Promoting a cyber security culture and demand compliance with minimum security standards;



Similar documents
OVERVIEW. 1. Cyber Crime Unit organization. 2. Legal framework. 3. Identity theft modus operandi. 4. How to avoid online identity theft

An Overview of Cybersecurity and Cybercrime in Taiwan

Executive Director Centre for Cyber Victim Counselling /

Anthony Minnaar Dept of Criminology & Security Science School of Criminal Justice College of Law University of South Africa

Middle Class Economics: Cybersecurity Updated August 7, 2015

CISSA Cybersecurity capacity building workshop. May 2015

CAPACITY BUILDING TO STRENGTHEN CYBERSECURITY. Sazali Sukardi Vice President Research CyberSecurity Malaysia

National Cyber Crime Unit

Cybersecurity Awareness. Part 1

Cybersecurity in SMEs: Evaluating the Risks and Possible Solutions. BANCHE E SICUREZZA 2015 Rome, Italy 5 June 2015 Arthur Brocato, UNICRI

Cybercrime: risks, penalties and prevention

Gregg Gerber. Strategic Engagement, Emerging Markets

The FBI and the Internet

Cyber security Time for a new paradigm. Stéphane Hurtaud Partner Information & Technology Risk Deloitte

Cybercrime in Canadian Criminal Law

OCIE Technology Controls Program

NATIONAL CYBERSECURITY STRATEGIES: AUSTRALIA AND CANADA

Cyber Security Strategy

CSM-ACE 2014 Cyber Threat Intelligence Driven Environments

INFORMATION SECURITY AWARENESS & TRAINING PROGRAM

Project 2020: Preparing Your Organization for Future Cyber Threats Today

Cyber- Attacks: The New Frontier for Fraudsters. Daniel Wanjohi, Technology Security Specialist

Cyber security trends & strategy for business (digital?)

Internet Safety and Security: Strategies for Building an Internet Safety Wall

Cybersecurity Global status update. Dr. Hamadoun I. Touré Secretary-General, ITU

Cyber security Country Experience: Establishment of Information Security Projects.

ITU Global Cybersecurity Agenda (GCA)

CYBERSECURITY BEST PRACTICES FOR SMALL AND MEDIUM PENNSYLVANIA UTILITIES

Identity Theft. CHRISTOS TOPAKAS Head of Group IT Security and Control Office

Research Topics in the National Cyber Security Research Agenda

How To Ensure Cyber Security In The Czech Republic

Cyber Stability 2015 Geneva, 09 July African Union Perspectives on Cybersecurity and Cybercrime Issues.

Keynote: FBI Wednesday, February 4 noon 1:10 p.m.

How To Protect Yourself From Cyber Crime

Cybercrime: an overview of incidents and issues in Canada

CONSULTING IMAGE PLACEHOLDER

CYBER SECURITY LEGISLATION AND POLICY INITIATIVES - UGANDA CASE

Knowing Your Enemy How Your Business is Attacked. Andrew Rogoyski June 2014

Using big data analytics to identify malicious content: a case study on spam s

Royal Canadian Mounted Police Cybercrime Strategy

Ed Ferrara, MSIA, CISSP Fox School of Business

Combatting the Biggest Cyber Threats to the Financial Services Industry. A White Paper Presented by: Lockheed Martin Corporation

Statement for the Record. Richard Bejtlich. Chief Security Strategist. FireEye, Inc. Before the. U.S. House of Representatives

Fraud and Abuse Policy

PROPOSAL 20. Resolution 130 of Marrakesh on the role of ITU in information and communication network security

Who Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence. AIBA Quarterly Meeting September 10, 2015

NEW ZEALAND S CYBER SECURITY STRATEGY

CONNECTING WITH CONFIDENCE: OPTIMISING AUSTRALIA S DIGITAL FUTURE. AIIA Response

VISA International Security Summit. Dr. Colonel Tran Van Hoa Deputy Director Viet Nam Hightech Crime Police Department

Cybersecurity in the Commonwealth: Setting the Stage

As global mobile internet penetration increases the cybercrime and cyberterrorism vector is extended

National Cyber Security Policy (Draft) March 2015

Establishment of a Kerala Police CyberDome High Tech Public- Private Partnership Centre for Cyber Security and Innovations.

