attacks intercept data on the network.
“Through my simulation, I discovered that many security features are not always applied by default when acquiring a new network appliance such as a router or switch. So, from the start, correct and adequate configuration is necessary.
“Since many of the technologies used in anti-poaching operations are connected to either another device, a database, a network, or the Internet to transmit data, they are all vulnerable to attack. The systems used to store the collected data are ultimately at most risk, especially if they can be accessed by cybersecurity compromises of the network or connected devices.”
Steyn points out that as soon as the real-time data that anti-poaching operations require is transmitted over a network, there is a chance for exploitation. She adds that the common attacks on anti-poaching networks are likely to intercept or retrieve data or to disrupt the network to block monitoring or delay response.
According to Steyn, not all networks are adequately protected and those that are could still be subject to very sophisticated and state-of-the-art attacks.
“While a typical poaching recruit in the field might have little technical know-how and give the Joint Operations Centre and rangers a wide berth, the syndicates funding them may be able to provide the skills, training and equipment necessary for someone to gain access to the anti-poaching systems and communications of an area or park.
“Anti-poaching efforts are implemented by governments, non profit organisations and private entities, with varying degrees of skills and financial resources.”
Steyn recommends comprehensive antivirus and regular software updates, intruder detection systems and firewalls, an extra layer of protection beyond just a username and password, regular security audits performed by an expert, and the creation of a security-aware culture among employees to mitigate attacks and secure the network overall.
She says her study creates awareness of the cyberthreats and offers mechanisms that can be implemented to mitigate these risks.