Towards a more secure Cyber Space for South Africa

Transcription

1 22 October 2013 Towards a more secure Cyber Space for South Africa Prof Basie Von Solms Director : Centre for Cyber Security University of Johannesburg basievs@uj.ac.za

2 International comments African comments South African comments Agenda

3 International status of cyber risks 2013 : Lloyds Risk Index Cyber risk has moved to the world s number three risk overall.

4 A Cyber view of Africa African Union must act to reduce cyber-crime The current situation in Africa cannot be allowed to continue because internet crime, intellectual property and identity theft are thriving IDGConnect,

5 A Cyber view of South Africa South African cybercrime set to soar in 2013 An alarming fact is that South Africa hosts the third-highest number of cybercrime victims in the world Norton Cybercrime Report

6 Government Systems It would not be hard to shut down the (SA) Government considering the minimal Cybersecurity measures in place

7 Why are we in this situation? 1. Massive increase in broadband capacity in Africa

8 License Some rights reserved by Steve_Song

9 Why are we in this situation? 2. Uptake and lack of awareness More and more systems go online (business and Government) Increasing use of social networks Basic lack of awareness of cyber security risks

10 Cyber risk in Africa as more individuals worldwide gain Internet access through mobile phones, Cyber criminals will have millions of inexperienced users to dupe with unsophisticated or wellworn scamming techniques that more savvy users grew wise to (or fell victim to) ages ago. CISCO Annual Security Report, 2009,

11 Why are we in this situation? 3. Lack of active and continuous Government and Business actions

12 What can be done to create a more secure cyber space in SA Let s review 5 areas where some projects/initiatives are presently researched 1. Cyber Security Capacity Building 2. Cyber Security Awareness programs 3. New models and support for home users and SMMEs 4. Cyber Counterintelligence 5. Parliamentary Oversight of Cyber Security and Critical Information Infrastructures

13 What can be done to create a more secure cyber space in SA Let s review 5 areas where some projects/initiatives are presently researched 1. Cyber Security Capacity Building It is well realized that SA has a massive shortage of cyber security capacity How are we going to address this shortage

14 1. Capacity Building UK Global Centre for Cyber Security Capacity Building (2013) UKP per year India Create a workforce of professionals skilled in cyber security in the next 5 years South Korea The South Korean government is planning to train up 5,000 information security experts to address the growing threat and a shortage of home-grown talent. South Africa No real coordinated effort sofar, although the SA Government has indicated that the matter is important No real effort from the business side

15 1. Capacity Building Certificate in Cyber Security at the Centre for Cyber Security of the University of Johannesburg We need a National Cyber Security Academy sponsored by both Government and Business

16 What can be done to create a more secure cyber space in SA Let s review 5 areas where some projects/initiatives are presently researched 2. Cyber Security Awareness programs

17 2. Cyber Security Awareness programs India South Africa The promotion of a cybersecurity culture No real national effort from either the Government of Business

18 2. Cyber Security Awareness Programs SA Cyber Security Academic Alliance (SACSAA Cyber Security Awareness Week Workbooks etc for schools No financial support We need a national Cyber Security Awareness Program sponsored by Government and Business together

19 What can be done to create a more secure cyber space in SA Let s review 5 areas where some projects/initiatives are presently researched 3. New models and support for home users and SMMEs

20 3. New models and support for home users and SMMEs Well reported that home users and SMMEs are becoming the main target for cyber attacks Several governments are providing support to SMMEs to improve their cyber Security

21 3. New models and support for home users and SMMEs Centre for Cyber Security at the University of Johannesburg Thin Security-oriented clients Community-oriented Incident Response Teams No real financial support

22 What can be done to create a more secure cyber space in SA Let s review 5 areas where some projects/initiatives are presently researched 4. Cyber Counterintelligence (CCI) Business must be pro-active (offensive?) as far their cyber security is concerned Model for CCI being developed

23 What can be done to create a more secure cyber space in SA Let s review 5 areas where some projects/initiatives are presently researched 5. Parliamentary Oversight of Cyber Security and Critical Information Infrastructures

24 5. Parliamentary Oversight of Cyber Security and Critical Information Infrastructures Questions Where can the ordinary user go if he/she is compromised? Who ensures that such systems (Government and business) are secure? Who ensures that personal information stored by Government, business, social sites) is definitely secure and private?

25 5. Parliamentary Cyber Security Oversight Committee The EU s Digital Agenda Commissioner, Neelie Kroes, has pointed out: Cyber security is too important to leave to chance, to the goodwill of individual companies Lloyds Risk Index dex%202013/report/lloyds%20risk%20index%202013report pdf

26 5. A Parliamentary Cyber Security Oversight Committee Parliament is the highest elected body in a country and can query both Government and Business Accountability for the security of rolling out systems in cyber space must be enforced Accountable for the Cyber Health of SA

27 What can be done to create a more secure cyber space in SA Let s review 5 areas where some projects/initiatives are presently researched 1. Cyber Security Capacity Building 2. Cyber Security Awareness programs 3. New models and support for home users and SMMEs 4. Cyber Counterintelligence 5. Parliamentary Oversight of Cyber Security and Critical Information Infrastructures

28 Conclusion There are several positive developments in terms of securing SA s Cyber Space, but for the strategic, economic, social and personal benefit of SA, we need to do more and move faster. We better FAST TRACK some or all of the initiatives discussed above

29 Thanks