Government's failure to establish information systems that are either secure or actually functional is the reason for government's inability to implement laws and policies.
This is apart from the general reasons of incapacity and cadre deployment, according to Democratic Alliance (DA) shadow minister of justice and constitutional development, Dene Smuts.
Speaking at the 6th IT Governance Africa Conference, in Cape Town, Smuts said: “Consider that government departments rely on information technology (IT) systems for their administrative functions and we begin to understand the state of service delivery.
“Take the courts, police and prisons cluster: five years since Cabinet adopted the so-called seven-point plan, which envisaged the electronically-enabled flow of information between the three entities to fight crime, they not only still operate in silos, but only the justice department has actually worked on implementing the plan. A new effort was launched last September and we live in hope.”
Smuts added that the poor state of information systems in the public sector is presumably itself the result of incapacity and cadre deployment.
Obviously embarrassing
“Electronic communications is the playground of the phenomenon... crony capitalism. If we look at the auditor-general's National Audit Outcomes released recently, we see that a number of communications agencies, but especially SITA [the State IT Agency], were responsible for nearly half a billion of the R1.9 billion of irregular spending across all public entities linked to supply chain management. Without knowing the actual details, one has to wonder what is at work there.”
The communications agencies were among the 92% of public entities that did not have complete security management in place, according to Smuts. The 95% that were lacking in terms of user-access management included not only SITA, but also the Independent Communications Authority of SA and the Universal Service and Access Agency of SA.
“It is embarrassing not only for the obvious reasons, but also because the Department of Communications, in whose portfolio they sit, is the custodian under the Electronic Communications and Transactions (ECT) Act of all manner of things, from the creation of an e-strategy for the republic, to the declaration and protection of critical databases. Absolutely nothing has been done in respect of either an e-strategy or the critical databases.”
The DA says it will move that that entire provision of the ECT Act (the declaration and protection of critical databases) be moved to the Protection of State Information Bill. “That is something the state security agency can legitimately and usefully do instead of trying to give the antiquated minimum information security system, under which we quite unconstitutionally still live, the legislated status which the Secrecy Bill intends when it allows the intelligence minister to make regulations in respect of information security.”
Empty pledges
“We have, since the 2002 ECT Act, been promised a cyber security policy for the republic, but that too got marooned in the realm of good intentions,” said Smuts.
However, a framework was finally adopted by Cabinet last week. The framework outlines policy positions that are intended to address national security threats in cyberspace; combat cyber warfare, cyber crime and other cyber ills; and develop, review and update existing substantive and procedural laws to ensure alignment.
The DOC also has in its plans for this year the development of a plan to establish the Computer Incident Response Team to combat cyber attacks.
Share