Desperately seeking cyber security skills
SA does not have enough security experts to prevent and mediate cyber attacks, and the skills gap is likely to widen.
So says Basie von Solms, research professor at the University of Johannesburg's (UJ's) Academy for Computer Science and Software Engineering (ACSSE). He adds that knowledge, experience and skills in cyber security, ie the discipline to protect governments, companies and individuals against attacks made via the Internet, are crucial to the strategic and economic development of SA.
"Cyber crime is growing at an alarming rate and, economically, businesses can be crippled as a result. Cyber attacks against national critical information infrastructures are happening all over the world - and maybe even in SA - and can bring a country to its knees," says Von Solms. "The major defence for such attacks relies on knowledgeable cyber security experts who can be proactive to help to prevent or mediate such attacks. SA does not have enough experts in this area, and the red lights are already flashing."
Von Solms cites Steve Rosenbush, deputy editor of Wall Street Journal's CIO Journal, who noted that demand for cyber security experts is growing at 3.5 times the pace of the overall IT job market, and at 12 times the overall job market.
Further, from 2007 to 2012, the demand for cyber security experts grew 73%, while the demand for all jobs grew just 6%.
While Von Solms acknowledges that SA has good programmes in preparing cyber security experts, he says government and industry do not exploit these well enough.
"The government should take a much stronger role in supporting and using existing programmes, and creating and financing more dedicated institutions that can help to increase the number of such experts in SA. We need a much more co-ordinated effort. At the moment, companies - and even government departments - are all working in isolation and not sharing cyber security expertise and knowledge. We urgently need the national CSIRT [Computer Security Incident Response Team], which the government has promised."
When questioned on the state of security training in SA, Von Solms says SA's training programmes are comparable with those of the rest of the world.
"As far as security is concerned, there can be no doubt that students do get relevant knowledge and training on par with international levels, but not enough [graduates are] produced. Some programmes may still be too focused on 'traditional' security, and should be expanded to specifically address cyber security," he advises.
Touching on training areas he feels need improvement, Von Solms says SA needs more programmes in the field of cyber security, but built on the excellent standards already in SA.
"At this point in time, cyber security is the main content, and SA needs many more. Much guidance should come from the government, and hopefully that will be forthcoming when the new (delayed?) National Cyber Security Policy Framework is announced."
However, cyber security should not just be the realm of security experts, says Von Solms, but rather should be on everyone's minds: "We need cyber security awareness on all levels of the country - from primary school learners, to home users, to specialised disciplines like the justice and legal systems, etc. We can only survive the cyber risks if we are aware of them."
New legislation will also impact security training in SA, says Von Solms. "General corporate governance requirements, like King III, are already having a positive impact in SA, as Chapter 5 of this document clearly states that the board of directors is responsible for information security in a company. More and more experts are needed, because directors want to ensure their boards execute good corporate governance as specified by King III. New legislation like POPI will have an effect, as will stronger regulations, which will surely come to protect the privacy of data and information of citizens."
Von Solms says UJ is actively campaigning to create capacity in the field of cyber security. "The Centre for Cyber Security in the ACSSE is getting very good feedback from its Certificate in Cyber Security. This certificate was introduced last year and started with eight students. The first intake in 2013 already has 30 students, and public demand has forced another intake in July.
"We are also working on a Certificate in Digital Forensics. These certificates are all for part-time courses, specifically for people working full time."
Von Solms will address the upcoming ITWeb Security Summit, where he will provide an overview of the cyber security legal and regulatory landscape in SA. He will also outline UJ's cyber security courses. For more information, click here.