Joey Jansen van Vuuren

Implementation of a Cyber Security Policy in South Africa: Reflection on Progress and the Way Forward

Cyber security is an important aspect of National Security and the safekeeping of a Nation’s constituency and resources. In South Africa, the focus on cyber security is especially prominent since many geographical regions are incorporated into the global village in an attempt to bridge the digital divide. This article reflects on current research done in South Africa with regard to a cyber security policy, and proposes the development of methodologies and frameworks that will enable the implementation of such a policy. The focus of this article is the use of an ontology-based methodology to identify and propose a formal, encoded description of the cyber security strategic environment. The aim of the ontology is to identify and represent the multi-layered organisation of players and their associated roles and responsibilities within the cyber security environment. This will contribute largely to the development, implementation and rollout of a national cyber security policy in South Africa.

Broadband broadens scope for cyber crime in Africa

Africa has recently seen explosive growth in information and communication technologies, making cyber crime a reality in this part of the world. This paper investigates the possibility of another increase in cyber crime as a result of the planned increased broadband access for the African continent. Currently, Africa has limited or inadequate action and controls to protect computers and networks, making it both a target of attack as well as a medium to attack other parts of the world. Cyber space threats and trends are a reality as the shortage of IT education and the absence of African languages prevents people from acting on warnings of cyber fraud. To address this problem, people need to be made aware of the threats and trends, and the potential adverse effect it may have on them: the use of pirate copies of software and operating systems increases the threats as no security updates are installed; the lack of standardized procedures can lead to uncertainties about the effectiveness of investigating techniques. An increase in broadband access will give Internet access to more users in Africa, effectively broadening the scope for cyber crime.

An Approach to Governance of CyberSecurity in South Africa

A government has the responsibility to provide, regulate and maintain national security, which includes human security for its citizens. Recent declarations from the UK and USA governments about setting up cybersecurity organisations and the appointment of cyber czars reflect a global recognition that the Internet is part of the national critical infrastructure that needs to be safeguarded and protected. Although the South African government approved a draft National Cyber Security Policy Framework in March 2012, the country still needs a national cybersecurity governance structure in order to effectively control and protect its cyber infrastructure. Whilst various structures have been established to deal with cybersecurity in South Africa, they are inadequate and implementation of the policy is still in the very early stages. Structures need to be in place to set the security controls and policies and also to govern their implementation. It is important to have a holistic approach to cybersecurity, with partnerships between business, government and civil society put in place to achieve this goal. This paper investigates different government organisational structures created for the control of national cybersecurity in selected countries of the world. The main contribution is a proposed approach that South Africa could follow in implementing its proposed cybersecurity policy framework, taking into account the challenges of legislation and control of cybersecurity in Africa, and in particular, in South Africa.

Collaboration as proactive measure against cyber warfare in South Africa

The international scope of the Internet and wide reach of technological usage requires cyber defence systems to intersect largely with the application and implementation of international legislation. One of the problems associated with the technological revolution is that cyber space comprises complex and dynamic technological innovations to which no current legal system is well suited. A further complication is the lack of comprehensive treaties facilitating international cooperation with regard to cyber defence. The result is that many countries will not be properly prepared or adequately protected by legislation in the event of a cyber attack on a national level. The article investigates this problem by touching on the influence that cyber defence has on the international position of the government. The article addresses the principles of cyber security and cyber warfare acts, and briefly touches on cyber security collaboration efforts for South Africa. The authors are of the opinion that Africa does not follow a coordinated approach in dealing with cyber security, and that the various structures that have been established to deal with cyber security are inadequate to deal with issues holistically. To work towards such a co ordinated approach, it is suggested that specific interventions be developed to address cyber crime. This approach should create and maintain a partnership or collaboration between business, government and civil society. The authors are of the opinion that unless these spheres of society work together, Africas efforts to ensure a secure cyber space may be compromised.

A general morphological analysis: delineating a cyber-security culture

The purpose of this paper is to define and delineate cyber security culture. Cyber security has been a concern for many years. In an effort to mitigate the cyber security risks, technology-centred measures were deemed to be the ultimate solution. Nowadays, however, it is accepted that the process of cyber security requires much more than mere technical controls. On the contrary, it now demands a human-centred approach, including a cyber security culture. Although the role of cultivating a culture in pursuing cyber security is well appreciated, research focusing intensely on cyber security culture is still in its infancy. Additionally, knowledge on the subject is not clearly bounded and defined.,General morphological analysis (GMA) is used to define, structure and analyse the cyber security environment culture.,This paper identifies the most important variables in cultivating a cyber security culture.,The delineation of the national cyber security domain will contribute to the relatively new domain of cyber security culture. They contribute to the research community by means of promoting a shared and common understanding of terms. It is a step in the right direction towards eliminating the ambiguity of domain assumptions.,Practically, the study can assist developing nations in constructing strategies that addresses the key factors that need to be apparent in lieu to cultivating its envisaged national culture of cyber security. Additionally, the GMA will contribute to the development of solutions or means that do not overlook interrelations of such factors.,Delineating and defining the cyber security culture domain more precisely could greatly contribute to realizing the elements that collectively play a role in cultivating such a culture for a national perspective.