[ Home ] [ Speeches & statements ]

13 November 2008

Secretary-General of the ITU, Dr. Hamadoun Toure
The Deputy Secretary-General of the ITU, Mr Houlin Zhao
The Chairman of the ITU council, Dr. Plamen Vatchkov
Honourable ministers and deputy ministers
Heads of delegations
Distinguished guests
Ladies and gentlemen

Introduction

Peace and security is an essential human right and is fundamental and intrinsic to the democracy that we are building in a free South Africa. Since 1994, soon after, when His Excellency, the father of our nation, Nelson Mandela, the first democratic president of South Africa walked out of the apartheid prison on Robben Island, we have been building and consolidating the foundations of our transition to a democratic society.

Peace and security for all in a democratic South Africa and the vision of making a lasting contribution to a better and safer world continues to be a major driving force in the development of a national ethos in a free and democratic South Africa. This legacy which we have inherited from the presidency of Nelson Mandela and continued so diligently under the Presidency of His Excellency Thabo Mbeki and now being implemented by President Kgalema Motlanthe will in a few years represent a legacy of over a 100 years of the vision of the founding fathers of the ruling party, the African National Congress (ANC), now under the Presidency of Mr Jacob Zuma.

Notwithstanding the fact that poverty and underdevelopment constitutes the central challenge in our national reality, the South African economy is essentially interconnected with the globally digitally networked economy and must respond to the new threats of the information age. Information Communication Technologies (ICTs) and climate change and cybersecurity constitute essential challenges to which we must respond.

We take this opportunity to thank the International Telecommunications Union (ITU) family for affording us the honour of addressing this important High Level Segment (HLS) of the ITU council on cybersecurity. This HLS is convened just after the successful hosting of the World Telecommunications Standardisation Assembly (WTSA-08) in October 2008 by the Republic of South Africa. The WTSA-08 has made significant decisions which foster confidence and security in the use of Information Communications Technologies (ICTs). The advent and phenomenal growth of ICTs and its related services have produced both unlimited opportunities and challenges in the form of cyber activity growth and cybersecurity threats which are growing rapidly across the globe.

Cyber attacks or crimes such as viruses, identity theft, malware, child pornography and spam are on the increase. This threatens the security of the information and communications system.

In this presentation, I will address two issues related to the building of confidence and security in the use of ICTs, namely:

* The measures which are in place and planned by the Republic of South Africa to enhance co-operation and collaboration on cybersecurity with other stakeholders at the regional, national and global levels and
* the main challenges which should be tackled to ensure that the information society is safer and more secure at the global level.

Background - ITU Global Cybersecurity Agenda (GCA) and other international activities.

As you are aware, the ITU, through its Global Cybersecurity Agenda (GCA) has put in place a framework for international co-operation in cybersecurity. Due to its critical importance, "cybersecurity" is a high priority in a number of international fora. The World Summit on the Information Society (WSIS) Action Plan Action Line C5 provides for "building confidence and security in the use of ICTs". Furthermore, organisations such as the ITU and International Multilateral Partnership against Cyber Attacks ("IMPACT"), among others, are working on the measures to effectively deal with cybercrime or attacks.

1. The Republic of South Africa has the following measures in place to enhance co-operation and collaboration on cybersecurity with other stakeholders at the regional, national and global levels

1.1 Electronic Communications and Transaction Act, 2002

In South Africa, the Department of Communications is mandated by the Electronic
Communications and Transaction Act, 2002, among others, to deal with cyber crime and other cybersecurity related issues.

a. In the area of identity management, the South African Accreditation Authority (SAAA) is responsible for accreditation of authentication services and products and more importantly the accreditation of service providers who will issue advanced digital signatures. This is for the purposes of ensuring business efficiency, quality of services, ensuring information security, and privacy and consumer trust in online transactions.

b. In the area of cryptography, South African legislation provides for the registration of the cryptograph service providers with the Department of Communications.

c. South African legislation makes provision for the establishment of a cyber inspectorate, among others, to ensure compliance of cryptography service providers, authentication service providers, and critical database management. This is yet to be operationally implemented.

1.2 Electronic Communications Security (Pty) Ltd Act, 2002 (Comsec Act)

a. In terms of the Comsec Act, Comsec (Pty) Ltd has been established as the institutional authority to, among other things, identify and protect the critical infrastructure; and to protect and secure critical electronic communications of the organs of state against unauthorised access or technical, electronic or any other related threats.

2. We cannot claim that the aforesaid measures are sufficient to deal with the critical issues of cybersecurity. In this regard, South Africa is planning to introduce a more comprehensive and integrated legislative framework promoting collaboration between government, private sector, academia and civil society.
In this spirit, the Republic of South Africa, an example of a developing country, recognises the great value of the GCA framework, an initiative of the ITU.

