Securing the national digital perimeter

Published on - February 25th, 2021

Back to Blog

Making South Africa a cyber stronghold

Just like airspace or marine territory, we need strong network boundaries. To ensure that the national digital perimeter is secure. In a land where people are struggling for access to water and jobs, it seems like a strange issue to focus on. But cyber security actually covers areas that you wouldn’t expect. Protection of South Africa's digital spaces means safer systems which leads to many benefits. Cyber security leads to processes that are more productive which lead to greater efficiency in business and less disruption to electronic ecosystems. This benefits our overall wellbeing by bringing down distraction and easing stress about how our data and privacy is handled. Companies, organisations and institutions could improve results using stable Information Technology infrastructure to deliver on their mandates. When we approach risk mitigation in an organisation, we talk about closing the gap between current state and the desired state. Current state is a potholed road with masses of broken down cars. Our future state should be a protected, scam free and fulfilling connected environment with a backbone of integrity which allows natural growth. As we strive to give more people access to the internet and close the digital divide, we shouldn't let ourselves down on this important topic. A National Cybersecurity Policy Framework (NCPF) published in 2012 gives us a broad approach to security in the country. We could also learn from the American imitative of The Cyber Infrastructure and Security Agency. This reference is great in terms of providing resources on threats and serves as a practical knowledge base. We could apply the tactics and principles of the NCPF by doing continuous reviews of the cyber security of National Key points, Dams, Power stations, Airports, Banking and communication hubs. There’s also a case for more simulated “red team” exercises with private and public co-ordination. There’s power to privacy. When we talk about privacy we talk about agency and self-determination. This is as a person and as a state. We have to think as individuals and as a collective. Imagine an internet free to converge, debate, interact and where users can control their own information. A place with transparency about surveillance. Where there doesn’t have to be deep packet inspection at every exit node. As we expand our digital society, we witness a fine balance on the thin line of trust between acceptable levels of security or surveillance and the levels of privacy between what data subject. Industry conversation emphases security of the individual. Our strategy should be to develop and enhance South Africa’s security posture and to add resilience in our digital immune system. While side-stepping pure nationalism; there can’t be a disconnect of laws between the cloud space and physical space. Information operations in South Africa should be regulated under South Africa law and be accountable and responsible to its citizens. We can start making sure that our citizens have their personal digital perimeters secure. South Africa is promoting innovation through policy and this shows results as we promote local alternatives and lively competition to international platforms. South Africa has got so much right as a democracy. It’s interesting to see how our constitutional rights play out in the digital space. With regards to enhancing privacy for South Africans, a good example is that EU citizens have the Right to be forgotten and can disappear from Google’s results but South Africans are denied that right. In terms of how the internet is now; never has so much public good been held in private hands. The decentralised advantages of the internet are now concentrated in the pockets of a few very powerful companies and it’s a sore fact to wake up to. Digital devices and apps are used an extension of your nerve system. We aim to guard against the abuse of our private data. The Protection of Personal Information Act (POPIA) aims to benefit the privacy of individuals. Companies have until 30th June 2021 to comply. In section 19.1b it says: A responsible party must secure the integrity and confidentiality of personal information in its possession or under its control by taking appropriate, reasonable technical and organisational measures to prevent: 1 - loss of, damage to or unauthorised destruction of personal information; and 2 - unlawful access to or processing of personal information. There seems to be a lot of work to be done and good potential here for creating cyber experts who can gain employment in the sector. Slowly we see signs of bringing cyber security into school curriculums and tertiary institutions. Although only coming across a Professor of Cybersecurity once before, we hope to meet many more. The point is to raise awareness, not with scare tactics but with well-planned and researched learning programs. Cyber security covers the information lifecycle. Information starts from the birth of a piece of data until it’s eventual destruction. Cyber security doesn't have to be thought of as last resort when there's a data breach, ransomware or information security incident. Cyber security is about building and maintaining safe and productive environments to create and share ideas. To connect and be spared from fraud and harassment. To be able to self-determine your digital personality. We have to realise that threat actors are increasing in power and sophistication and this is going to accelerate as more processes depend on IT. They’re not going to wait until we’re ready to be attacked. We need to start now. Digital is now used as a geo-political force. I like the Russians term for this sphere: “Information Warfare”.