An Approach to Governance of CyberSecurity in South Africa

A government has the responsibility to provide, regulate and maintain national security, which includes human security for its citizens. Recent declarations from the UK and USA governments about setting up cybersecurity organisations and the appointment of cyber czars reflect a global recognition that the Internet is part of the national critical infrastructure that needs to be safeguarded and protected. Although the South African government approved a draft National Cyber Security Policy Framework in March 2012, the country still needs a national cybersecurity governance structure in order to effectively control and protect its cyber infrastructure. Whilst various structures have been established to deal with cybersecurity in South Africa, they are inadequate and implementation of the policy is still in the very early stages. Structures need to be in place to set the security controls and policies and also to govern their implementation. It is important to have a holistic approach to cybersecurity, with partnerships between business, government and civil society put in place to achieve this goal. This paper investigates different government organisational structures created for the control of national cybersecurity in selected countries of the world. The main contribution is a proposed approach that South Africa could follow in implementing its proposed cybersecurity policy framework, taking into account the challenges of legislation and control of cybersecurity in Africa, and in particular, in South Africa.

Download Full-text

Cybersecurity Policy and the Legislative Context of the Water and Wastewater Sector in South Africa

Sustainability ◽

10.3390/su13010291 ◽

2020 ◽

Vol 13 (1) ◽

pp. 291

Author(s):

Masike Malatji ◽

Annlizé L. Marnewick ◽

Suné von Solms

Keyword(s):

South Africa ◽

Computer Security ◽

Critical Infrastructure ◽

Policy Framework ◽

Economic Sectors ◽

Cyber Terrorism ◽

Electronic Communications ◽

Response Team ◽

Water And Wastewater ◽

Security Incidents

The water and wastewater sector is an important lifeline upon which other economic sectors depend. Securing the sector’s critical infrastructure is therefore important for any country’s economy. Like many other nations, South Africa has an overarching national cybersecurity strategy aimed at addressing cyber terrorism, cybercriminal activities, cyber vandalism, and cyber sabotage. The aim of this study is to contextualise the water and wastewater sector’s cybersecurity responsibilities within the national cybersecurity legislative and policy environment. This is achieved by conducting a detailed analysis of the international, national and sector cybersecurity stakeholders; legislation and policies; and challenges pertaining to the protection of the water and wastewater sector. The study found some concerning challenges and improvement gaps regarding the complex manner in which the national government is implementing the cybersecurity strategy. The study also found that, along with the National Cybersecurity Policy Framework (the national cybersecurity strategy of South Africa), the Electronic Communications and Transactions Act, Critical Infrastructure Protection Act, and other supporting legislation and policies make provision for the water and wastewater sector’s computer security incidents response team to be established without the need to propose any new laws or amend existing ones. This is conducive for the immediate development of the sector-specific cybersecurity governance framework and resilience strategy to protect the water and wastewater assets.

Download Full-text

Cybersecurity: Toward a Meaningful Policy Framework

10.31228/osf.io/b8hms ◽

2018 ◽

Author(s):

Peter M. Shane

Keyword(s):

Cyber Security ◽

Security Policy ◽

Legal Framework ◽

Public Understanding ◽

Policy Framework ◽

Military Effectiveness ◽

The Public ◽

Trade Offs ◽

National Debate ◽

Sharing Responsibility

This critique of Karson K. Thompson’s note, "Not Like an Egyptian: Cybersecurity and the Internet Kill Switch Debate," argues that the U.S. lacks a framework of laws and regulations, "smart" or otherwise, that adequately incentivizes the parties with the greatest capacity to improve our cyber security to do so. It attributes the poor state of U.S. cyber policy to the "bewildering array of overlapping responsibilities" scattered among government offices and departments; the difficult imperative of sharing responsibility among military and civilian authorities; the fact that most of the networks (and the dependent critical infrastructures) that need protecting are in private hands; and the lack of public understanding of the kinds of regulation that are necessary or appropriate. The essay argues that meaningful progress towards an adequate legal framework depends on a broad national debate aimed at defining the public good with regard to cyber-security, and the inevitable trade-offs among security, privacy, productivity, economic growth, organizational flexibility, military effectiveness, government transparency, and accountability that must be confronted in making sensible cyber-security policy.

