The Internet Service Providers' Association (ISPA) says there is a critical need for a body such as the government Cyber Response Committee (CRC), as cyber crime is a reality that has to be addressed through a broad range of tools applied to consumer, business and government levels.
The CRC is chaired by the State Security Agency and consists of representatives from various departments - justice and constitutional development, science and technology, telecommunications and postal services, defence, and the South African Police Service.
The recently-established body is meant to coordinate and monitor the development of policies and strategies aimed at combating cyber threats against state departments and institutions.
ISPA regulatory advisor Dominic Cull says, if the country achieves even half of the targets set out in the SA Connect National Broadband Policy - half of 90% of the population having access to broadband with minimum upload speed of 5Mbps by 2020 - there will be a vast number of "naive" users coming online over the next five years.
Commenting on the list of draft policies the CRC has already submitted to Parliament's Justice, Crime Prevention and Security Cluster for consideration, Cull says this is a range of policy documents that includes a specific focus on awareness - which is welcome - but it would be premature to comment without seeing the content.
"We have a long tradition of misleading titles and policy/legislation. It is also the case, however, that there are already a number of existing legislative and regulatory tools, which are underutilised, and implementation is the graveyard of policy," he states.
The critical need is for government to beef up and give more support to existing structures, such as the relevant South African Police Service divisions dealing with cyber crime, says Cull. "They have experience and a good track record, but need more support as the sector grows. Thereafter, there needs far greater co-ordination between different role-players, both within and between state institutions."
Cull notes education and skills development are obviously key, and government policies do seem to be taking the right approach in making these areas prominent. "The online environment changes rapidly, so SA will benefit much more from skilled cyber security professionals and institutions who are agile and can adapt their approach as new threats arise."
General awareness
Cull points out there is a need for legislation that supports a public awareness campaign about online safety. "If they are not already online, the majority of the country's population will be accessing the Internet on a regular basis by 2015. A stronger focus on grass roots education and awareness of online security issues would be very helpful."
The SA Connect broadband penetration targets speak to the scale of the oncoming challenge:
Target | Penetration measure | Baseline (2013) | By 2016 | By 2020 | By 2030 |
Broadband access in Mbps | % of population | 33.7% Internet access | 50% at 5Mbps | 90% at 5Mbps, 50% at 100Mbps | 100% at 10Mbps, 80% at 100Mbps |
Schools | % of schools | 25% connected | 50% at 10Mbps | 100% at 10Mbps, 80% at 100Mbps | 100% at 1Gbps |
Health facilities | % of health facilities | 13% connected | 50% at 10Mbps | 100% at 10Mbps, 80% at 100Mbps | 100% at 1Gbps |
Public sector facilities | % of government offices | None specified | 50% at 5Mbps | 100% at 10Mbps | 100% at 100Mbps |
Source: ISPA
In terms of existing legislation that needs updating, Cull says the penalties set out in the Electronic Communications and Transactions (ECT) Act should be reviewed and potentially increased. "There is also specific reference to 'cryptography, e-identity management and the law of evidence in so far as it relates to electronic evidence' [by the CRC].
"Cryptography and electronic evidence are already dealt with under the ECT Act; the former could perhaps be revisited as ineffective, but the latter, in my view, does not require any review and has been further developed by the courts."
Cull points out the industry is willing to assist government in fine-tuning its response to cyber threats. "ISPA has established excellent relationships with various law enforcement agencies and bodies such as Sabric, in order to facilitate cooperation within the legal framework."
Share