Cybersecurity Briefing to the Portfolio Committee - PowerPoint Presentation

Slide1

CybersecurityBriefing to the Portfolio Committee13th November 2018

Slide2

DEPARTMENT OF TELECOMMUNICATIONS AND POSTAL SERVICESMr Tinyiko Ngobeni: Deputy Director General – Infrastructure Dr Kiru Pillay: Chief Director – Cybersecurity Operations

Slide3

AGENDA1. State of Cybersecurity in South Africa2. Policy, Legislation and Regulations3. Cybersecurity Hub4. Coordination 5. Information Dissemination6. Cybersecurity Awareness

7. Strategic Initiatives

Slide4

Making South Africa a Global Leader in Harnessing ICTs for Socio-economic Development

4

01

Slide5

Current Landscape: ITU Global Cybersecurity Index (GCI)The objective of the GCI as an initiative is to help countries identify areas for improvement in the field of cybersecurity, as well as to motivate them to take action to improve their ranking, thus helping raise the overall level of commitment to cybersecurity worldwide. The five pillars of the ITU Global Cybersecurity Index (GCI)1. Legal: Measured based on the existence of legal institutions and frameworks dealing with cybersecurity and cybercrime.2. Technical:

Measured based on the existence of technical institutions and frameworks dealing with cybersecurity. 3.

Organizational: Measured based on the existence of policy coordination institutions and strategies for cybersecurity development at the national level.

4.

Capacity Building:

Measured based on the existence of research and development, education and training programmes; certified professionals and public sector agencies fostering capacity building.

5.

Cooperation:

Measured based on the existence of partnerships, cooperative frameworks and information sharing networks.

Making South Africa a Global Leader in Harnessing ICTs for Socio-economic Development

5

Slide6

Current Landscape: ITU Global Cybersecurity Index (GCI)6

Slide7

Current Landscape: ITU Global Cybersecurity Index (GCI)

Making South Africa a Global Leader in Harnessing ICTs for Socio-economic Development

7

Slide8

Current Landscape: ITU Global Cybersecurity Index (GCI)

South Africa’s Ratings

South Africa’s Overall Ratings

Making South Africa a Global Leader in Harnessing ICTs for Socio-economic Development

8

Slide9

Current Landscape: ITU Global Cybersecurity Index (GCI)

Making South Africa a Global Leader in Harnessing ICTs for Socio-economic Development

9

Slide10

Making South Africa a Global Leader in Harnessing ICTs for Socio-economic Development

10

02

Slide11

Creating an Enabling EnvironmentPolicy National Cybersecurity Policy FrameworkLegislation

Cybercrimes and Cybersecurity Bill

Currently tabled before Parliament

Critical Infrastructure

Bill

Out

for public comment

Regulation

Will be drafted on promulgation of the Bill

Making South Africa a Global Leader in Harnessing ICTs for Socio-economic Development

11

Slide12

Regulators & Regulations The Information RegulatorThe Information Regulator is, among others, empowered to monitor and enforce compliance by public and private bodies with the provisions of the POPIA. Once the relevant provisions of POPI come into effect, a person or business that is responsible for personal information (responsible party) will, in the event of a security compromise, have to notify the Information Regulator as well as any parties whose personal information have been accessed or acquired by an unauthorised party.The notification must, at the very least, contain the following information:A description of the possible consequences of the security compromise;

A description of the measures taken or proposed to be taken by the responsible party to remedy the security breach;A recommendation of the measures that any party whose personal information was leaked in the security compromise should take in order to mitigate the possible adverse effects of the security compromise;

The identity of the unauthorised person, if known, who accessed or acquired the personal information.

The Information Regulator may also require the data breach to be publicised.

