The latest on cybercrime and cybersecurity in South Africa
- 16 October, 2015
- Article - Software Best Practices
Cybersecurity remains a huge issue throughout the world and South Africa is no exception. Currently, the South African government in the process of passing new legislation – the Cybercrimes and Cybersecurity Bill. The new bill will allow it to define the offences for such attacks, with the list of offences being drastically expanded, and the fines for existing infringements being increased. This goes hand in hand with ensuring that electronic service providers carry out certain obligations relating to and impacting cybersecurity. In addition to this, the president is adding legislation that will allow him to collaborate with foreign states in order to combat cybercrime in an official capacity.
For a long time, the United Kingdom has striven to be one of the safest destinations to do online business. The country’s vision for 2015 was to tackle cybercrime head-on, be more impervious to cyber attacks and to create an open, unwavering and pulsating cyberspace that the public could use without fear, a cyberspace that supports open societies. To this end, the United Kingdom had to have the know-how in terms of the latest skills, knowledge and capabilities in order to meet its cybersecurity objectives. It also meant:
- The public has had to know how to protect itself online
- Businesses in the United Kingdom have had to be up to date on how to fight cybercrime and have done this by working with their government and using its strengths to do this. This has encouraged businesses to operate securely in cyberspace
- The United Kingdom’s government has had to improve its law enforcement response to cybercrime, its defences and infrastructure to detect and combat cybercrime, as well as education and skills
- The United Kingdom’s government has had to help its country to take opportunities to provide the cybersecurity services that is needed across the world. These have allowed the country to build relationships with other countries, organisations and business around the globe in order to create an open and bustling cyberspace.
In response to this new draft bill, South Africa has already started collaborating with United Kingdom and the European Council on Cybercrime to achieve the following:
- A Computer Emergency Response Team (CERT) in case of a terrorist attack on critical governmental information infrastructures – the United Kingdom has the experience and has made it its mission to assist other countries with all issues relating to cybersecurity
- A Standard Operating Procedure (SOP) is being written for the cybercrime labs in cooperation with the European Council on Cybercrime.
Thus, based on this collaboration in cybersecurity and governance, best practices and policy goals with the United Kingdom and the European Council on Cybercrime, South Africa’s new Cybercrimes and Cybersecurity Bill was drafted. In response to this, the National Prosecuting Authority (NPA) is also gearing itself towards this bill by sending its state attorneys and advocates on NQF6 and NQF8 Cybercrime courses.
As it stands, many security experts have cautiously welcomed the new bill, stating concerns that privacy and constitutional rights may be infringed upon. Leading cybercrime expert, Professor Basie von Solms, states it is still “a step in the right direction,” even though “there were issues that had to be addressed.”
It has become increasingly clear that in order to fight cybercrime and stay current in all matters relating to cybersecurity, South Africa will have to partner with other countries, businesses, organisations and most important of all, local ICT companies.
As software engineers, we must work with government in order to guide it on all the technical aspects of cybercrime and cybersecurity in order to help them to understand and implement the correct legislation by considering the moral, ethical and legal aspects relating to IT. It is the duty and responsibility of the private sector to comment on laws that apply directly to it. After all, what is the point of the new legislation if there is no one to enforce it, and no one from the IT sector to assist government in implementing it?