13 th November 2018 DEPARTMENT OF TELECOMMUNICATIONS AND POSTAL SERVICES Mr Tinyiko Ngobeni Deputy Director General Infrastructure Dr Kiru Pillay Chief Director Cybersecurity Operations ID: 816641
Download The PPT/PDF document "Cybersecurity Briefing to the Portfolio ..." is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1
CybersecurityBriefing to the Portfolio Committee13th November 2018
Slide2DEPARTMENT OF TELECOMMUNICATIONS AND POSTAL SERVICESMr Tinyiko Ngobeni: Deputy Director General – Infrastructure Dr Kiru Pillay: Chief Director – Cybersecurity Operations
Slide3AGENDA1. State of Cybersecurity in South Africa2. Policy, Legislation and Regulations3. Cybersecurity Hub4. Coordination 5. Information Dissemination6. Cybersecurity Awareness
7. Strategic Initiatives
Slide4Making South Africa a Global Leader in Harnessing ICTs for Socio-economic Development
4
01
Slide5Current Landscape: ITU Global Cybersecurity Index (GCI)The objective of the GCI as an initiative is to help countries identify areas for improvement in the field of cybersecurity, as well as to motivate them to take action to improve their ranking, thus helping raise the overall level of commitment to cybersecurity worldwide. The five pillars of the ITU Global Cybersecurity Index (GCI)1. Legal: Measured based on the existence of legal institutions and frameworks dealing with cybersecurity and cybercrime.2. Technical:
Measured based on the existence of technical institutions and frameworks dealing with cybersecurity. 3.
Organizational: Measured based on the existence of policy coordination institutions and strategies for cybersecurity development at the national level.
4.
Capacity Building:
Measured based on the existence of research and development, education and training programmes; certified professionals and public sector agencies fostering capacity building.
5.
Cooperation:
Measured based on the existence of partnerships, cooperative frameworks and information sharing networks.
Making South Africa a Global Leader in Harnessing ICTs for Socio-economic Development
5
Slide6Current Landscape: ITU Global Cybersecurity Index (GCI)6
Slide7Current Landscape: ITU Global Cybersecurity Index (GCI)
Making South Africa a Global Leader in Harnessing ICTs for Socio-economic Development
7
Slide8Current Landscape: ITU Global Cybersecurity Index (GCI)
South Africa’s Ratings
South Africa’s Overall Ratings
Making South Africa a Global Leader in Harnessing ICTs for Socio-economic Development
8
Slide9Current Landscape: ITU Global Cybersecurity Index (GCI)
Making South Africa a Global Leader in Harnessing ICTs for Socio-economic Development
9
Slide10Making South Africa a Global Leader in Harnessing ICTs for Socio-economic Development
10
02
Slide11Creating an Enabling EnvironmentPolicy National Cybersecurity Policy FrameworkLegislation
Cybercrimes and Cybersecurity Bill
Currently tabled before Parliament
Critical Infrastructure
Bill
Out
for public comment
Regulation
Will be drafted on promulgation of the Bill
Making South Africa a Global Leader in Harnessing ICTs for Socio-economic Development
11
Slide12Regulators & Regulations The Information RegulatorThe Information Regulator is, among others, empowered to monitor and enforce compliance by public and private bodies with the provisions of the POPIA. Once the relevant provisions of POPI come into effect, a person or business that is responsible for personal information (responsible party) will, in the event of a security compromise, have to notify the Information Regulator as well as any parties whose personal information have been accessed or acquired by an unauthorised party.The notification must, at the very least, contain the following information:A description of the possible consequences of the security compromise;
A description of the measures taken or proposed to be taken by the responsible party to remedy the security breach;A recommendation of the measures that any party whose personal information was leaked in the security compromise should take in order to mitigate the possible adverse effects of the security compromise;
The identity of the unauthorised person, if known, who accessed or acquired the personal information.
The Information Regulator may also require the data breach to be publicised.