12

Slide13

Making South Africa a Global Leader in Harnessing ICTs for Socio-economic Development

13

03

Slide14

Cybersecurity Hub Functions

Making South Africa a Global Leader in Harnessing ICTs for Socio-economic Development

14

Government

Strategic Initiatives

Readiness Assessment

Skills Development

Coordination

Sector CSIRT Establishment

Increase collaboration through public-private partnerships

Coordinate Responses to threats at a national level

Info dissemination

Information Dissemination

Best practice Guidelines

Standardisation

Awareness

Initiate cybersecurity Awareness campaigns

Slide15

Making South Africa a Global Leader in Harnessing ICTs for Socio-economic Development

15

04

Slide16

Computer Security Incident Response Teams (CSIRTs)

SAPS

Cyber Crime Centre

Deals with Cyber-crime

DTPS

Cybersecurity Hub

Deals with

‘Private Sector’

Issues

Sector CSIRTs

Deals with Sector Issues

DOD & MV

Cyber Command

Centre

Deals with Military

Issues

SSA

Cybersecurity Centre

SSA

Government CSIRT

CABINET

JCPS

CLUSTER

DGS

FORUM

(

Chair: DG DOJ & CD)

Cyber Response

Committee

(Chair: DG

SSA

)

Cybersecurity Legislation

Cybersecurity Policy

NCII Policy

Cyber Warfare Policy

E-identity Management Policy

R&D Agency

National Cybersecurity Policy Framework (

NCPF

)

1

2

3

4

5

Making South Africa a Global Leader in Harnessing ICTs for Socio-economic Development

16

Slide17

At the end of the 2017-2018 financial year, the Finance sector was well represented with respect to sector-based CSIRTs with at least four active CSIRTs, with others being planned. The Higher education sector also has an effective CSIRT responsible for universities, museums and research councils

New CSIRTs include the Retail and Internet Service providers CSIRTsEngagements have started with the mining sector

Making South Africa a Global Leader in Harnessing ICTs for Socio-economic Development

17

Current Sector CSIRTs

SABRIC CSIRT

ASISA CSIRT

FMI CSIRT

SAIA

PASA CSIRT

SSA Cyber Response Committee

FINANCE SECTOR-CSIRT

Cybersecurity Hub

RETAIL

SECTOR-CSIRT

LOGISTICS

SECTOR-CSIRT

HEALTH

SECTOR-CSIRT

TELECOMMS SECTOR-CSIRT

EDUCATION SECTOR-CSIRT

Other Finance CSIRTs

SANREN/TENET

Retail Sector-CSIRT

ISPA CSIRT

Mining Sector

Slide18

Cybersecurity Incident Response ‘War Room’: Improving coordination

Making South Africa a Global Leader in Harnessing ICTs for Socio-economic Development

18

The ability to quickly respond to Cybersecurity threats and incidents is a vital part of a country’s defensive capability and falls within the ambit of the Cybersecurity Hub as described in 6.3.6.2 of the National Cybersecurity Policy Framework

”

coordinate Cybersecurity incident response activities…”.

The

Hub has

established a War Room which enables constituents

and law enforcement agencies to communicate with each other in a secure manner from remote locations.

Slide19

Making South Africa a Global Leader in Harnessing ICTs for Socio-economic Development

19

05

Slide20

Standardisation

Making South Africa a Global Leader in Harnessing ICTs for Socio-economic Development

20

A clear understanding of threats results in empowering an organisation to understand all the components and combat threats proactively. One way to achieve this is through threat standardisation.

The

standardisation of threats can be used to:

Promote

cyber security: As an organisation has a clearer picture of all the components of threats, and everything is documented, they can be more prepared for cyber risks.

Reduce

costs: Having a clear picture of the cyber security threats that an organisation could face can help them to prevent them from occurring thereby saving money on repairs of assets, etc.

The standardisation of threats needs to be rigorous, semantically correct, clear, and understandable.

The Hub is developing various threat standards

Slide21

National Response Capability

Making South Africa a Global Leader in Harnessing ICTs for Socio-economic Development

21

Part of the Hub’s mandate is to coordinate threats at a national level.

The

N

ational Response Capability research

initiative

is developing response

and escalation protocols in the event of an attack against the country.

It is import ant to develop scenarios in order to determine contingency measures, escalations procedures and planning for possible

attacks.

Currently

three scenarios are

being developed:

- An

attack against national critical infrastructure e.g. the smart grid

- An

attack along the lines of a large data breach in which the private sector would be one of the main stakeholders

An

attack that may originate in another country or take place from SA targeting another country in which Mutual Legal Agreements (MLA’s) and national CSIRT-to-CSIRT communication and coordination would be important

.