Download Full-text

Implementation of a Cyber Security Policy in South Africa: Reflection on Progress and the Way Forward

ICT Critical Infrastructures and Society - IFIP Advances in Information and Communication Technology ◽

10.1007/978-3-642-33332-3_20 ◽

2012 ◽

pp. 215-225 ◽

Cited By ~ 7

Author(s):

Marthie Grobler ◽

Joey Jansen van Vuuren ◽

Louise Leenen

Keyword(s):

South Africa ◽

Cyber Security ◽

Security Policy ◽

The Way

Download Full-text

Security Control Assessment of Supervisory Control and Data Acquisition for Power Utilities in Tanzania

European Journal of Engineering Research and Science ◽

10.24018/ejers.2020.5.7.1429 ◽

2020 ◽

Vol 5 (7) ◽

pp. 785-789

Author(s):

Job Asheri Chaula ◽

Godfrey Weston Luwemba

Keyword(s):

Data Acquisition ◽

Supervisory Control ◽

Cyber Security ◽

Critical Infrastructure ◽

Security Evaluation ◽

Evaluation Tool ◽

Security Vulnerabilities ◽

Security Controls ◽

Security Control ◽

Security Compliance

The primary purpose of this research was to assess the adequacy and effectiveness of security control of the Supervisory Control and Data Acquisition (SCADA) communication network used by infrastructure companies. Initially, the SCADA networks were physically separated from other networks connected to the internet and hence assumed secure. However, the modern SCADA are now integrated with other network resulting in new security vulnerabilities and attacks similar to those found in traditional IT. Thus, it is important to reassess the security controls of the SCADA because it is operated in an open network environment. In this research, a case of the SCADA security controls in the power sector in Tanzania was assessed, whereby a specific SCADA implementation was studied. The data were gathered using observation, testing, interviews, questionnaire and documentation reviews. The results were analyzed using the Cyber Security Evaluation Tool (CSET) and checked for compliance based on the National Institute of Standards and Technology (NIST) and North America Electric Reliability Corporation (NERC) standards. The findings have shown that there exist security vulnerabilities both in security compliance of the standard and component-based vulnerabilities. Additionally, there is inadequate of audit and accountability, personnel security and system and information integrity. Also, for the component-based security compliance, the finding shows that identification and authentication, security management and audit and accountability. On the basis of the results, the research has indicated the areas that require immediate action in order to protect the critical infrastructure.

Download Full-text

Good Governance and Virtue in South Africa's Cyber Security Policy Implementation

International Journal of Cyber Warfare and Terrorism ◽

10.4018/ijcwt.2015010102 ◽

2015 ◽

Vol 5 (1) ◽

pp. 19-29 ◽

Cited By ~ 1

Author(s):

Oliver Burmeister ◽

Jackie Phahlamohlaka ◽

Yeslam Al-Saggaf

Keyword(s):

Cyber Security ◽

Security Policy ◽

Ethical Issues ◽

Good Governance ◽

Policy Framework ◽

Cyber Attack ◽

Ethical Perspective ◽

National Interests ◽

Nation States ◽

Arabic And English

Good governance from an ethical perspective in cyberdefence policy has been seen in terms of duty and consequentialism. Yet the negotiated view of virtue ethics can also address how nation states mitigate the risks of a cyber attack to their national interests and to prepare for a cyber offence in response to an attack. A discourse analysis of the “0x Omar”-Israeli conflict of 2012, as reported in the Arabic and English media and on the Internet, is used to explore ethical issues that this case raises and to examine how the risks posed could be mitigated in relation to relevant elements of the South African cybersecurity policy framework. Questions raised include: At what point does the policy require a nation state to prepare for a cyber offence in response to a cyber attack? Ethically, how are such actions consistent with the principle of good governance?

Download Full-text

Good Governance and Virtue in South Africa's Cyber Security Policy Implementation

Cyber Security and Threats ◽

10.4018/978-1-5225-5634-3.ch019 ◽

2018 ◽

pp. 325-336

Author(s):

Oliver Burmeister ◽

Jackie Phahlamohlaka ◽

Yeslam Al-Saggaf

Keyword(s):

Cyber Security ◽

Security Policy ◽

Ethical Issues ◽

Good Governance ◽

Policy Framework ◽

Cyber Attack ◽

Ethical Perspective ◽

National Interests ◽

Nation States ◽

Arabic And English

Good governance from an ethical perspective in cyberdefence policy has been seen in terms of duty and consequentialism. Yet the negotiated view of virtue ethics can also address how nation states mitigate the risks of a cyber attack to their national interests and to prepare for a cyber offence in response to an attack. A discourse analysis of the “0x Omar”-Israeli conflict of 2012, as reported in the Arabic and English media and on the Internet, is used to explore ethical issues that this case raises and to examine how the risks posed could be mitigated in relation to relevant elements of the South African cybersecurity policy framework. Questions raised include: At what point does the policy require a nation state to prepare for a cyber offence in response to a cyber attack? Ethically, how are such actions consistent with the principle of good governance?

