Government and private sector cooperation on security of critical information infrastructures
Date
2017
Authors
Mshunqane, Zoyisile
Journal Title
Journal ISSN
Volume Title
Publisher
Abstract
Information and Communications Technologies (ICTs), in particular interconnected computer and related digital systems, create opportunities for innovation, competitiveness and economic growth. These technologies also expose key sectors of the economy such as banking, telecommunications, manufacturing, emergency services, transportation, energy, and social services to new security risks and threats.
This security challenge has given rise to a need for the adoption of appropriate strategies to secure critical information systems commonly referred to as Critical Information Infrastructures or CIIs. The European Union defines CIIs as ICT systems that are critical and essential for the operation of Critical Infrastructures, such as telecommunications, computers, the internet, and communications satellites. The African Union has defined CIIs as the cyber infrastructures essential to vital services for public safety, economic stability, national security, international stability, and the sustainability and restoration of critical cyberspace.
Given their complexity and sophistication, CIIs are increasingly owned or operated by the private sector, and governments generally purchase these services on behalf of the general public. This interdependence between the public and private sectors calls for structured co-operation aimed at ensuring the security and uninterrupted availability of CIIs.
This study examines the extent to which South Africa’s public policies for securing CIIs promote co-operation between the government and the private sector. It includes a literature review which shows that policy aimed at promoting and regulating public-private cooperation is a key element of efforts to secure CIIs and combat cybercrime in Europe, the Americas and Asia.
The report also shows that the Council of Europe, through the Budapest Convention, has played a central role in creating a legal framework for combating cybercrime and promoting public- private cooperation on cybersecurity.
Government and private sector cooperation on security of Critical information Infrastructures
Page 11 of 80
Research also shows that not much has been done in Africa to combat cybercrime. Some initiatives have been undertaken by Senegal, Morocco, South Africa and Mauritius. These countries are members of the Budapest Convention, and participated in initiatives of the Council of Europe in their capacity as members of the Convention.
In 2014, the AU adopted the AU Convention on Cyber Security and Personal Data Protection. This convention has only been signed by eight of 54 African countries, and has not entered into force because it has not been ratified by the required number of countries. This means that there is no valid instrument for promoting cooperation on cyber security in Africa.
Since 2002, the South African government has adopted various policies and laws aimed at promoting cooperation with the private sector. However, there is no evidence of these policies or legislation being implemented. The research also shows that the government has failed to develop a consistent strategy for implementing policy in this field.
In 2015, the government approved the National Cybersecurity Policy Framework (NCPF), which calls for public–private partnerships and cooperation. However, the research shows that it has not adopted a strategy that will allow this approach to succeed. In this regard, the research report points to the 5C protocol as a useful guide to successful policy implementation.
In interviews conducted for this study, senior government officials acknowledge that, as in many other areas of governance, good policy has been made, but implementation is lagging.
The study concludes with recommendations for improving cyber security in South Africa. These include fast-tracking the Cybersecurity and Cybercrimes Bill, which has been tabled in Parliament; developing and institutionalising a policy implementation framework in line with the 5C protocol; and developing the required skills and capacity to institutionalise and structure cooperation between the government the private sector in identifying and protecting CIIs, and pursuing a regional approach to cybersecurity
Description
A research report submitted to the Faculty of Management, University of the Witwatersrand, in 50% fulfilment of the requirements for the Degree of Master of Management in Public Policy (in the field of Security).
Keywords
Citation
Mshunqane, Zoyisile (2017) Government and private sector cooperation on security of critical information infrastructures, University of the Witwatersrand, Johannesburg, <http://hdl.handle.net/10539/26268>