Mr. President: Please take note of the African Union Convention on Cyber Security

December 12th, 2014, Published in Articles: EngineerIT

 

Prof. Basie von Solms

There is no doubt that the ubiquitous threats and consequences of cyber crime are growing at an alarming rate internationally. Reports of companies losing millions with private customer information being compromised are daily events. Unfortunately, South Africa is not excluded from this picture – in fact, some recent reports list SA as third internationally as far as cyber crime victims are concerned – only “losing” out to China and Russia. There can be no doubt that SA has a crisis on its hands as far as cyber crime is concerned – being third on the “victims’ list” proves that. The recent successes by the Hawks in arresting cyber criminals and syndicates in SA also supports the fact that cyber crime is rampant in SA.

Of course it is essential to investigate the reasons for such a state of affairs, and investigate possible corrective actions.

One of the main reasons in SA, if not the main reason, is the lack of action and leadership from the side of the governnment as far as cyber security is concerned – SA at this stage does not even have an official national cyber security policy.  Because of the lack of such a policy, SA does not have a framework to cyber-protect itself. Such a framework should provide government initiatives on aspects like a national cyber security awareness programme, a national cyber security capacity building programme, public-private partnerships in cyber security and more. SA does not have such initiatives, and that is a major reason why we compete with Russia and China for the top spot on the list mentioned above.

However, one little light at the end of the tunnel has appeared! In June 2014 the heads of member states of the African Union  adopted the African Union Convention on Cyber Crime and Personal Data Protection. This very timely document contains most, if not all, of the matters mentioned above. If this document can be implemented – or at least used as a guideline in Africa; and of course SA – we can go a long way to move down the “victims’ list”.

The problem is however that the Convention only comes into effect if ratified by at least 15 member states. The convention basically covers four areas – the security of e-commerce, personal data protection, cyber security and legal aspects. In the first two areas SA has activities: The ECT Act of 2000 and its present review, and the Protection of Personal Information Bill. However, in the area of cyber security, as spelled out by the convention, SA has nothing officially in place.

By conforming to the convention in some way, the government will also help those private industries in SA that have a footprint in Africa: it will help such industries to have a form of cyber security standardisation to enforce in their subsidiaries based in other African states.

This convention is not perfect – it creates the impression that a lot of aspects have been pushed together in one document. Separate documents on each of the four areas mentioned above might have been more digestible. It might also have simplified the ratification process. Strong criticism has also been voiced specifically at the part related to the protection of personal privacy.  Whatever the case, the convention has been adopted, and is a good guideline for specifically the cyber security matters mentioned above.  For the area of cyber security in general it does provide a good starting point to help Africa, and also for SA to move away from the image of being the cyber crime hotbed of the world.

The SA government should seriously consider ratifying the convention, or at least using the cyber security part of the convention to perform a comprehensive health check on the status of cyber security in SA.

Editor’s note: The title of this article was subedited to read “Mr. President: Please take cyber security seriously” in the hard copy of  EngineerIT January 2015. EE Publishers regrets any embarrassment this may have caused.

 

Related Articles

  • IITPSA announces 2019 President’s Awards shortlist
  • New educational innovation for electronic circuit building
  • Students awarded for their science projects
  • Advanced modular controller product
  • Enabling platform-independent access to all IO-Link devices