Promoting a cyber security culture and demand compliance with minimum security standards;

Transcription

1 Input by Dr. S.C. Cwele Minister of State Security, Republic of South Africa Cyber Security Meeting, Johannesburg 27 March 2014 I would like to thank the Wits School of Governance for inviting us to contribute in this important discussion of national and global importance. In the current information society, the Information and Communication Technologies (ICTs) are indispensable tools that drive economic growth, education, participation and development of citizens. These systems/platforms are borderless and enable more sophisticated threats such as cybercrime, cyber terrorism, cyber war and cyber espionage, hence necessitating the development of adequate security measures to prevent and counter cyber-attacks or incidents. The objective is to balance the risks associated with the use of information systems and the indispensability of extensive and free use of information technology to the functioning of open and modern societies. The growing threats to cyber security should not hinder the crucial role of ICT in stimulating growth of economies and societies. In this regard, South Africa has implemented a number of strategic and tactical interventions including the approval of National Cyber security Policy Framework (NCPF) on 7 March 2012, with the aim of; Promoting a cyber security culture and demand compliance with minimum security standards; Strengthening intelligence collection, investigations, prosecution and judicial processes, in respect of preventing and addressing cybercrime, cyber warfare, cyber terrorism and other cyber ills; Establish public private societal partnerships for national and international

2 action plans Ensure the protection of National Critical Information Infrastructure (NCII); and Promote and ensure a comprehensive legal framework governing cyberspace. Ensure adequate national capacity to develop and protect our cyberspace The South African National Cyber security Policy framework implementation is supported by a number of institutional mechanisms 1. The Cyber security Response Committee 2. Cyber security Centre 3. Cyber security Hub 4. National Computer Security Incidence Response Team (NCSIRT) and sector CSIRTs 5. National Verification of Information Security Products and Systems 6. Protection of the National Critical Information Infrastructure (NCII) Cybercrime The growth of the mobile web in South Africa and interconnectivity means that more consumers than ever before are vulnerable to cybercrime as they access the internet using their mobile phones, tablets, etc. The top cyber services being targeted by criminals are internet banking, e-commerce and social media sites. Studies show that there are three main drivers for cybercrime, namely, non-financially driven cybercrimes carried out by idealists who are mainly looking for recognition and fame; various financially-motivated cybercrimes which are normally carried out as a career for financial gain and politically motivated crimes such as cyber espionage and

3 hacktivism. Financial related cybercrimes include: Phishing attacks have been prevalent for several years, although there have been some changes in the modus operandi in recent times because some spam mails now include ransomware or other keystroke logging (Trojan) malware aimed at harvesting personal data including banking credentials from the victim s computer. Recently clients of some of the South African banks were targeted by syndicates using the Citadel Trojan 1. Spearphishing s containing links to remote access software were recently identified. If installed, the remote access software allows control over the victim s computer. Hacking or unauthorised access to data or systems is on the rise. Fraudsters illegally gain access to the victim s computer system to conduct illegal and fraudulent activities. Criminals also hack into services such as Gmail, Google docs or other online accounts to obtain login credentials. Access to the victim s mailbox enables impersonations with dire consequences. Distribution of malicious code such as mobile malware is on the increase as more smartphones and tablets are used to access the online banking platforms. Criminals target these devices with malware or rogue applications, allowing them to harvest the client s information. Hostile mobile profile takeovers are on the 1 blog.seculert.com - Citadel open source malware project

4 increase and are used to entice clients to give up control of their own device profile, often in just a few easy steps. Distributed Denial of Service (DDoS) attacks are viewed as a threat and whilst attempts are made, no successful attacks have been reported. Recent South African media reports have revealed that cybercrime is costing the Republic approximately R1 billion a year. Reported non-financial related cybercrimes in South Africa include: Intellectual Property Rights (IPR) theft - it is reported that most cyber-attacks related to South Africa s IPR originate from Asia Attacks directed at strategic installations are reportedly originating from Asia and Middle East Cyber espionage attacks seem to be originating from mainly from West Africa and America Manufacturing, possession and distribution of child exploitation material in South Africa seem to be originating within South Africa. The material can be manufactured using multiple platforms including cellular phones. The motivator is again financial reward and of course self-stimulation for pedophiles.

5 Most of the non-financial related cybercrimes are driven by either a desire to dominate or discredit another for socio-economic benefit, revenge, political advantage or espionage. These crimes can also be driven by sexual stimulation/gratification, etc. and may result in loss of confidence or good standing, dignity and good reputation, psychological harassment, etc. The credibility and security of private institutions, businesses and governments may also be affected if such conduct cannot effectively be addressed. It is therefore critical that South Africa positions itself in a manner that is equipped to deal with the challenges we face in cyber security. Central to this is producing the relevant skills that are needed to address challenges in this sector. The skills we need as government include: High level network ops skills Network monitoring Cyber forensics Software development ( offensive and defensive) Cryptographic skills Cyber investigations and analysis ICT network design and development

6 The role of government is as follows: 1. DOJ&CD and NPA: are reviewing various legislations governing cyberspace, harmonizing and aligning them to the policy. 2. State Security: is overall responsible for coordination, development and implementation of cyber security measures in the republic as integral part of national security mandate. It must ensure that the JCPS cluster has requisite capacity in relation to NCPF. It also host Cyber security Response Team and Cyber security Centre 3. Police : are to prevent, investigate and combat cybercrime 4. DOC: develop industry standards, establish National Cyber security Advisory Council, establish Cyber security Hub, and sector specific CSIRTs 5. DOD &MV: to develop cyber defense measure to combat cyber warfare and cyber terrorism 6. DST and DHE are responsible for development of national skill capacity as well as research and development. The Private sector is expected to contribute to national skills, research and development. We expect them to implement information security standards and contribute to the protection of the National Critical Information Infrastructure. The civil society is expected to take interest in the general awareness programs and at least ensure their devices have updated malware protection. As part of responsible citizenry not to participate in cyber-attacks to our nation and the world. It is important to note that the success of cyber security policy is dependent on: Local and international cooperation

7 Capacity building, research and development Promotion of cyber security culture in South African society. I wish to encourage all relevant stakeholders to work together with government in addressing the issues around cybersecurity in order to create a better and safe cyber world. I thank you.