The
Cyber Counterintelligence
Project


The changing threat landscape

Over the past decade, confidence in traditional cyber and information security methods has been severely eroded. Notwithstanding sharply rising global spend on cyber-security, governments and business continue to experience breaches of expanding impact. Concurrently, acts of influence through cyber means (including, but not limited to, ‘fake news’) are increasing exponentially. The threat landscape is furthermore characterised by the morphing of high-end threats – i.e. the blurring distinction between what was conventionally labelled as state-sponsored Advanced Persistent Threats (APTs) and the actions of other actors (such as criminal groupings, corporate entities, hacktivists). The tradecraft, activities and even aims of various classes of threat actors in cyber space are often difficult to separate and reflect state-grade skills in intelligence and counterintelligence. For both state and non-state actors correspondingly, multi-vectored intelligence operations (which combine human, cyber and other technical vectors) are now a precursor to extensive breaches.

Cyber Counterintelligence’s role

The proactive engagement and countering of the above-noted threats is the signature role of Counterintelligence (CI) and its subset Cyber Counterintelligence (CCI). While CCI is not a wonder cure for all cyber ills, it offers a conceptual and practicable approach for state and non-state actors to assert and advance their interests in the cyber arena. It combines clever, proactive defences with the engagement and exploitation of adversaries.

CI has been practiced for millennia and CCI has existed de facto in the state security apparatus of several countries for decades. However, it was only during the late 1990s that CCI crystallised as a formalised multi-disciplinary, specialisation field. Although CCI is not a novel concept, it is academically vastly, under-explored. In fact, outside the circles of governments’ security apparatus, some large corporates and niche vendors that offer specialised services, CCI remains mostly unknown and often misunderstood. Unclassified, academic literature on the subject is scarce, with formalised and academic training (outside the government sector) very limited.

Cyber Counterintelligence as a specialisation field and academic subject

Counterintelligence (CI) has been practised for millennia and Cyber Counterintelligence (CCI) has existed de facto in the state security apparatus of several countries for decades. However, it was only during the late 1990s that CCI crystallised as a formalised multi-disciplinary, specialisation field. Although CCI is not a novel concept, it is academically vastly under-explored. In fact, outside the circles of governments’ security apparatus, some large corporates and niche vendors that offer specialised services, CCI remains largely unknown and often misunderstood. Unclassified, academic literature on the subject is growing but still relatively limited, with formalised and academic training (outside the government sector) limited.

The need for collaborative research

As is clear from the above, CCI is not only the domain of state security. Effective CCI requires cooperation and collaborative undertakings, enmeshing state and non-state actors. Such non-state actors include business, civil society and academic institutions. Academic institutions’ interest in CCI is not limited to research. Given its above-noted relevance, CCI also ought to be a topic of instruction (i.e. part of the curricula of various subjects in the field of natural and social sciences). In a few developed countries, cooperation between the state and selected tertiary institutions on CCI education and training do exist. To the knowledge of UJ’s Cyber Security Centre, this is by far the exception and not the rule. Within the African continental context (of countries with emerging and developing economies), the need for at least some academic institutions to fulfil a research and education role in CCI is arguably even more urgent. UJ’s Cyber Security Centre is of the view that CCI’s development in the African academic sphere will benefit several academic disciplines such as Political Science, Computer Science/Informatics/Information Systems as well as Economic and Management Sciences

CCI-research at UJ’s Cyber Security Centre

Against the above background, UJ’s Cyber Security Centre in 2014 launched a project aimed at promoting CCI as a multi-disciplinary field of inquiry – specifically within the context of South Africa as a middle-income emerging economy. The project strives to cooperate with interested role players locally, regionally and internationally on joint research projects.

UJ’s Cybersecurity Centre is particularly proud of the project’s tangible output thus far. Exceptionally positive feedback has been received on numerous CCI-research papers delivered at local, regional and international conferences. Likewise, several articles were published on-invitation in well-known, peer-reviewed journals. In addition, two doctoral theses have been completed with a further one in progress. Growing citations of the UJ research by academics internationally, further adds credence to the project. Aspects of the CCI research have also found practical application and are incorporated in a training programme designed in cooperation with a South African state entity.

