[19 January 2017] Below are links to the Bill and summary as they are to be introduced into Parliament later this month.
Statement by Deputy Minister Jeffery on the new proposed Cybercrimes and Cybersecurity Bill
___[9 December 2016] A notice has been published in the Government Gazette setting out the intention of the Minister of Justice and Correctional Services to introduce the Cybercrimes and Cybersecurity Bill, 2017 (the Bill), in the National Assembly shortly.
The explanatory summary of the Bill published in the Notice reads as follows:
The Bill intends to –
(a) create offences which has a bearing on cybercrime and to prescribe penalties;
(b) criminalise the distribution of data messages which is harmful and to provide for interim protection orders;
(c) further regulate jurisdiction in respect of cybercrimes;
(d) further regulate the powers to investigate cybercrimes;
(e) further regulate aspects relating to mutual assistance in respect of the investigation of cybercrime;
(f) provide for the establishment of a 24/7 Point of Contact;
(g) further provide for the proof of certain facts by affidavit;
(h) impose obligations on electronic communications service providers and financial institutions to assist in the investigation of cybercrimes and to report cybercrimes;
(i) provide for the establishment of structures to promote cybersecurity and capacity building;
(j) regulate the identification and declaration of critical information infrastructures and measures to protect critical information infrastructures;
(k) provide that the Executive may enter into agreements with foreign States to promote cybersecurity;
(l) delete and amend provisions of certain laws; and (m) provide for matters connected therewith.
___[7 September 2016] This Bill is expected to be presented to Cabinet this September and then introduced into Parliament early in 2017.
While we wait, the Department of Telecommunications and Postal Services has launched their new virtual cybersecurity hub website: https://www.cybersecurityhub.gov.za.
___[9 March 2016] The Department of Justice has formed an expert panel to review a further version of the Bill which has been substantially amended following public submissions received. This review process is expected to conclude in the middle of 2016 and a new version of the Bill will thereafter be published.
___[5 December 2015] An edited version of the National Cybersecurity Framework Policy (NCPF) was gazetted on 4 December 2015.
It is unfortunate that this was only made public after the period for submissions on the Draft Cybercrimes and Cybersecurity Bill 2015 had closed….
___[4 December 2015] Submissions we have found:
- Centre for Constitutional Rights
- Electronic Frontier Foundation
- Internet Service Providers’ Association
- Right2Know-Preliminary Position
___[21 November 2015] Reminder that submissions on the Cybercrimes and Cybersecurity Bill 2015 are due on Monday 30 November 2015.
___[5 November 2015] The Minister of Telecommunications and Postal Services launched the Cybersecurity Hub on 30 October 2015. The Hub is situated at www.cybersecurityhub.gov.za.
In short the functions of the hub will be among others to:
- Receiving incident reports from stakeholders and establishing clear incident management processes.
- Disseminating information to stakeholders about threats and attacks as a pre-emptive measure as well as mitigating procedures against emerging attacks
- Creating an archive of lessons learnt to ensure ease of access in dealing with future threats and vulnerabilities
- In the case of cyberbullying involving Cybersecurity Hub legal entities and assisting with escalating attacks to the relevant authorities
- And chairing of scheduled meetings with reporting and trending attacks and incidents for the specific period.
The hub will become a point of reference for citizens in as far as cybersecurity issues are concerned providing a repository of information regarding the do’s and don’t s of Internet for children, best practice guide for parenting on the Internet and how the average South African can protect against malicious attacks, identity theft and online financial security. The hub will create platforms to allow parents to share information on how to manage their children online and also provide links to Internet resources to assist both children and parents.
For the very first time in South Africa, the hub will ensure collaboration between businesses and create a platform for partnership between government and the private sector on cybersecurity. It will also facilitate the leveraging of high end cybersecurity capacity which is scarce as we build confidence and trust among stakeholders and place our nation in a better position to respond to cybersecurity in a much more coordinated matter. The shared information also provides an opportunity for cost savings as the hub’s expertise will allow for quicker incident recovery, which can translate to less money spent on incident response.
Cybersecurity incidents are to be reported to email@example.com.
___[11 September 2015] The link below is to a 45 minute presentation on cybercrime and the law in South Africa which was delivered during the Internet Service Providers’ Association iWeek Conference (so the focus is on how it impacts on ISPs).
___[28 August 2015] The Department of Justice & Constitutional Development has published The Cybercrimes and Cybersecurity Bill and an accompanying Discussion Document for public comment.
The deadline for submissions is 30 November 2015. Comments can be sent by fax 012 406 4632 or email firstname.lastname@example.org marked for the atttention of Mr S J Robbertse.
