Social Development Minister Sisisi Tolashe on Tuesday said the South African Social Security Agency (Sassa) will appoint a service provider to conduct a full scale investigation into vulnerabilities in all types of social grants.
This comes after an audit found the threat level for the Social Relief of Distress Grant (SRD) grant was medium, “meaning that while the system is not highly vulnerable, it is still susceptible to certain types of attacks that could compromise security if left unaddressed”.
The audit was sparked by a survey by two Stellenbosch University computer science students, Veer Gosai and Joel Cedras, who identified weaknesses in the SRD grant application system late last year.
“The service provider that will be selected to conduct the investigation will be appointed through the competitive bidding processes. Members will be informed of the appointed service provider as soon as possible,” Tolashe said.
She was responding to a follow up question during the oral question session in the National Council of Provinces on Tuesday, when ANC MP Patrick Sibande enquired in his original question about the outcomes of the investigation into the vulnerabilities of the SRD grant system.
Tolashe said the overall threat level for the SRD was classified as medium by Masegare and Associated Incorporated.
The vulnerabilities that were identified revealed potential issues with the authentication mechanism, server configuration, data encryption and missing security headers.
“These vulnerabilities create opportunities for attackers to exploit weak points in the system,” she said.
Tolashe also said the scope of the full-blown investigation was being drafted so that an independent service provider with extensive experience in investigating social grant fraud, relevant tools for conducting digital forensic investigation and a national footprint was appointed.
“While I appreciate the urgency and priority to start and conclude the investigation within the reasonable period, it is quite difficult to determine the time frame to complete the investigation.”
The minister stated that the scope of the work that will be covered included fraud risk identified by various assurance providers, Sassa internal audit unit, Social Development Department, Sassa management and the significant system weaknesses identified during the recently concluded audit on the SRD grant online system.
Tolashe said the director-general's office will oversee the process to ensure that the successful appointment of a service provider was concluded with the reasonable time frame.
Asked to indicate the provinces identified as the most affected by fraudulent SRD grant activities, Tolashe named two provinces where there were reported cases of identity theft and fraud.
“We can safely say, for now, Gauteng and the Eastern Cape are two provinces that showed a lot of those. We can safely report to say it went up to almost 1 100.”
She said the law enforcement agencies were making sure that those responsible were behind bars.
“We are very hard at work, Chair, and want to commit to saying Sassa and the Department of Social Development, willl not tolerate any corruption that takes place within our systems.”
Responding to DA MP Nicholas Gotsell on whether her department was planning for the influx in social relief applications if the plan to tax South Africans more succeeded, Tolashe said her department and Sassa dispatch grants to rightful people.
She also said it was the responsibility of all other departments to make sure that the limited money received, benefitted the poor.
“We receive on an annual basis and are supposed and expected, as according to the law, to dispatch those to the most vulnerable in the process that Sassa is responsible for,” she said.