An inventory of published research flowing from the project is provided at the bottom of the webpage. The inventory shows focus areas of this research including:

  1. - Defining and conceptualising CCI as a mulita-disciplinary research field.
  2. - CCI and its relation with Cyber Intelligence and Cyber Threat Intelligence.
  3. - An integrated defensive-offensive organisational approach to CCI.
  4. - A framework for a CCI maturity model (foundational to a toolkit allowing an organisation to do a self-assessment/test with regard to its own cyber counterintelligence maturity status).
  5. - CCI awareness and skills training.
  6. - CCI literature review./li>

In addition to the above, the following are topics currently being researched:

  1. - Governance imperatives of Cyber Counterintelligence in securing the Fourth Industrial Revolution’
  2. - The effects of Covid-19 on Cyber Counterintelligence (CCI), specifically considering the additional cyber risks resulting from the whole ‘work from home’ environment.
  3. - A PhD study on CCI Awareness and CCI skills development.

Invitation to interaction and cooperation

UJ’s Cyber Security Centre welcomes cooperation with interested parties and individuals on CCI research. Contact details of the research team are provided on the webpage.



CCI-related articles, papers, presentations and studies completed or in progress are as follows:

  • 1. Duvenage, P.C. & von Solms. S.H. (2013) ‘The case for cyber counterintelligence’ in Published Proceedings of the 5th International Workshop on ICT Uses in Warfare and the Safeguarding of Peace, Institute of Electrical and Electronic Engineers (IEEE), Pretoria, South Africa, November, pp 98-107

  • 2. Duvenage, P.C. & von Solms. S.H. (2014) ‘Cyber counterintelligence: Putting counterintelligence in cyber counterintelligence’ in Published Proceedings of the 13th European Conference on Cyber Warfare and Security, Piraeus, Greece, July, pp 70-79.

  • 3. Duvenage, P.C. & von Solms. S.H. (2015) ‘Cyber counterintelligence: Back to the future’, Journal of Information Warfare, 13(4): pp 42–56. PDF

  • 4. Duvenage, P.C., von Solms, S.H. & Corregedor, M. (2015) ‘The cyber counterintelligence process – A conceptual overview and theoretical proposition’ in Published Proceedings of the 14th European Conference on Cyber Warfare and Security, Hatfield, UK, July, pp 42-51 PDF

  • 5. Duvenage, P.C., Jaquire, V.J. & von Solms, S.H. (2016) ‘Conceptualising cyber counterintelligence – Two tentative building blocks’ in Published Proceedings of the 15th European Conference on Cyber Warfare and Security, Munich, Germany, June, pp 93-103 PDF

  • 6. Van Niekerk, B. and Duvenage, P.C. (2016) ‘Cyber Intelligence and Counterintelligence’, Presentation at the ISACA Annual Conference (South African Chapter), Johannesburg PDF

  • 7. Duvenage, P.C., Sithole, T.G. & von Solms, S.H. (2017) ‘A conceptual framework for cyber counterintelligence – Theory that really matters’ in Published Proceedings of the 16th European Conference on Cyber Warfare and Security, Dublin, Ireland, June, pp 109-118.

  • 8. Jaquire, V.J. and Von Solms, S.H. (2017a) ‘Cultivating a Cyber Counterintelligence Maturity Model’ in Published Proceedings of the 16th European Conference on Cyber Warfare and Security, Dublin, Ireland, June, pp 176-183 PDF

  • 9. Jaquire, V.J. and von Solms, S.H. (2017b) ‘Developing a Cyber Counterintelligence Maturity Model for Developing Countries’, Paper presented at the 2017 IST-Africa Conference, Windhoek, Namibia.

  • 10. Jaquire, V.J. and von Solms, S.H. (2017c) ‘Towards a Cyber Counterintelligence Maturity Model’, Paper for the 12th International Conference on Cyber Warfare and Security, Wright State University & the Center for Cyberspace Research, Air Force Institute of Technology, Dayton, USA

  • 11. Jaquire, V.J. (2018) A framework for a cyber counterintelligence maturity model, unpublished PhD (D.Com) thesis, University of Johannesburg, Johannesburg, South Africa.

  • 12. Duvenage, P.C., Jaquire, V.J. & von Solms, S.H. (2018a) ‘A selective literature review on cyber counterintelligence’ in Published Proceedings of the 17th European Conference on Cyber Warfare and Security, Oslo, Norway, June, pp 137-145

  • 13. Duvenage, P.C., Jaquire, V.J. & von Solms, S.H. (2018b) ‘Towards a literature review on cyber counterintelligence’ in Journal of Information Warfare, 17(4): 11-25 PDF

  • 14. Jaquire, V.J., Duvenage, P.C. & von Solms, S.H. (2018) ‘Building the CCI dream team’ in Published Proceedings of the 17th European Conference on Cyber Warfare and Security, Oslo, Norway, June, pp 224-232 PDF

