Efficient, powerful and cost-effective cyber defence and solutions should be implemented to protect SA’s critical information infrastructure.
So said defence and military veterans minister Nosiviwe Mapisa-Nqakula, addressing the Africa Aerospace and Defence (AAD) media briefing in Pretoria yesterday.
Mapisa-Nqakula said SA is paying attention to cyber crime at the highest level.
“We have taken a decision to collaborate with other countries to deal with the challenge. We need to play our part in combating this problem and it is critical that defence should remain mandate-driven in all its actions.”
Mapisa-Nqakula said at this year’s AAD show, being held in partnership with the University of Stellenbosch and other industry players, key cyber security issues will be discussed.
“We invite all cyber war specialists to register and be a part of the conversation [to] craft a solution.”
In May, Mapisa-Nqakula bemoaned the inadequate budgetary allocation of R47.9 billion for defence in her budget vote speech.
The minister pointed out that she expects the defence force to be a key role-player in the cyber defence of SA and support other departments when required.
Mapisa-Nqakula’s call comes as South Africans face numerous cyber attacks. According to a recent IBM study, the average costs of a data breach have escalated in SA from R32 million in 2017 to R36.5 million this year.
The rise in the costs of data breaches in SA represents a 12.2% increase from the prior year. In 2016, the average cost of a data breach was R28.6 million.
According to an IOL report, cyber crime will be added to crime statistics next year as police gather more expertise and knowledge about this threat.
It notes that national police commissioner general Khehla Sithole said the cyber crime strategy was at an advanced stage. He said they had travelled to China and Thailand to learn more about it.
Local organisations have not been spared. In June, insurer Liberty announced an external party had gained unauthorised access to its IT infrastructure.
In May, South Africans suffered another massive data leak which resulted in close to a million personal records being exposed.
This was revealed by Australian-based IT security researcher Troy Hunt. He created the “Have I been pwned?” platform as a free resource for anyone to quickly assess if they have been put at risk due to an online account of theirs having been compromised or “pwned” in a data breach.
In October last year, Hunt uncovered SA’s biggest data leak, where over 30 million records were exposed.
To address the scourge of cyber crime in SA, the Department of Justice and Constitutional Development, in December last year, moved to address some sticking points that had tarnished the Cyber Crimes and Cyber Security Bill.
The Bill aims to give SA a co-ordinated approach to cyber security, as the country currently has no legislation that addresses cyber crimes.
There was an outcry over the initial draft Bill, with several critics saying it was too broad and open to abuse, and threatened the fundamental democratic spirit of the Internet.
However, the Department of Justice and Constitutional Development recently published responses to the public comments received on the Bill, which was tabled in Parliament in February 2017.
According to law firm Michalsons, the Cyber Crime Bill was first published on 28 August 2015, updated on 19 January 2017 and introduced in Parliament on 22 February 2017.
The Bill is still sitting at Parliament as there was a strong push by the old regime in government to enact the Bill in its then-current form, the law firm notes.
“There were extensive comments on the Bill during the public participation period in 2017, and particularly on onerous aspects of the Bill. Those comments will hopefully be considered and some incorporated into the Bill before it becomes law,” it states.
Michalsons points out that the Bill gives the police service (and their members and investigators) extensive powers to investigate, search, access and seize just about anything (like a computer, database or network) wherever it might be located, provided they have a search warrant.
Foreign states will co-operate to investigate cyber crimes