Securing SA’s information into the fourth industrial revolution
The South African banking industry nearly went on a major strike on 27 September, with the banking industry accused of leaving employees out of the fourth industrial revolution (4IR) wave, making 4IR a new monster to jobs.
The banking industry unions are so sadly and painfully mistaken though; it is not 4IR that is taking jobs away as this wave effect is yet to be felt at this level. Jobs are being taken away by the third industrial revolution (also known as the digital industrial revolution) and has a lot to do with information security.
Before getting into the details, let there be context to this paper. The South African Constitution is based on democratic principles that are laced with unhealthy levels of openness that borders on carelessness in the protection of its important and critical information.
Having stated this somewhat controversial and deliberately shallow view, the main question is what must South Africa do moving forward in securing its information, if any information security is to take place. This information security challenge is directly linked to the so-called fourth industrial revolution, interpreted with a Eurocentric or any perspective.
Sadly, this attitude to Eurocentrism blocks and discourages real debates and discussions and it ends up being a political campaign raging even within the decision-makers who should rise above campaign rhetoric. In many cases, decision-makers avoid the topic completely because they know very little about it. It just numbs them, to the detriment of their responsibilities to lead society and the country.
What is this information security? It is the ability of the country to manage information, knowing what must be disclosed and what must not be disclosed. Just like in a family environment, information may be for public consumption, confidential, secret or top secret. Handling this information depends on its category and children are taught at home to know this.
So information security is a human and societal norm. Companies do this all the time and so must a country. With this understanding, the question is does the country understand this and do citizens know their role in information security? This paper is not for information security specialists but for general knowledge engagement on this, leaving specialists to deal with this issue in their summits and advanced organisations where this subject triggers educated responses with very detailed references to advanced legislation and policy positions that South Africa is very good at.
Let the silence about implementation continue whilst the decision-makers continue to decipher the major stumbling block to the reason why implementation has dogged South Africa since 1994 or 1990 or 1985, whichever one views as the beginning of freedom or sharing of rights and power in South Africa.
Before zooming into South African perspective, it may be wiser to do a global perspective before dealing with South Africa. Information security should be viewed against world developments, especially on the industrial revolution phases that the world has gone through:
- The first industrial revolution saw the world using steam as an energy source and producing at high quality levels with handmade products and goods. The currency of the day began with energy taking centre stage, as well as quality and handcraft perfections as another rare currency for those with a sense of class.
- The second industrial revolution saw the world discovering electricity and mass production with factories lining up to meet the growing demand of population growth. The currency of the day continued to be energy (even more profound now) and productivity with many scholars fighting between craftsmanship and productivity levels. The energy industry ruled and continues to rule the world. Knowledge began to grow and its accessibility grew to a level where human beings even thought that acquiring this knowledge was the ultimate goal. Universities became the epitome of human knowledge and intellectual excellence. The quality from the first industrial revolution began to be diluted by the desire to produce in numbers. Rare production plants closed down and very few of high quality remain but they are also infusing new technologies where possible.
- The third industrial revolution saw the introduction of computers that managed the production, and automation became and continues to be the order of the day. Many jobs are being lost because of this automation. These computers, connected to the Internet, also became platforms to share this knowledge, making information and knowledge a commodity and too much of it to make the universities a commodity and even fly-by-night institutions that have mushroomed throughout the world. Whilst the universities knew this was happening, they hoped and continue to claim their role in this era and some are saying they are doing OK, and others count the number of unemployed graduates with qualifications staring at their hungry stomachs and disillusioned children who despise structured education. The currency of the third (digital) industrial revolution is the level of automation and reduction of human intervention. Sadly, many decision-makers are confusing digital industrial revolution with the fourth industrial revolution and in South Africa there is a blind conflation of the third and fourth industrial revolution challenges, making the responses extremely clumsy, with unions running around like headless chickens. The bankers will attest to this.
- The fourth industrial revolution is ushering an era where everything is connected to the Internet and the availability of information and knowledge is not the currency but the data about people and developments around the world is the currency of the day. The Internet is the foundation of the 4IR and it is hungry for this data, your data. It wants to know and store everything about you. The big information processors (definitely not South African) want to process and use this information to empower the many robots being developed so that they can take over from human beings one day when the so-called Singularity will reign. To demonstrate this fact, the UK Prime Minister addressed the UN assembly during September 2019 and instead of talking about saving his challenged career as Prime Minister due to the legal pressure and courts ruling against him at home, he decided to deal with this currency, data. He decided to position London as the tech hub to steal the narrative for an event he is pushing for in 2020.