  • 15. Sithole, T.G., Duvenage, P.C., Jaquire, V.J. & von Solms, S. H. (2019) ‘Eating the elephant – A structural outline of cyber counterintelligence awareness and training’ in Published Proceedings of the 14th International Conference on Cyberwarfare and Security, Stellenbosch, South Africa, February, pp 396-404 PDF

  • 16. Duvenage, P.C., Jaquire, V. J. & von Solms, S.H. (2019) ‘A cyber counterintelligence matrix for outsmarting your adversaries' in Published Proceedings of the 18th European Conference on Cyber Warfare and Security, Coimbra, Portugal, July, pp 87-93

  • 17. Duvenage, P.C., Sithole, T.G. J. & von Solms, S.H. (2019) ‘Cyber Counterintelligence: An Exploratory Proposition on a Conceptual Framework’ in International Journal of Cyber Warfare and Terrorism, 9 (4): pp 44-61. PDF

  • 18. van Niekerk, B., Ramluckan, T. & Duvenage, P.C. (2019) ‘An analysis of selected cyber intelligence texts' in Published Proceedings of the 18th European Conference on Cyber Warfare and Security, Coimbra, Portugal, July, pp 554-559.

  • 19. Duvenage, P.C. (2019) A conceptual framework for cyber counterintelligence, unpublished PhD (DCom) thesis dissertation, University of Johannesburg, South Africa.

  • 20. Duvenage, P.C., Jaquire, V. J. & von Solms, S.H. (2020) ‘A Cyber Counterintelligence Matrix for Outsmarting Your Adversaries’ in Journal of Information Warfare, 19(1): pp 1-11 PDF

  • 21. Sithole, T.S., du Toit, J., Jaquire, V.J. & von Solms S.H (2020) ‘A Framework for a Foundational Cyber Counterintelligence Awareness and Skills Training Programme’ in Published Proceedings of the 19th European Conference on Cyber Warfare and Security, Chester, United Kingdom, pp 510-517.

  • 22. Duvenage, P.C., Jaquire, V. J. & von Solms, S.H. (2020) ‘Cyber Counterintelligence: Some Contours towards the Academic Research Agenda’ in Published Proceedings of the 19th European Conference on Cyber Warfare and Security, Chester, United Kingdom, pp 107-116.

Basie von Solms
The University of Johannesburg's Prof SH (Basie) von Solms ranks 5th globally among cybersecurity researchers

In an era of universal digital threats, the significance of cybersecurity research is paramount. Cyberattacks are becoming increasingly frequent and sophisticated, posing serious risks to individuals, businesses, and governments. Highlighting the importance of ongoing research and expertise in this field, Professor Basie von Solms from the University of Johannesburg (UJ) has recently been recognised as one of the top cybersecurity researchers globally.

Petrus Duvenage
Petrus ('Beer') Duvenage served as an officer in the South African Defense Force and subsequently in various capacities in state intelligence agencies - mostly in the field of counterintelligence.

From 2010 he has been more openly involved in academic research projects focused on Counterintelligence and he currently holds a Senior Research Fellowship at the University of Johannesburg.

Petrus was conferred a doctorate (PhD) from the University of Pretoria, a doctorate (D.Com) from the University of Johannesburg (UJ) and obtained qualifications in cybersecurity and business management from universities that include the Rand Afrikaans University (RAU), UJ and Harvard.

His extensive academic research in Counterintelligence and Cyber Counterintelligence has been published in various journals and proceedings of conferences.

Victor Jaquire
has been within the field of cyber and information security for over 20 years within government and the private sector focusing on strategy, performance management and operations.

He holds a PhD in Informatics from the University of Johannesburg - specialising in strategies for cyber counterintelligence maturity and the security of cyberspace.

Thenjiwe Sithole
is a PhD student at the University of Johannesburg.

She holds a Masters in Information Technology (Information Systems) from the University of Pretoria and a Master of Engineering Sciences in Electronics (Telecommunications) from the University of Stellenbosch.

She also has a Certificate in Cyber Security from the University of Johannesburg.

Jaco du Toit
He has been in the computer industry since 1995 and have excelled in the Microsoft training, support and consulting arena.

His areas of research include Cyber Security, with a focus on privacy and mobile operating environments. A specific interest to him is research in increasing the protection of private information using decentralised data and access control models.

Another area of interest is the measurement and planning of cyber security capacity in organisations, industry and the role that educational institutions play in this area.

Jaco is the deputy director at the Centre for Cyber Security at the University of Johannesburg. The Centre for Cyber Security focusses on improving the skills and knowledge of all South African citizens in the field of cyber security. This is accomplished through formal training courses, knowledge sharing and media communications.