High-Level Segment (HLS) of Council 2008
Geneva, 12-13 November 2008
 
 
Statement by H.E. Mr. Radhakrishna Padayachie, Deputy Minister of Communications, Republic of South Africa

Session 6: ITU Global Cybersecurity Agenda: Towards an International Roadmap for Cybersecurity

Secretary-General of the ITU, Dr Hamadoun Toure
Honourable Ministers and Deputy Ministers
Heads of Delegations
Distinguished Guests
Ladies and Gentlemen

We take this opportunity to thank the International Telecommunications Union (ITU) family for affording us the honour of addressing this important High-Level-Segment (HLS) of the ITU Council on Cybersecurity. This HLS is convened just after the successful hosting of the World Telecommunications Standardization Assembly in October 2008 (WTSA-08) by the Republic of South Africa. The WTSA-08 has made significant decisions which foster confidence and security in the use of Information Communications Technologies (ICTs).

This High Level Segment (HLS) takes place under the themes: “ICTs and Climate Change and “Cybersecurity”. These are critical challenges facing the global economy and as such we all need to unite in this endeavour.

The advent and phenomenal growth of Information Communications Technologies (ICTs) and its related services have produced both unlimited opportunities and challenges in the form of cyberactivity growth and Cybersecurity threats which are growing rapidly across the globe. Cyber attacks such as viruses, identity theft, and spam are on the increase. This threatens the security of the information and communications system.

In this presentation, I will address the following two issues related to the building of confidence and security in the use of ICTs, namely:

  • The measures which are in place or planned by the Republic of South Africa to enhance cooperation and collaboration on Cybersecurity with other stakeholders at the regional, national and global levels; and
  • The main challenges which should be tackled to ensure that the information society is safer and more secure at the global level.

Background – ITU GCA, OECD and other international activities

As you are aware, the ITU, through its Global Cybersecurity Agenda (GCA) has put in place a framework for international cooperation in Cybersecurity.

Due to its critical importance, “Cybersecurity” enjoys a high priority in a number of international fora. The World Summit on the Information Society (WSIS) Action Plan Action Line C5 provides for “building confidence and security in the use of ICTs”. Furthermore, organizations such as the International Telecommunications Union (ITU) and International Multilateral Partnership Against Cyber Attacks (“IMPACT”), among others, are working on the measures to effectively deal with cybercrime/ attacks.

The Republic of South Africa has the following measures in place or planned to enhance cooperation and collaboration on Cybersecurity with other stakeholders at the regional, national and global levels

1. South African Legislative Framework and planned Cybersecurity Policy Framework
The South African ICT legislative framework is to a great extent committed to the uptake and usage of the ICTs. It is this extensive usage of the ICTs that present the need for the country to have a harmonized and coordinated approach to dealing with the question of Cybersecurity.

Clearly, an effective Cybersecurity Framework is not merely a matter of government or law enforcement practices, but has to be addressed through prevention supported by society. Furthermore, technology alone cannot ensure Cybersecurity, therefore priority must be given to Cybersecurity planning and management throughout society.

2. The Republic of South Africa is currently using the principles developed by the GCA in developing a National Cybersecurity Policy Framework.
These principles encompass: (a) Legal measures; (b) Technical and Procedural measures; (c) Organisational Structures; (d) Capacity Building; and (e) International Cooperation. Due to the borderless nature of cyberspace, the aforesaid Framework will provide more emphasis on the strengthening of collaboration and partnerships at national level through the establishment of a Government-Industry Collaboration Forum.

3. At national level, the Republic of South Africa is working towards establishing Computer Security Incident Response Teams (CSIRT) under the auspices of the Electronic Communication Security (Pty) Ltd (COMSEC). We are collaborating with some countries to become a member of the Forum for Incident Response and Security Teams (FIRSTs).

The National CSIRT could also connect with international bodies like IMPACT (International Multilateral Partnership against Cyber Terrorism).

