Cyber response group to develop policy
Government has established a Cyber Response Committee (CRC) to coordinate and monitor the development of policies and strategies aimed at combating cyber threats against state departments and institutions.
The committee is chaired by the State Security Agency (SSA) and consists of representatives from various departments - justice and constitutional development, science and technology, telecommunications and postal services, defence, and the South African Police Service.
Minister of police Nkosinathi Nhleko recently announced the details of the CRC during a briefing of developments within the Justice, Crime Prevention and Security (JCPS) Cluster, in Parliament.
He stated the committee has already submitted policies that seek to strengthen government's ability to deal with cyber crime, adding these include policies that propose a cyber security policy approach in SA.
According to SSA spokesperson Brian Dube, the CRC does not have a dedicated budget, but uses funds across government departments, "in terms of existing allocations".
"Because cyber security is a new phenomenon, government needs to work with all stakeholders in the private and public sector to ensure we reduce the potential of the negative effects [of cyber threats]," says Dube.
"Furthermore, the issue of skills both in the private and public sector is a matter of concern and to this end, we have held discussions with tertiary institutions with a view to building the requisite capacity."
Dube adds further legislation will, in due course, be promoted to address relevant aspects of cyber security, including cryptography, e-identity management and the law of evidence, in so far as it relates to electronic evidence.
As part of its work, the committee has submitted the following policies that seek to aid government to deal with cyber crimes and other related crime to the JCPS cluster for consideration:
* Draft Cyber Security Policy, which seeks to propose a cyber security policy approach for SA;
* Draft National Critical Information Infrastructure Policy, which outlines an approach to the identification, protection and security of national information infrastructure that is categorised as critical for the provisioning of essential services to South Africans;
* Draft Cyber Crime Policy and Strategy, which seeks to develop a national policy and strategy approach to combating cyber crime;
* Draft Cyber Defence Strategy, which seeks to propose an approach to cyber defence for South Africa and is led by the Department of Defence;
* Draft Cyber Security Bill, which seeks to provide legislative and procedural aspects relating to combating cyber crimes and related threats; and
* Draft Cyber Security Awareness Strategy, which proposes measures to deal with relevant aspects of cyber security awareness within SA.
Last year, former communications minister Yunus Carrim inaugurated the National Cyber Security Advisory Council (NCAC), whose role is to advise government on cyber security policy and technical issues.
This came after Cabinet passed the National Cyber Security Policy Framework in March 2012, in terms of which the NCAC was established.
It is not yet clear how the council will work with the newly-established CRC. "The Department of Communications is responsible for stakeholder engagement and, as I understand it, such a committee [NCAC] would have been part of their mechanisms to get work [related to national cyber security] off the ground," says Dube. He adds the CRC is an overall coordinating committee of all responsible government departments.
Democratic Alliance shadow minister of telecommunications and postal services Marian Shinn is also unsure about the working relationship between the NCAC and the CRC, but says: "I wrote to the portfolio committee chairperson in July, asking that the Cyber Security Council present to the committee what its mandate and activities are, but this was not included in our programme for the year."
Shinn also says she has no knowledge of the Cyber Response Committee, but adds it seems to be in line with government's strategic framework on the issue.
"There is going to be increasing activity in this sphere in the coming years and we need to be vigilant that South Africa's freedoms, as outlined in the Bill of Rights, are not trampled on in the rush to combat genuine cyber crime and security threats."