MONTENEGRO NATIONAL CYBER SECURITY STRATEGY FOR MONTENEGRO

Collateral Effects of Cyberwar

A COMPREHENSIVE INTER-AMERICAN CYBERSECURITY STRATEGY: A MULTIDIMENSIONAL AND MULTIDISCIPLINARY APPROACH TO CREATING A CULTURE OF CYBERSECURITY

Commonwealth Approach to Cybergovernance and Cybersecurity. By the Commonwealth Telecommunications Organisation

TUSKEGEE CYBER SECURITY PATH FORWARD

Executive Cyber Security Training. One Day Training Course

CyberSecurity Solutions. Delivering

Keynote. Professor Russ Davis Chairperson IC4MF & Work Shop Coordinator for Coordinator for Technology, Innovation and Exploitation.

Australia s proposed accession to the Council of Europe Convention on Cybercrime

Don t Fall Victim to Cybercrime:

Developing a National Strategy for Cybersecurity FOUNDATIONS FOR SECURITY, GROWTH, AND INNOVATION. Cristin Flynn Goodwin J.

Lessons from Defending Cyberspace

Cyber Security Breakout Session. Ed Rosenberg, Vice President & Chief Security Officer, BMO Financial Group Legal, Corporate & Compliance Group

Anthony J. Keane, MSc, PhD and Jason Flood, MSc Information Security & Digital Forensics Research Group Institute of Technology Blanchardstown

What legal aspects are needed to address specific ICT related issues?

U. S. Attorney Office Northern District of Texas March 2013

WRITTEN TESTIMONY OF

CYBER SECURITY, INTELLIGENCE AND AWARENESS COURSE PARK HOTEL THE HAGUE THE HAGUE, NETHERLANDS 26-30OCTOBER 2015

State of Security Survey GLOBAL FINDINGS

KEY TRENDS AND DRIVERS OF SECURITY

Breakout Session B: Cyber Security and Cybercrime Trends in Africa

The FBI Cyber Program. Bauer Advising Symposium //UNCLASSIFIED

DENIAL OF SERVICE: HOW BUSINESSES EVALUATE THE THREAT OF DDOS ATTACKS IT SECURITY RISKS SPECIAL REPORT SERIES

WHAT YOU NEED TO KNOW ABOUT CYBER SECURITY

Practical Steps To Securing Process Control Networks

Cyber Security Recommendations October 29, 2002

CYBERSECURITY: ISSUES AND ISACA S RESPONSE

CYBERCRIME AND THE INTERNET OF THREATS.

RETHINKING CYBER SECURITY Changing the Business Conversation

GOVERNMENT OF THE REPUBLIC OF LITHUANIA

GLOBAL BUSINESS DIALOGUE ON ELECTRONIC COMMERCE CYBER SECURITY AND CYBER CRIME SEPTEMBER 26, CEO EDS Corporation

Transcription:

Input by Dr. S.C. Cwele Minister of State Security, Republic of South Africa Cyber Security Meeting, Johannesburg 27 March 2014 I would like to thank the Wits School of Governance for inviting us to contribute in this important discussion of national and global importance. In the current information society, the Information and Communication Technologies (ICTs) are indispensable tools that drive economic growth, education, participation and development of citizens. These systems/platforms are borderless and enable more sophisticated threats such as cybercrime, cyber terrorism, cyber war and cyber espionage, hence necessitating the development of adequate security measures to prevent and counter cyber-attacks or incidents. The objective is to balance the risks associated with the use of information systems and the indispensability of extensive and free use of information technology to the functioning of open and modern societies. The growing threats to cyber security should not hinder the crucial role of ICT in stimulating growth of economies and societies. In this regard, South Africa has implemented a number of strategic and tactical interventions including the approval of National Cyber security Policy Framework (NCPF) on 7 March 2012, with the aim of; Promoting a cyber security culture and demand compliance with minimum security standards; Strengthening intelligence collection, investigations, prosecution and judicial processes, in respect of preventing and addressing cybercrime, cyber warfare, cyber terrorism and other cyber ills; Establish public private societal partnerships for national and international

action plans Ensure the protection of National Critical Information Infrastructure (NCII); and Promote and ensure a comprehensive legal framework governing cyberspace. Ensure adequate national capacity to develop and protect our cyberspace The South African National Cyber security Policy framework implementation is supported by a number of institutional mechanisms 1. The Cyber security Response Committee 2. Cyber security Centre 3. Cyber security Hub 4. National Computer Security Incidence Response Team (NCSIRT) and sector CSIRTs 5. National Verification of Information Security Products and Systems 6. Protection of the National Critical Information Infrastructure (NCII) Cybercrime The growth of the mobile web in South Africa and interconnectivity means that more consumers than ever before are vulnerable to cybercrime as they access the internet using their mobile phones, tablets, etc. The top cyber services being targeted by criminals are internet banking, e-commerce and social media sites. Studies show that there are three main drivers for cybercrime, namely, non-financially driven cybercrimes carried out by idealists who are mainly looking for recognition and fame; various financially-motivated cybercrimes which are normally carried out as a career for financial gain and politically motivated crimes such as cyber espionage and