The GCA framework is seen as a helpful enabler in our search, as a developing country to build the requisite national competency in the areas of planning, co-ordination, integration, cohesion and integrated legislative measures at a national level to combat the threat of cybercrime. Consequently, the Republic of South Africa is currently using the strategies developed by the GCA in the process of developing a South African National Cybersecurity Policy Framework.

2.1 Planned South African Cybersecurity Policy Framework ("planned Framework")

The extensive and increasing usage of ICTs in the national economy in South Africa presents the need for the country to have a harmonised, comprehensive and more co-ordinated approach to dealing with the issue of cybersecurity. In line with the key cybersecurity focus areas developed by the GCA, the planned framework in South Africa will, amongst others, encompass the following key features:

a. Legal measures

In view of the borderless nature of cyberspace our national laws that currently address the threat of cybercrime may have to be evaluated against the international best practices envisaged in the model cybercrime legislation that is recommended as globally applicable and interoperable. This work will necessitate reviewing our existing national laws that deals with cyber crimes.

b. Technical and procedural measures

The emphasis will be on providing key measures to promote the adoption of enhanced approaches to improve security and risk management in cyberspace.
The Republic of South Africa is working towards establishing Computer Security
Incident Response Teams (CSIRTs) under the auspices of COMSEC. We are also collaborating with some countries with a view to become a member of the Forum for Incident Response and Security Teams (FIRSTs).

c. Organisational structures

The focus will be on the prevention, detection, response to and crisis management of cyber attacks, including the protection of critical information infrastructure systems.

d. Capacity building

The emphasis will be on providing strategies for capacity-building mechanisms to raise awareness, training and education.

e. International co-operation

The focus will be on providing strategies for international co-operation, dialogue and co-ordination in dealing with cyber threats. The Republic of South Africa continues to advance partnership and collaboration on cybersecurity issues with key players such as ITU and other ITU member states in our bilateral relationships. In respect of our multilateral partnerships, our engagements are in Southern African Development Community (SADC), a regional formation of the African Union.

3. Main challenges that should be tackled to ensure that the information society is safer and more secure at the global level. There is a need to address the following issues with respect to building confidence and security in the use of ICTs, namely:

(a) Strong legal measures

A number of countries have legislative frameworks that deal with the cybersecurity and protection of the critical information communication infrastructure. The main challenge is that most of these legislative frameworks are not harmonised. It is imperative to have harmonised legislative framework as the Internet is borderless. In this regard, the need to obtain international compliance by member states through the adoption of an appropriate international instrument remains a serous challenge.

b. Adequate technical and procedural measures

In the context of developing economies, the professional expertise needed to deal completely with cybercrime must be regarded as a critical "scare skill". In this context, special and extra-ordinary measures are required to generate human capacity development in this particular area. Here, the role of ITU as a development facilitator can be critically valuable for developing countries.

In light of the new ITU-T Resolution which was adopted at WTSA-08 in Johannesburg, the ITU is required to assist, in particular, the developing countries in establishing national CSIRTs where the same does not exist. There is a need to provide assistance to developing countries, in particular, to put in place the national incident management capabilities.

c. Establishment of Government-Industry Collaboration Forum (GICF)

Governments' throughout the world are not able to deal with the emerging cyber threat on their own. The challenge is to promote more effective collaboration between government, private sector, academia and civil society thereby promoting smart partnerships between these stakeholder interests.

(d) Promoting the culture of cybersecurity

More training and development in forensic investigations and prosecutions are needed so that cyber-terrorist activities can be easily prosecuted. The South African ICT legislative framework is to a great extent committed to the uptake and usage of the ICTs. Lessons learnt from the best practices show that an effective cybersecurity framework is not merely a matter of government or law enforcement practices, but must be addressed through prevention and supported throughout society. Furthermore, the lessons reveal that the technology alone cannot ensure cybersecurity and that priority must be given to cybersecurity planning and management throughout society.

The other critical challenge we as a country face is harmful content that targets or uses children. In this regard, it is important for governments to ensure that their cyber crime legislations offer adequate protection of children online. Similarly, the children need to be alerted on their vulnerability to cyber criminals.

e. Strengthening international collaboration and partnership

Following the sterling work undertaken by ITU through the GCA framework, the global community will require a long term and sustainable platform to continue the global dialogue, collaboration and partnering that has developed.

Conclusion

In the context of the responsibility that the global community has conferred on South Africa to host, on behalf of the African continent the best and safest ever FIFA World Cup for 2010, protection against the possibility of cyber threats has been a very important consideration in our preparations for the successful hosting of the FIFA 2010 world cup games.

In this regard, Mr Secretary-General, it is my great pleasure on behalf of the Government of South Africa and the entire African continent to extend through your good office an invitation to the global citizens of all member states of the ITU, to join us in South Africa and the African continent in 2010 to "Celebrate Africa’s Humanity, Ke Nako" which means, Now is the Time!

I thank you.

Issued by: Department of Communications
13 November 2009
Source: Department of Communications (http://www.doc.gov.za)