Government has proposed establishing a range of cybersecurity structures to deal with the growing threat of cybercrime, cyberterrorism and other online threats.
In the proposed Cybercrimes and Related Matters Bill, which is being circulated as a “consultation document”, government has proposed a range of structures be established under the ministers of finance, state security, defence and telecommunications & postal services to deal with cyber threats.
The proposed bill would create offences and impose penalties on various types of online criminal activity as well as cyberterrorism.
Among other things, it would identify and declare “national critical information infrastructures” and describe measures to protect these systems from attack.
The proposed bill, if enacted, would further regulate the powers to investigate, search and access or seize equipment, documents and other items. The plan would be to repeal and amend parts of the Electronic Communications and Transactions Act of 2002, too.
The discussion document proposes that a Cyber Response Committee be established and be chaired by the director-general of state security. This committee would be responsible for implementing government policy on cybersecurity and identifying and prioritising areas for intervention.
The committee would coordinate cybersecurity activities and be a central point of contact on all matters pertinent to national security as well as oversee and guide the various other government structures mooted in the proposed bill.
Under the proposals, a Cyber Security Centre would also be established by the state security minister in consultation with the minister of finance and would be staffed by members of the State Security Agency.
The Cyber Security Centre would coordinate cybersecurity incident responses regarding national intelligence and would develop measures to deal with cybersecurity matters that impact on national security.
It would also analyse incidents, trends and vulnerabilities related to national security and threats, and ensure that national critical information infrastructure is assessed and tested for vulnerabilities.
In addition to this, the state security minister – again in consultation with the minister of finance – would establish one or more government security incident response teams and equip and operate these teams. Each team would be headed by a “suitable and qualified person” from the State Security Agency, and who would report to the director of the Cyber Security Centre.
The teams would implement measures to deal with cybersecurity matters impacting on national intelligence and national security and would provide services such as intrusion alerts, vulnerability warnings, technical analysis of software, malware, intruder activities and related trends in order to help identify future threats and vulnerabilities.
The mooted bill would also lead to the creation of a National Cybercrime Centre in the South African Police Service and a Cyber Command in the South African National Defence Force.
Lastly, a Cyber Security Hub would be created by the minister of telecoms. The hub would coordinate general cybersecurity activities in the private sector.
It’s proposed that this hub would investigate the activities of cryptography service providers in relation to their compliance or noncompliance with relevant legislation, among other things.
The telecoms minister would also be empowered to establish one or more private-sector security incident response teams for electronic communications service providers.
These teams would be a contact point on cybersecurity matters and would coordinate incident response activities. — © 2015 NewsCentral Media