In addition to the reporting and escalation procedure outputs, attempts to mitigate such attacks should also be identified e.g. training initiatives for technical staff working on critical infrastructure

.

Slide22

National Response Capability

Making South Africa a Global Leader in Harnessing ICTs for Socio-economic Development

22

Slide23

Making South Africa a Global Leader in Harnessing ICTs for Socio-economic Development

23

06

Slide24

Development of a national Awareness Portal

Making South Africa a Global Leader in Harnessing ICTs for Socio-economic Development

24

Awareness Portal officially launched in October 2017

Running Awareness programs via the Portal e.g. Cyberbullying, financial astuteness are run together with stakeholders

Slide25

Current Cyberbullying Awareness Campaign

Making South Africa a Global Leader in Harnessing ICTs for Socio-economic Development

25

Slide26

Cybersecurity Awareness Partners

Making South Africa a Global Leader in Harnessing ICTs for Socio-economic Development

26

Slide27

Partnership with GCISDevelop information adverts with weekly competitions on 65 community radio station in all districts. Design of one-page information brochures, translated into the 11 official languages and distributed during planned community outreach programmes.Content development, production and flighting of a weekly, five-minute, 10-episode cybersecurity programme broadcast on selected public radio stations.Media partnership with a selected commercial radio station (e.g. Power FM, Talk Radio 702/Cape Talk) for a month-long advertising campaign during Cybersecurity month.Engagement with relevant television programmes such as Morning Live, Network, Sunrise, etc. for non-paid-for features with key messengers on Cybersecurity.Conceptualisation and production of the Cybersecurity mascot, which will be utilised for community, outreach programmes.

Cybersecurity features on GCIS social media, radio and print platforms.

Making South Africa a Global Leader in Harnessing ICTs for Socio-economic Development

27

Slide28

Partnership with GCISIn addition to the GCIS media partnership, cybersecurity elements will be woven into all planned community outreach programmes for the Deputy Minister as follows:Social media communicationCommunity media featuresActivation by the Cybersecurity MascotDeployment of the Lumka cyberbullying platformDistribution of the Cybersecurity pamphlets

Cybersecurity content to be included in the Deputy Minister’s speech

Making South Africa a Global Leader in Harnessing ICTs for Socio-economic Development

28

Slide29

Making South Africa a Global Leader in Harnessing ICTs for Socio-economic Development

29

07

Slide30

Developing the Cybersecurity SMME sector

Making South Africa a Global Leader in Harnessing ICTs for Socio-economic Development

30

The

need for locally developed tools have become an imperative for many countries, with South Korea, China, the US amongst others actively supporting the development of ‘in-house’ cybersecurity tools.

In

South Africa there is an urgent need for the establishment of sector CSIRTS / SOCs and for the promotion of public-private partnerships in order to counter cybersecurity breaches and incidents.

South

Africa also has an associated strategic objective of encouraging the local software development sector.

The

overall objective of

the research was investigate

the South African cybersecurity landscape and

understand the

sector in order to determine its maturity.

The

landscape comprises of all the

initiatives undertaken

by both the private and public

sector and the objectives for

the

research was:

• To investigate the cybersecurity sector (public/private) in South Africa,

•

To identify cybersecurity technologies developed in South Africa, and

• To analyse the landscape at large.

Slide31

Developing the Cybersecurity SMME sector

Making South Africa a Global Leader in Harnessing ICTs for Socio-economic Development

31

Most

SMMEs are either service providers or advisory.

Only a

few are actively involved in research.

Slide32

Development of a national Cybersecurity Skills framework

Making South Africa a Global Leader in Harnessing ICTs for Socio-economic Development

32

Developed a national Cybersecurity Skills Framework

Based on international best practice model - National Initiative for Cybersecurity Education (NICE)

Customised for South Africa

Developed in collaboration with SABRIC and the BANK SETA

Has been socialised with various other SETAs

Organising Framework for Occupations (OFO) codes have been developed – precursor to curriculum development

Slide33

Development of a national Cybersecurity Skills framework

Making South Africa a Global Leader in Harnessing ICTs for Socio-economic Development

33