The Bill aims to deal with various aspects relating to cybercrime and cybersecurity and to that extent the Bill –
- creates offences and prescribes penalties;
- further regulates jurisdiction;
- further regulates the powers to investigate, search and gain access to or seize items;
- further regulates aspects of international cooperation in respect of the investigation of cybercrime;
- provides for the establishment of a 24/7 point of contact;
- provides for the establishment of various structures to deal with cyber security;
- regulates the identification and declaration of National Critical Information Infrastructures and provides for measures to protect National Critical Information Infrastructures;
- further regulates aspects relating to evidence;
- imposes obligations on electronic communications service providers regarding aspects which may impact on cybersecurity;
- provides that the President may enter into agreements with foreign States to promote cybersecurity;
- repeals and amends certain laws; and
- provides for matters connected therewith.
Any person or entity, who wants to meet with the Department to discuss any aspect of the Bill must make the necessary arrangements with the Department. Any meeting with regard to the Bill will take place at the Department of Justice and Constitutional Development, unless expressly agreed to otherwise by the Department.
___[22 May 2015] The Deputy Minister of Justice and Correctional Services indicated in his Budget Speech for the 2015/2016 financial year that the Cybercrimes and Related Matters Bill will be released for general comment in the near future. This confirms that there will be an opportunity for the public to comment prior to the Bill being introduced into Parliament.
The Cybercrimes and Related Matters Bill is aimed at strengthening the criminal justice system as envisaged in the National Development Plan, by introducing measures which are aimed at combatting cybercrime. It will be released for public comment by the Department in the near future before being introduced into Parliament.
Interestingly, in his Budget Speech, the Minister noted that a “conviction rate of 95% was achieved in respect of cybercrime”.
___[6 May 2015] The Minister of State Security, Mr David Mahlobo, gave his Budget Vote Speech for the 2015/2016 financial year on the 05 May 2015. This included a section dedicated to cybersecurity and cybercrime. While for speech for the most part is taken from an earlier speech (see previous post below), the following is noteworthy:
Working with universities and other research institutes like the CSIR to build the cybersecurity pipeline through competitive scholarship, fellowship, and internship programs must be our preoccupation to attract top talent and develop systems that have command and control in our hands, national sovereignty.
This financial year, 2015/16 we plan to move with speed to:
a) Enhance the institutional cybersecurity capacity
b) Finalize the national cybersecurity policy and legislation
c) Working with the security cluster to present the Cyber Security Bill before Cabinet this year
d) Build on our first symposium work held this year to promote partnership and public cybersecurity awareness campaign designed to increase public understanding of cyber threats and promote simple steps the public can take to increase their safety and security online.
e) Strengthen our cooperation in this space with our SADC, AU and BRICS partners through existing mechanism.
f) Prioritize the establishment of the Cybersecurity Centre and the repositioning of the current Electronic Communications Security Computer Security Incident Response Team (ECS-CSIRT) to become a Government CSIRT
___[12 March 2015] The Minister of State Security provided some insights into what is happening in South Africa regarding Cybersecurity in the course of a speech made at a Cybersecurity Symposium held in Johannesburg on 1 March 2015.
The express purpose of the speech was to lay the ground for the upcoming public consultation on the Cybercrimes and Related Matters Bill, currently the subject of a closed consultation but expected to be published in the Government Gazette in the next month.
There is a clear statement that cybersecurity is the domain of the security cluster.
“The Government’s approach in dealing with this matter is premised on the policy principle that National security, which includes the security of the Information and Communications Technologies in the country, is a responsibility of the structures responsible for security in the Republic.”).
This is in the context of statements from Department of Telecommunications and Postal Services and the Department of Communications that they also wish to play a role in these matters.
Information regarding the National Cybersecurity Policy Framework 2012 (NCPF) is hard to come by, so the following is of interest:
In March 2012, Cabinet approved a National Cybersecurity Policy Framework (NCPF) which seeks to, amongst others, deal with the following:
a. Centralize coordination of Cybersecurity activities within SA so as to have a coordinated approach to cybercrime, national security imperatives and enhance the information society and knowledge based economy;
b. Strengthen intelligence collection, investigation, prosecution and judicial processes, in respect of preventing and addressing cybercrime, cyber terrorism and cyber warfare;
c. Anticipate and confront emerging cyber threats, in particular threats to National Critical Information Infrastructure and coordinate responses thereto;
d. Foster cooperation and coordination between Government, the private sector and civil society including ensuring that South Africa becomes a critical contributor to international cooperation on Cybersecurity matters.
e. Develop skills, Research and Development capacity, promote Cybersecurity culture and promote compliance with appropriate technical and operational Cybersecurity standards.
The Cybersecurity Response Committee (CRC) – a strategic body chaired by the SSA – is responsible for priority setting and overseeing the implementation of the NCPF.