An Approach to Governance of CyberSecurity in South Africa

Abstract

A government has the responsibility to provide, regulate and maintain national security, which includes human security for its citizens. Recent declarations from the UK and USA governments about setting up cybersecurity organisations and the appointment of cyber czars reflect a global recognition that the Internet is part of the national critical infrastructure that needs to be safeguarded and protected. Although the South African government approved a draft National Cyber Security Policy Framework in March 2012, the country still needs a national cybersecurity governance structure in order to effectively control and protect its cyber infrastructure. Whilst various structures have been established to deal with cybersecurity in South Africa, they are inadequate and implementation of the policy is still in the very early stages. Structures need to be in place to set the security controls and policies and also to govern their implementation. It is important to have a holistic approach to cybersecurity, with partnerships between business, government and civil society put in place to achieve this goal. This paper investigates different government organisational structures created for the control of national cybersecurity in selected countries of the world. The main contribution is a proposed approach that South Africa could follow in implementing its proposed cybersecurity policy framework, taking into account the challenges of legislation and control of cybersecurity in Africa, and in particular, in South Africa.