The protection of SA's government systems is shrouded in ambiguity, as no one really knows where the country stands on the issue of cyber crime, and foresight as to the implications of such is lacking.
If the issue of a parliamentary standing oversight committee for cyber security is not part of the SA Cyber Security Policy, it is flawed even before we have it.
Professor Basie von Solms, director of the Centre for Cyber Security at UJ
This is according to Professor Basie von Solms, director of the Centre for Cyber Security at the University of Johannesburg (UJ), who questioned the weight of government's cyber security strategy and the awareness of “ordinary citizens” at ITWeb's Security Summit yesterday.
Von Solms said that, with volumes of information about the government and its citizens accumulating on the Internet, it is imperative to ask: “Who is watching over SA's cyber security?”
He echoes the sentiments of Iain Lobban, director of the UK Government Communications Headquarters, who has urged greater awareness of the threats posed by cyber attacks: “First, the government wants to get services online. Most departments and ministers aspire to put more and more government activity onto the Internet. It is a cheaper, faster, more efficient way of running government business.
“The public increasingly expects services to be available online. But it has to be done without putting citizens' personal data at risk of being stolen, and without opening up payment systems to fraud. This is a big challenge.”
Von Solms says that, in SA, “we as ordinary citizens should demand that someone has an oversight responsibility and can provide answers [to questions around our online security]”. But there are many questions that cannot be answered, as the government's cyber security policy is yet to be finalised.
“We have waited two years for the final SA Cyber Security Policy [and] it is not known whether [the aspect of an oversight function] is addressed in the policy.” If the issue of a parliamentary standing oversight committee for cyber security in SA is not part of the policy, says Von Solms, “it is flawed even before we have it.”
Cyber supervision
Von Solms said SA is in dire need of a governmental oversight body for cyber security that can monitor and take responsibility for the personal information of the country's citizens. “How does the ordinary citizen know that his personal data entrusted to government departments and private companies is secure, confidential and protected?”
The oversight committee, he proposes, should comprise representatives from all parties in Parliament, invited technical experts from all spheres of the South African community, representatives from government departments, and invited representatives from non-governmental organisations related to aspects like cyber bullying and cyber stalking.
Von Solms suggests the body's tasks should include banking security, management of the Department of Home Affairs and the South African Social Security Agency, and overseeing criteria surrounding SA's Financial Intelligence Centre and Regulation of Interception of Communication Acts.
“[In addition to this, the committee should] investigate the security of new and planned systems, provide a platform for ordinary citizens, and propose measures for government to advance cyber security awareness.”
Share