4. At international level, South Africa continues to advance partnership and collaboration on Cybersecurity issues with key players such as ITU and also plans to partner with other ITU member states.

5. Electronic Communications and Transaction Act, 2002
In South Africa, the Department of Communications is mandated by the Electronic Communications and Transaction Act, 2002, among others, to deal with cyber crime and other Cybersecurity related issues.
 

6. Identity management systems
For the purposes of ensuring business efficiency, quality of services, ensuring information security, and privacy and consumer trust in online transactions, it is important to establish an authority/agency that will be responsible for accreditation of authentication services and products.

In South Africa, the South African Accreditation Authority (SAAA) is responsible for accreditation of authentication services and products and more importantly the accreditation of service providers who will issue advanced digital signatures.

South African legislation provides for the registration of the Cryptograph Service Providers to provide cryptography services.

7. Organizational Structures
South African legislation recognizes the need for a cyber inspectorate to ensure compliance of cryptography service providers, authentication service providers, and critical database management.

In South Africa, the Electronic Communications Security (Pty) Ltd (Comsec) has been established, among other things, to identify and protect the critical infrastructure; and to protect and secure critical electronic communications of the organs of State against unauthorized access or technical, electronic or any other related threats.

Main challenges that we believe should be tackled to ensure that the information society is safer and more secure on a global scope

1. We strongly believe that Cybersecurity Frameworks are needed both at international and national levels in order to build a foundation of knowledge that can aid in securing the networks of today and tomorrow. There is a need to address the following issues with respect to building confidence and security in the use of ICTs, namely:

(a) Strong Legal Measures

  • A number of countries have legislative frameworks that deal with the cyber security and protection of the critical information communication infrastructure. The main challenge is that most of these legislative frameworks are not harmonized.
  • It is imperative to have harmonized legislative framework as the Internet is borderless. This will assist in the curbing of cyber crimes as the laws that apply in one country will also apply in the other countries, thus making it difficult for cyber criminals to operate.
  • The legislative measures should however, also strike a balance between privacy and Cybersecurity.

(b) Adequate Technical and Procedural Measures

  • Promotion of technical and expert support and capacity building in the Developing countries is required. In light of the new ITU-T Resolution [L] which was adopted at WTSA-08 (Johannesburg), the ITU is to assist, in particular, the developing countries in establishing national CSIRTs where the such bodies do not exist.

(c) Establishment of Government-Industry Collaboration Forum

  • There is a definite need for more collaboration between industries, ICT Vendors, countries and Cybersecurity organizations. They need to form a united front and force to tackle the challenges.

(d) Promoting the Culture of Cybersecurity

  • More training and development in forensic investigations and prosecutions are needed so that cyber-terrorist activities can be easily prosecuted. Attention should also be focused on the training and development for IT Security professionals as there is a shortage of these skills globally.
  • The other critical challenge we as a country face is harmful content that targets or uses children. In this regard, it is important for governments to ensure that their cyber crime legislations offer adequate protection of minors online.

(e) Strengthening International Collaboration and Partnerships

  • In light of the fact that cyber-threats/ attacks do not recognize borders or laws, there is a need for governments, business and civil society globally to work together to protect and secure their national cyber-spaces and critical infrastructure. Governments’ through-out the world are not able to deal with the emerging threat in isolation,

Finally, given the fact that we are all interconnected and that our social economic livelihood depends on how secure our critical information infrastructure is, there is a compelling need to ensure there is no weak link in our Cybersecurity plans.

We are confident that the HLS will provide a suitable platform for the exchange of ideas and experiences between stakeholders from government, private sector and civil society on issues relating to these critical challenges on Cybersecurity with the strategic view of ensuring the building of confidence and security in the use of ICTs. Understandably this will spur the relevant stakeholders to collaborate and interact more proactively as well as forming a cohesive unit that is part of the ITU to ensure that ICTs are safe and secure.

I thank you for your attention