12
Slide13Making South Africa a Global Leader in Harnessing ICTs for Socio-economic Development
13
03
Slide14Cybersecurity Hub Functions
Making South Africa a Global Leader in Harnessing ICTs for Socio-economic Development
14
Government
Strategic Initiatives
Readiness Assessment
Skills Development
Coordination
Sector CSIRT Establishment
Increase collaboration through public-private partnerships
Coordinate Responses to threats at a national level
Info dissemination
Information Dissemination
Best practice Guidelines
Standardisation
Awareness
Initiate cybersecurity Awareness campaigns
Slide15Making South Africa a Global Leader in Harnessing ICTs for Socio-economic Development
15
04
Slide16Computer Security Incident Response Teams (CSIRTs)
SAPS
Cyber Crime Centre
Deals with Cyber-crime
DTPS
Cybersecurity Hub
Deals with
‘Private Sector’
Issues
Sector CSIRTs
Deals with Sector Issues
DOD & MV
Cyber Command
Centre
Deals with Military
Issues
SSA
Cybersecurity Centre
SSA
Government CSIRT
CABINET
JCPS
CLUSTER
DGS
FORUM
(
Chair: DG DOJ & CD)
Cyber Response
Committee
(Chair: DG
SSA
)
Cybersecurity Legislation
Cybersecurity Policy
NCII Policy
Cyber Warfare Policy
E-identity Management Policy
R&D Agency
National Cybersecurity Policy Framework (
NCPF
)
1
2
3
4
5
Making South Africa a Global Leader in Harnessing ICTs for Socio-economic Development
16
Slide17At the end of the 2017-2018 financial year, the Finance sector was well represented with respect to sector-based CSIRTs with at least four active CSIRTs, with others being planned. The Higher education sector also has an effective CSIRT responsible for universities, museums and research councils
New CSIRTs include the Retail and Internet Service providers CSIRTsEngagements have started with the mining sector
Making South Africa a Global Leader in Harnessing ICTs for Socio-economic Development
17
Current Sector CSIRTs
SABRIC CSIRT
ASISA CSIRT
FMI CSIRT
SAIA
PASA CSIRT
SSA Cyber Response Committee
FINANCE SECTOR-CSIRT
Cybersecurity Hub
RETAIL
SECTOR-CSIRT
LOGISTICS
SECTOR-CSIRT
HEALTH
SECTOR-CSIRT
TELECOMMS SECTOR-CSIRT
EDUCATION SECTOR-CSIRT
Other Finance CSIRTs
SANREN/TENET
Retail Sector-CSIRT
ISPA CSIRT
Mining Sector
Slide18Cybersecurity Incident Response ‘War Room’: Improving coordination
Making South Africa a Global Leader in Harnessing ICTs for Socio-economic Development
18
The ability to quickly respond to Cybersecurity threats and incidents is a vital part of a country’s defensive capability and falls within the ambit of the Cybersecurity Hub as described in 6.3.6.2 of the National Cybersecurity Policy Framework
”
coordinate Cybersecurity incident response activities…”.
The
Hub has
established a War Room which enables constituents
and law enforcement agencies to communicate with each other in a secure manner from remote locations.
Slide19Making South Africa a Global Leader in Harnessing ICTs for Socio-economic Development
19
05
Slide20Standardisation
Making South Africa a Global Leader in Harnessing ICTs for Socio-economic Development
20
A clear understanding of threats results in empowering an organisation to understand all the components and combat threats proactively. One way to achieve this is through threat standardisation.
The
standardisation of threats can be used to:
Promote
cyber security: As an organisation has a clearer picture of all the components of threats, and everything is documented, they can be more prepared for cyber risks.
Reduce
costs: Having a clear picture of the cyber security threats that an organisation could face can help them to prevent them from occurring thereby saving money on repairs of assets, etc.
The standardisation of threats needs to be rigorous, semantically correct, clear, and understandable.
The Hub is developing various threat standards
Slide21National Response Capability
Making South Africa a Global Leader in Harnessing ICTs for Socio-economic Development
21
Part of the Hub’s mandate is to coordinate threats at a national level.
The
N
ational Response Capability research
initiative
is developing response
and escalation protocols in the event of an attack against the country.
It is import ant to develop scenarios in order to determine contingency measures, escalations procedures and planning for possible
attacks.
Currently
three scenarios are
being developed:
- An
attack against national critical infrastructure e.g. the smart grid
- An
attack along the lines of a large data breach in which the private sector would be one of the main stakeholders
An
attack that may originate in another country or take place from SA targeting another country in which Mutual Legal Agreements (MLA’s) and national CSIRT-to-CSIRT communication and coordination would be important
.
