22 October 2013 Towards a more secure Cyber Space for South Africa Prof Basie Von Solms Director : Centre for Cyber Security University of Johannesburg basievs@uj.ac.za
International comments African comments South African comments Agenda
International status of cyber risks 2013 : Lloyds Risk Index Cyber risk has moved to the world s number three risk overall.
A Cyber view of Africa African Union must act to reduce cyber-crime The current situation in Africa cannot be allowed to continue because internet crime, intellectual property and identity theft are thriving IDGConnect, 2012 http://www.idgconnect.com/blog-abstract/613/contador-harrison-africa-african-union-act-reduce-cyber-crime,
A Cyber view of South Africa South African cybercrime set to soar in 2013 An alarming fact is that South Africa hosts the third-highest number of cybercrime victims in the world Norton Cybercrime Report 2012 http://www.itnewsafrica.com/2013/01/south-african-cybercrime-set-to-soar-in-2013/
Government Systems It would not be hard to shut down the (SA) Government considering the minimal Cybersecurity measures in place http://www.news24.com/technology/news/expert-warns-of-govts-slack-cybersecurity-20130306
Why are we in this situation? 1. Massive increase in broadband capacity in Africa
License Some rights reserved by Steve_Song http://www.flickr.com/photos/ssong/8185423437/sizes/c/in/photostream/
Why are we in this situation? 2. Uptake and lack of awareness More and more systems go online (business and Government) Increasing use of social networks Basic lack of awareness of cyber security risks
Cyber risk in Africa as more individuals worldwide gain Internet access through mobile phones, Cyber criminals will have millions of inexperienced users to dupe with unsophisticated or wellworn scamming techniques that more savvy users grew wise to (or fell victim to) ages ago. CISCO Annual Security Report, 2009, www.cisco.com/en/us/prod/collateral/vpndevc/cisco_2009_asr.pdf
Why are we in this situation? 3. Lack of active and continuous Government and Business actions
What can be done to create a more secure cyber space in SA Let s review 5 areas where some projects/initiatives are presently researched 1. Cyber Security Capacity Building 2. Cyber Security Awareness programs 3. New models and support for home users and SMMEs 4. Cyber Counterintelligence 5. Parliamentary Oversight of Cyber Security and Critical Information Infrastructures
What can be done to create a more secure cyber space in SA Let s review 5 areas where some projects/initiatives are presently researched 1. Cyber Security Capacity Building It is well realized that SA has a massive shortage of cyber security capacity How are we going to address this shortage
1. Capacity Building UK Global Centre for Cyber Security Capacity Building (2013) UKP 500 000 per year India Create a workforce of 500 000 professionals skilled in cyber security in the next 5 years South Korea The South Korean government is planning to train up 5,000 information security experts to address the growing threat and a shortage of home-grown talent. South Africa No real coordinated effort sofar, although the SA Government has indicated that the matter is important No real effort from the business side
1. Capacity Building Certificate in Cyber Security at the Centre for Cyber Security of the University of Johannesburg www.cybersecurity.org.za We need a National Cyber Security Academy sponsored by both Government and Business
What can be done to create a more secure cyber space in SA Let s review 5 areas where some projects/initiatives are presently researched 2. Cyber Security Awareness programs
2. Cyber Security Awareness programs India South Africa The promotion of a cybersecurity culture No real national effort from either the Government of Business
2. Cyber Security Awareness Programs SA Cyber Security Academic Alliance (SACSAA www.cyberaware.org.za) Cyber Security Awareness Week Workbooks etc for schools No financial support We need a national Cyber Security Awareness Program sponsored by Government and Business together
What can be done to create a more secure cyber space in SA Let s review 5 areas where some projects/initiatives are presently researched 3. New models and support for home users and SMMEs
3. New models and support for home users and SMMEs Well reported that home users and SMMEs are becoming the main target for cyber attacks Several governments are providing support to SMMEs to improve their cyber Security
3. New models and support for home users and SMMEs Centre for Cyber Security at the University of Johannesburg Thin Security-oriented clients Community-oriented Incident Response Teams No real financial support
What can be done to create a more secure cyber space in SA Let s review 5 areas where some projects/initiatives are presently researched 4. Cyber Counterintelligence (CCI) Business must be pro-active (offensive?) as far their cyber security is concerned Model for CCI being developed
What can be done to create a more secure cyber space in SA Let s review 5 areas where some projects/initiatives are presently researched 5. Parliamentary Oversight of Cyber Security and Critical Information Infrastructures
5. Parliamentary Oversight of Cyber Security and Critical Information Infrastructures Questions Where can the ordinary user go if he/she is compromised? Who ensures that such systems (Government and business) are secure? Who ensures that personal information stored by Government, business, social sites) is definitely secure and private?
5. Parliamentary Cyber Security Oversight Committee The EU s Digital Agenda Commissioner, Neelie Kroes, has pointed out: Cyber security is too important to leave to chance, to the goodwill of individual companies Lloyds Risk Index http://www.lloyds.com/~/media/files/news%20and%20insight/risk%20insight/risk%20in dex%202013/report/lloyds%20risk%20index%202013report100713.pdf
5. A Parliamentary Cyber Security Oversight Committee Parliament is the highest elected body in a country and can query both Government and Business Accountability for the security of rolling out systems in cyber space must be enforced Accountable for the Cyber Health of SA
What can be done to create a more secure cyber space in SA Let s review 5 areas where some projects/initiatives are presently researched 1. Cyber Security Capacity Building 2. Cyber Security Awareness programs 3. New models and support for home users and SMMEs 4. Cyber Counterintelligence 5. Parliamentary Oversight of Cyber Security and Critical Information Infrastructures
Conclusion There are several positive developments in terms of securing SA s Cyber Space, but for the strategic, economic, social and personal benefit of SA, we need to do more and move faster. We better FAST TRACK some or all of the initiatives discussed above
Thanks basievs@uj.ac.za