Download Full-text

The Cyberspace Threats and Cyber Security Objectives in the Cyber Security Strategies

International Journal of Cyber Warfare and Terrorism ◽

10.4018/ijcwt.2013070101 ◽

2013 ◽

Vol 3 (3) ◽

pp. 1-18 ◽

Cited By ~ 3

Author(s):

Martti Lehto

Keyword(s):

Cyber Security ◽

Security Policy ◽

Critical Infrastructure ◽

The United States ◽

Substantial Contribution ◽

Security Threats ◽

Cyber Warfare ◽

Security Strategy ◽

Cyber Terrorism ◽

Cyber Espionage

Threats in cyberspace can be classified in many ways. This is evident when you look at cyber security on a multinational level. One of the most common models is a threefold classification based on motivational factors. Most nations use this model as a foundation when creating a strategy to handle cyber security threats as it pertains to them. This paper will use the five level model: cyber activism, cybercrime, cyber espionage, cyber terrorism and cyber warfare. The National Cyber Security Strategy defines articulates the overall aim and objectives of the nation's cyber security policy and sets out the strategic priorities that the national government will pursue to achieve these objectives. The Cyber Security Strategy also describes the key objectives that will be undertaken through a comprehensive body of work across the nation to achieve these strategic priorities. Cyberspace underpins almost every facet of the national functions vital to society and provides critical support for areas like critical infrastructure, economy, public safety, and national security. National governments aim at making a substantial contribution to secure cyberspace and they have different focus areas in the cyber ecosystem. In this context the level of cyber security reached is the sum of all national and international measures taken to protect all activities in the cyber ecosystem. This paper will analyze the cyber security threats, vulnerabilities and cyber weaponry and the cyber security objectives of the Cyber Security Strategies made by Australia, Canada, Czech Republic, Estonia, Finland, Germany, the Netherlands, the United Kingdom and the United States.

Download Full-text

Securitisation, terror, and control: towards a theory of the breaking point

Review of International Studies ◽

10.1017/s0260210511000726 ◽

2012 ◽

Vol 38 (4) ◽

pp. 861-879 ◽

Cited By ~ 15

Author(s):

JONATHAN BRIGHT

Keyword(s):

Security Policy ◽

War On Terrorism ◽

Specific Rule ◽

Educational Future ◽

Rule Breaking ◽

The Government ◽

Control Order ◽

Control Orders ◽

The Uk ◽

And Control

AbstractSecuritisations permit the breaking of rules: but which rules? This article argues that any given security situation could be handled by a variety of different ‘rule breaking’ procedures, and that securitisations themselves, whilst permitting rule breaking in general, do not necessarily specify in advance which rules in particular have to be broken. This begs the question: how do specific threats result in specific rule breaking measures? This article explores this question through reference to ‘control orders’, an unusual legal procedure developed in the UK during the course of the war on terrorism. Once applied to an individual, a control order gives the government a meticulous control over every aspect of their life, up to and including deciding on which educational qualifications they can take. Despite this control, individuals under the regime remain technically ‘free’: and have frequently used this freedom to abscond from the police who are supposed to be watching them. How did a security policy which controls a suspect's educational future, but not their physical movements, develop? This article aims to answer this question, and in so doing present a reevaluation of the mechanisms through which the effects of securitisation manifest themselves.

Download Full-text

Cybersecurity Policy Framework in Saudi Arabia: Literature Review

Frontiers in Computer Science ◽

10.3389/fcomp.2021.736874 ◽

2021 ◽

Vol 3 ◽

Author(s):

Nawaf Alhalafi ◽

Prakash Veeraraghavan

Keyword(s):

Saudi Arabia ◽

Cyber Security ◽

Smart City ◽

Security Policy ◽

Smart Cities ◽

New Technology ◽

Policy Framework ◽

Cyber Threats ◽

The Usa ◽

City Model

Saudi Arabia has a goal of ensuring that it has at least two cities among the top 100 smart cities of the future. However, increasing connectivity and incorporation of smart solutions in cities still raises concerns over cyber security with threats arising daily including denial of services and phishing as some of the most significant. Saudi Arabia, therefore, needs a cybersecurity policy framework that will ensure effective protection for all stakeholders in the smart city from these cyber threats. User acceptance is foremost important in any new technology, including smart-cities. Due to ongoing cyber threats and in the absence of an efficient cyber policies, Saudi end-user community is not keen to accept newer technologies where their interaction with online medium is required. The proliferation of smart cities globally affords the opportunity to analyze and compare the efforts made in Saudi Arabia with other nations like the USA, India and Singapore which is the premier smart city model in the globe currently. This review looks at the similarities and differences between KSA’s cyber security policy framework with these three nations. The review will note some of the defining characteristics and approaches to cyber security in the smart cities of USA, India, and Singapore. After reviewing the current framework in Saudi Arabia, this paper will make suggestions such as updating Saudi’s cybercrime legislation like in the US or formulating a master cyber security plan as seen in Singapore that will improve KSA’s framework creating the best framework model for cyber security in its smart cities.

Download Full-text