In addition to the reporting and escalation procedure outputs, attempts to mitigate such attacks should also be identified e.g. training initiatives for technical staff working on critical infrastructure
.
Slide22National Response Capability
Making South Africa a Global Leader in Harnessing ICTs for Socio-economic Development
22
Slide23Making South Africa a Global Leader in Harnessing ICTs for Socio-economic Development
23
06
Slide24Development of a national Awareness Portal
Making South Africa a Global Leader in Harnessing ICTs for Socio-economic Development
24
Awareness Portal officially launched in October 2017
Running Awareness programs via the Portal e.g. Cyberbullying, financial astuteness are run together with stakeholders
Slide25Current Cyberbullying Awareness Campaign
Making South Africa a Global Leader in Harnessing ICTs for Socio-economic Development
25
Slide26Cybersecurity Awareness Partners
Making South Africa a Global Leader in Harnessing ICTs for Socio-economic Development
26
Slide27Partnership with GCISDevelop information adverts with weekly competitions on 65 community radio station in all districts. Design of one-page information brochures, translated into the 11 official languages and distributed during planned community outreach programmes.Content development, production and flighting of a weekly, five-minute, 10-episode cybersecurity programme broadcast on selected public radio stations.Media partnership with a selected commercial radio station (e.g. Power FM, Talk Radio 702/Cape Talk) for a month-long advertising campaign during Cybersecurity month.Engagement with relevant television programmes such as Morning Live, Network, Sunrise, etc. for non-paid-for features with key messengers on Cybersecurity.Conceptualisation and production of the Cybersecurity mascot, which will be utilised for community, outreach programmes.
Cybersecurity features on GCIS social media, radio and print platforms.
Making South Africa a Global Leader in Harnessing ICTs for Socio-economic Development
27
Slide28Partnership with GCISIn addition to the GCIS media partnership, cybersecurity elements will be woven into all planned community outreach programmes for the Deputy Minister as follows:Social media communicationCommunity media featuresActivation by the Cybersecurity MascotDeployment of the Lumka cyberbullying platformDistribution of the Cybersecurity pamphlets
Cybersecurity content to be included in the Deputy Minister’s speech
Making South Africa a Global Leader in Harnessing ICTs for Socio-economic Development
28
Slide29Making South Africa a Global Leader in Harnessing ICTs for Socio-economic Development
29
07
Slide30Developing the Cybersecurity SMME sector
Making South Africa a Global Leader in Harnessing ICTs for Socio-economic Development
30
The
need for locally developed tools have become an imperative for many countries, with South Korea, China, the US amongst others actively supporting the development of ‘in-house’ cybersecurity tools.
In
South Africa there is an urgent need for the establishment of sector CSIRTS / SOCs and for the promotion of public-private partnerships in order to counter cybersecurity breaches and incidents.
South
Africa also has an associated strategic objective of encouraging the local software development sector.
The
overall objective of
the research was investigate
the South African cybersecurity landscape and
understand the
sector in order to determine its maturity.
The
landscape comprises of all the
initiatives undertaken
by both the private and public
sector and the objectives for
the
research was:
• To investigate the cybersecurity sector (public/private) in South Africa,
•
To identify cybersecurity technologies developed in South Africa, and
• To analyse the landscape at large.
Slide31Developing the Cybersecurity SMME sector
Making South Africa a Global Leader in Harnessing ICTs for Socio-economic Development
31
Most
SMMEs are either service providers or advisory.
Only a
few are actively involved in research.
Slide32Development of a national Cybersecurity Skills framework
Making South Africa a Global Leader in Harnessing ICTs for Socio-economic Development
32
Developed a national Cybersecurity Skills Framework
Based on international best practice model - National Initiative for Cybersecurity Education (NICE)
Customised for South Africa
Developed in collaboration with SABRIC and the BANK SETA
Has been socialised with various other SETAs
Organising Framework for Occupations (OFO) codes have been developed – precursor to curriculum development
Slide33Development of a national Cybersecurity Skills framework
Making South Africa a Global Leader in Harnessing ICTs for Socio-economic Development
33