26 March 2019
Speech delivered by the Deputy Minister of Communications Pinky Kekana at the CEO Forum for Cybersecurity held at the Microsoft Head Office
Thank you very much for extending an invitation to me to be part of you today as you gather to talk about something which is of extreme importance… Cybersecurity!
I am simple person from humble beginnings in Bela Bela, and my journey with technology, in this role, has fascinated me.
Most of the things we experience on a daily basis were not possible, let alone imaginable not even ten years ago, and this is what fascinates me about the future of the world we are leaving the next generations.
A memory from my childhood, is a day when a famous German pastor was invited to preach at our church and as part of his sermon, he told the packed hall of congregants that one day we will no longer need to walk into a bank to deposit or draw money, there will be a machine, that you can press, and it will give you money.
We were amazed and we looked at each other with intense disbelief, some even laughed and said that maybe the Pastor had been watching too many movies. Needless to say, today Automated Teller Machines are part of our everyday lives. Day in and day out we continuously bear witness to how technology as a whole, makes seismic shifts in our daily lived experiences.
Now more than ever, every company across every industry is compelled to reconsider their traditional ways of doing business in order to keep up with the rapidly changing technology and consumer expectations. Change is here all around us.
These profound changes also have a greater impact on society, from how we make decisions and contribute to society as citizens, from a government and business leadership perspective.
It affects how we design systems and how we ensure that the very same systems we design do not just benefit the elite but everyone in society.
We are also called upon to ensure that where artificial intelligence, genetic engineering and other such technologies which have the potential to improve society radically, do not escape our control. In other words Cybersecurity is not something we can afford to neglect at any point as a country. Not now, not ever. This is why your gathering is not just important to you and the corporate business world. It is of utmost importance to me, to government, and to the people of South Africa.
In January this year the whole world bore witness to what could happen when technology, like drones get into the wrong hands. For the first time the world got site of how people with nefarious intentions can cause harm to sophisticated airport systems in the world. As much as technology brings us the potential to improve society, it is also obvious that it brings the negative as well.
According to the world economic forum, cyber criminals are defrauding national economies of large sums. WEF estimates that, cybercrime contributes to a reduction of global GDP by 1-2%. We are made aware daily of how Cyber-crime has become highly sophisticated, criminals can impersonate governments online, or banks or other elements of the private sector, where their access to funds or data, is detrimental.
As you know, in order to protect South African citizens from the dangerous elements lurking in the dark web, I am proud to be part of this administration who has initiated the Cybercrimes and Cybersecurity bill. This bill in essence, solves three problems:
- Firstly, before this bill, our laws did not comprehensively and uniformly criminalise conduct which is internationally regarded as cybercrime
- Secondly, the law is silo-based, and in the past various Departments enacted legislation to protect their interests in cyberspace, which led to varying prohibitions of cybercrime and penalisation of such conduct
- And, thirdly, our common law could not grapple with new offences and new concepts such as intangible data. As such we needed to align our cybercrime laws with those of the international community, which is essential for purposes of international cooperation, and is mostly based on reciprocal laws
Now, with that said, we need to look at Cybersecurity through a macro lens. Part of the lens requires us to examine how most of the Cybersecurity which is currently available to us is owned and derived from the US, China and to some extent India. My request to you, is that I would like to see how this forum looks at what that means
From the governments perspective the issue of cybersecurity is high on our agenda, and let me add that it is a critical consideration from a continental perspective.
As a result, we are becoming increasingly mindful of the shared public-private responsibility for cybersecurity, and the need to mobilise both public and private organisations within a multi-stakeholder model.
As far back as six years ago we promulgated the National Cybersecurity Policy Framework (NCPF). The idea behind the NCPF was to create a coherent and integrated Cybersecurity approach to address Cybersecurity threats. As a matter of fact, it is the NCPF which gave rise to the Cybercrimes and Cybersecurity Bill, which is currently before Parliament, and which will bring South Africa in line with international laws dealing with cybercrime.
In terms of NCPF, government had to establish five national Computer Security Incident Response Teams (CSIRTs).
CSIRTs are teams of dedicated information security specialists that prepares for and responds to Cybersecurity breaches or Cybersecurity incidents, with ‘National CSIRTs’ being a ‘security team with national responsibilities.
Our CSIRT strategy has a multisectoral approach and comprises of various sectors of our society which work as follows:
- South African Police Services whose focus relates to Cybercrime;
- Department of Telecommunications & Postal Services (DTPS). They look at Cybersecurity issues in the private sector and civil society;
- State Security Agency’s (SSA) Government CSIRT responds to Cybersecurity incidents in national and provincial departments and SOE’s
- Department of Defence (DoD) Cyber Command CSIRT deals with Cybersecurity issues at a national level for e.g. nation-state attacks or attacks against critical infrastructure; and finally
- We have a national coordinating CSIRT that consolidates information from the other national CSIRTs.
Now it would not be possible to implement the bill without a fully capable cyber force. Cybersecurity skills are not in abundance across the world, let alone in South Africa. We therefore need a concerted and coordinated approach between the private sector, government and academia to close this skills gap.
However, there are some crucial developments in this regard. In the not too distant future, South Africa will have formal education qualifications ranging from diplomas for school leavers at NQF 5 to graduate and post-graduate degrees.
We have a long-term vision to partly address the Cybersecurity skills shortage in the country. The intention is to work closely with the SETA and in particular the Reserve Namk, the MICT and SaS SETA. The initiative entails the development of Roles and Responsibilities for the Cybersecurity sector through the identification of Organisational Framework for Occupations (OFO) Codes.
This OFO will set the base for linking various occupations to specific skills and will assist in identifying further training needs. The next step would be to then engage Private Service Providers to develop Cybersecurity training programs.
To professionalise this industry, a framework has been developed consisting of various job descriptions that will provide a spectrum of careers necessary to build a credible industry. These job descriptions will be accompanied by educational requirements that will ensure the candidate has the level of expertise necessary to fulfil the responsibilities assigned to the job.
Before I leave you, I also want to let you in on Governments approach to Cybersecurity Awareness:
Through our Cybersecurity Hub, we have developed and implemented a national Cybersecurity Awareness Portal in the last quarter of 2017. The Awareness Portal will serve as a repository for all Awareness material and it is the main conduit for the dissemination of Cybersecurity Awareness programs and information.
And, in conclusion, I saved the best for last – the Adoption of October as national Cybersecurity Awareness Month in South Africa.
As you would know, since 2003, Cybersecurity Awareness month has been observed in most parts of the world. As part of our international alignment, we have adopted October as National and International Cyber Security Awareness Month, here in SA as well. So, my last request of you today, is to provide us with ways in which government and industry can collaborate to make South Africans more aware about the dangers of cyberspace, and how to protect themselves.
Once again, I thank you for the invitation today, and I urge you to find solutions to the challenges we face, but also to find ways to disrupt globally, so that we can fly the South African flag high.