Cybersecurity is a pressing national concern in South Africa, and a greater focus is needed on policy and implementation
Worldwide, governments tend to approach the issue very differently from the private sector, with a characteristic and problematic lack of transparency. Yet, time and again, cooperation and coordination between government and the private sector has proven to be the most effective approach. Indeed, partnerships and cooperation across all sectors is just as necessary as cooperation between governments.
The government and cybersecurity
There is an international push by many governments to develop or review existing cybersecurity policies. This is being driven by the realisation that, given society’s increasing reliance on cyberspace, cybersecurity risks represent one of the greatest dangers to economic and national security in the 21st century. Developed nations like the US have found that digital infrastructure centred around efficiency and interoperability, instead of security, now poses enormous security challenges and leaves critical systems vulnerable.
As a developing nation, South Africa is in a challenging position. The need for increased Internet connectivity to drive commercial growth is undeniable. However, with that connectivity comes an increased exposure to risk. Like other developing nations, South Africa needs to maintain a sound cybersecurity policy that is not only effective and comprehensive without being inhibitive, but is able to build the confidence that networks critical for national security and economic well-being are adequately protected.
The Council for Scientific and Industrial Research (CSIR) proposed an operational guideline to inform South Africa’s cybersecurity policy and contribute towards the design and implementation of a cybersecurity awareness campaign. Called the Cybersecurity Awareness Toolkit, it is based on policy elements from the South African environment, but with generic components of national power, which means it can be appropriated by other countries.
The toolkit can play a key role in shaping a framework for research and developing strategies focused on information-sharing to foster a more collaborative approach between government and the private sector to tackle cyberthreats.
It emphasises the need to have structures in place to support cybersecurity across five “dimensions” or determinants of national power, defined in the toolkit as economic, political, military, psychological and informational. In terms of monitoring and detection, monitoring tools and techniques can be developed in each of these five areas to reduce vulnerabilities. This can be complemented by the development of tool sets in support of public-private partnerships, which will inform the response to an incident. Knowing which entity to contact in case of such an event is critical as the capability may reside in the public or private sector.
The toolkit is also geared towards fostering a culture of cybersecurity which would lead to increased capacity by promoting the level of awareness necessary to spur all stakeholders toward securing their own areas of cyberspace.
The importance of collaboration
In South Africa, a country with a disproportionately high number of cybercrime incidents despite the relatively low levels of Internet penetration, a partnership between business, government and civil society is essential to ensure cybersecurity for the nation. Transparency and cooperation will be essential for the future of ICT in the public sector.