Broadband penetration is becoming pervasive in Africa. The International Telecommunication Union estimated by the end of last year, about 20% of Africa's citizens would be connected to the Web.
However, while increased connectivity is revolutionising life for Africa's citizens, it is also leaving them vulnerable to cyber crime, and SA is no different.
In fact, SA is lagging behind Africa when it comes to having a coordinated cyber security policy in place, says professor Basie von Solms, director of the Centre for Cyber Security at the University of Johannesburg. "There is a lack, in SA, of overall cyber security strategy and policy."
Von Solms will deliver a presentation entitled: "The African Union Convention on cyber security - a cyber wake-up call for South Africa" at ITWeb Security Summit 2015, to be held in Johannesburg later this month.
He will discuss how local policies on e-commerce, cyber crime and cyber security have been largely fragmented and uncoordinated. Van Solms will also present a plan to kick-start some initiatives to improve SA's position.
In June 2014, a delegation of 54 African governments met at the 23rd African Union Summit, and approved the African Union Convention on Cyber Security and Personal Data Protection. "This was a wake-up call for South Africa," says Von Solms.
The convention's aim was to mobilise all public and private sectors - states, local communities, civil society organisations, media, training and research institutions - for the promotion of cyber security. "The AU Convention has chapters on electronic transactions, personal data protection and promoting cyber security and combating cyber crime."
There were also four cyber-related components specified by the convention, namely a national, publicly available cyber security policy; cyber public-private partnerships, cyber security capacity building; and a culture of cyber security.
The first component stated each party shall undertake to develop, in collaboration with stakeholders, a national cyber security policy... and outline how the objectives of such a policy are to be achieved. "Does SA have such a policy?" asks Von Solms. "No."
In terms of developing a culture of cyber security, SA is falling behind. The convention said as part of the promotion of the culture of cyber security, state parties may adopt several measures, including establishing a cyber security plan for the systems run by their governments, implementing programmes and initiatives for sensitisation on security for systems and networks users, and encouraging the development of a cyber security culture in enterprises. "Again, SA is not following suit and creating such a culture."
As regards public-private partnerships, Von Solms says the convention stated each state party shall develop public-private partnerships as a model to engage industry, the civil society and academia in the promotion and enhancement of a culture of cyber security. "Do we have such partnerships in SA? No."
Finally in terms of the fourth component, a national cyber security system that covers education and training, the convention stated each state party should adopt measures to develop capacity building with a view to offering training; this covers all areas of cyber security, and sets standards for the private sector.
In addition, it said each state party shall undertake to promote technical education for ICT professionals, within and outside government bodies, through certification and standardisation of training; categorisation of professional qualifications; as well as development and needs-based distribution of educational material. "Again, are we building capacity in SA? No," Van Solms concludes.
Share