hacktivism. Financial related cybercrimes include: Phishing attacks have been prevalent for several years, although there have been some changes in the modus operandi in recent times because some spam mails now include ransomware or other keystroke logging (Trojan) malware aimed at harvesting personal data including banking credentials from the victim s computer. Recently clients of some of the South African banks were targeted by syndicates using the Citadel Trojan 1. Spearphishing e-mails containing links to remote access software were recently identified. If installed, the remote access software allows control over the victim s computer. Hacking or unauthorised access to data or systems is on the rise. Fraudsters illegally gain access to the victim s computer system to conduct illegal and fraudulent activities. Criminals also hack into e-mail services such as Gmail, Google docs or other online e-mail accounts to obtain login credentials. Access to the victim s mailbox enables impersonations with dire consequences. Distribution of malicious code such as mobile malware is on the increase as more smartphones and tablets are used to access the online banking platforms. Criminals target these devices with malware or rogue applications, allowing them to harvest the client s information. Hostile mobile profile takeovers are on the 1 blog.seculert.com - Citadel open source malware project

increase and are used to entice clients to give up control of their own device profile, often in just a few easy steps. Distributed Denial of Service (DDoS) attacks are viewed as a threat and whilst attempts are made, no successful attacks have been reported. Recent South African media reports have revealed that cybercrime is costing the Republic approximately R1 billion a year. Reported non-financial related cybercrimes in South Africa include: Intellectual Property Rights (IPR) theft - it is reported that most cyber-attacks related to South Africa s IPR originate from Asia Attacks directed at strategic installations are reportedly originating from Asia and Middle East Cyber espionage attacks seem to be originating from mainly from West Africa and America Manufacturing, possession and distribution of child exploitation material in South Africa seem to be originating within South Africa. The material can be manufactured using multiple platforms including cellular phones. The motivator is again financial reward and of course self-stimulation for pedophiles.

Most of the non-financial related cybercrimes are driven by either a desire to dominate or discredit another for socio-economic benefit, revenge, political advantage or espionage. These crimes can also be driven by sexual stimulation/gratification, etc. and may result in loss of confidence or good standing, dignity and good reputation, psychological harassment, etc. The credibility and security of private institutions, businesses and governments may also be affected if such conduct cannot effectively be addressed. It is therefore critical that South Africa positions itself in a manner that is equipped to deal with the challenges we face in cyber security. Central to this is producing the relevant skills that are needed to address challenges in this sector. The skills we need as government include: High level network ops skills Network monitoring Cyber forensics Software development ( offensive and defensive) Cryptographic skills Cyber investigations and analysis ICT network design and development

The role of government is as follows: 1. DOJ&CD and NPA: are reviewing various legislations governing cyberspace, harmonizing and aligning them to the policy. 2. State Security: is overall responsible for coordination, development and implementation of cyber security measures in the republic as integral part of national security mandate. It must ensure that the JCPS cluster has requisite capacity in relation to NCPF. It also host Cyber security Response Team and Cyber security Centre 3. Police : are to prevent, investigate and combat cybercrime 4. DOC: develop industry standards, establish National Cyber security Advisory Council, establish Cyber security Hub, and sector specific CSIRTs 5. DOD &MV: to develop cyber defense measure to combat cyber warfare and cyber terrorism 6. DST and DHE are responsible for development of national skill capacity as well as research and development. The Private sector is expected to contribute to national skills, research and development. We expect them to implement information security standards and contribute to the protection of the National Critical Information Infrastructure. The civil society is expected to take interest in the general awareness programs and at least ensure their devices have updated malware protection. As part of responsible citizenry not to participate in cyber-attacks to our nation and the world. It is important to note that the success of cyber security policy is dependent on: Local and international cooperation

Capacity building, research and development Promotion of cyber security culture in South African society. I wish to encourage all relevant stakeholders to work together with government in addressing the issues around cybersecurity in order to create a better and safe cyber world. I thank you.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information