The man knows that legacy is made out of such events. Some in the world heard him and some did not and focused on how he will respond to the many men and women in the ropes who declared him delinquent. Whilst South Africa has also entered the fourth industrial revolution, very few industries are actually involved in its true rollout. Many industries are still in the 3IR and infusing the 4IR developments led outside South Africa, including policy implementation.
There is yet to be real engagements about 4IR in SA, hoping the 4IR Commission will shed light sooner than later. It is hoped the commission knows the Internet year is about 10 weeks and therefore they should not be measuring themselves using the normal calendar year. South Africa is running out of time in developing and implementing this expected 4IR strategy. Again the implementation demon appears.
May the universe help SA neutralise this demon because there is no 4IR expert in the world and the SA 4IR strategy and policy will need very practical individuals who will deliver an instantly implementable plan to enable South Africa join this important global era. Let the honorable men and women in the 4IR Commission be blessed with the wisdom and courage to help prepare the country moving forward with the highly expected output from their deliberations; time is against South Africa. The currency of the 4IR is information and this is the new GOLD that South Africa needs to begin harvesting, managing and protecting.
Now back to information security in South Africa. The culture of information security in South Africa is a battle between liberal and conservative views to the definition of a sovereign state with democratic principles. Information security is subjected to a schizophrenic condition of decision-makers from the ANC to government departments, laced with clandestine operational mode dating back to the days of living in exile and confusing the enemy. Seems that confusion still reigns in some critical areas of dealing with information security.
So the information security consideration in South Africa is also about placing this discussion within the context of 4IR.
- Information security is an activity that includes practice and platforms. Practice is a discipline that starts at home and goes all the way to the workplace and in public.
- Information security can only happen if there is a proper cyber security industry within the country. This cyber security needs to be infused with physical security services in order to protect the information that needs to be protected.
- Information security needs relevant organisations that South Africa has but they need more help to be utilised and made more accessible and known by the community. The Information Regulator is there but the name itself is a bit intimidating and needs a lot of campaigns to make this organisation known and engaged by the public.
- There is a need to rollout capacity-building activities to educate and empower those entrusted with information to know which information is public, confidential, secret or top secret. Many government people are too careless and continually compromise the country, some for money and some are just ignorant and do not know. Ignorance is not bliss.
- There is a need for a detailed collaboration between government, civil society (Real Umphakathi not only the neoliberal NGOs with foreign agendas) and the private sector to collaborate on information security. Platforms are needed to help deal with information security and protect whatever needs to be protected for the sake of the future of the country.
Whilst this may sound complex already, there are additional factors that make this journey even more difficult for the nation and individuals, especially those born before technology (BBTs). This paper is aimed at the public of South Africa and a call for South Africans to begin adopting the culture of information security, starting at home, in the WhatsApp groups, etc.
Maybe a guide is needed by South Africans to begin dealing with information security at the personal level and this paper will continue to venture some ideas at the personal level by proposing the 12 Steps of SafeCyberLife (www.safecyberlife.com):
1. Every home needs to perform technology and information audits at home. It starts at home.
2. Every home needs to have a password policy and discussions about passwords must happen at the home level.
3. Secure e-mail services must be used for confidential and important information. Many “free” e-mail services indemnify themselves from any loss or compromise of information and individuals are not aware of the dangers of these free e-mail services. Nothing in life is for free.
4. Every device needs to have proper and credible anti-virus software.
5. Software updates must carried out on all devices.
6. Privacy settings must be managed on all the devices and services.
7. Parents need to implement and manage parental controls in all the technologies at home. Many parents have relinquished their parental duties, with children taking technology decisions at home and even managing parents. This is not advisable for the parents.
8. Everyone must know all the software and applications running in their devices. All the icons must be understood.
9. There is a strong need to live a proper online and social media life.
10. Cyber health must be maintained at home, ensuring there is set cycles of digital detoxing.
11. Every home must understand the eight elements of the fourth industrial revolution.
12. Families must prepare for the 4IR, especially in getting the youth to know that the careers of the future include nanotechnologists, 3D printing technicians, AI programmers, robotics engineers, etc.
Let the 4IR discussions continue, maybe with some more context and let more thoughts be triggered at all levels of society.
This article was written by Mr Linda Khumalo, Founder of SafeCyberLife and Author of the book titled Introduction to Digital Technology and the 4th Industrial Revocation, www.safecyberlife.com. Copyrights reserved.