The Bill makes specific provision for “information and communication technology infrastructure”, defined broadly to mean any data, computer data storage medium, computer device, database, computer network, electronic communications network, electronic communications infrastructure or any part thereof or any facility or equipment associated therewith”.
In terms of the Bill the Minister will have the power to declare any infrastructure as “critical infrastructure” on receipt of an application by the National Commissioner of Police or the person in control of the infrastructure. The Minister can also declare that infrastructure is part of a “critical infrastructure complex”.
Factors to be considered when deciding on a declaration as “critical infrastructure” include:
- whether the loss, damage, disruption or immobilisation of the infrastructure may prejudice significant economic operations; or the public interest with regard to safety and the maintenance of law and order; or the provision of goods or services essential for the daily operations, economic activity, livelihood or well-being of the public; or national security.
- Any prescribed guidelines for identification of “critical infrastructure”.
- Recommendations of a Critical Infrastructure Council to be formed.
With regard to “information and communications infrastructure” as contemplated in the Cybercrimes and Cybersecurity Bill 2017, this Bill provides that the Minister must consult with the Minister of State Security before infrastructure, which “partly consists of, incorporates or houses any information and communications infrastructure” is declared to be “critical infrastructure’.
The Minister of State Security will be required to decide whether the infrastructure in question should be dealt with under the Cybercrimes and Cybersecurity Act. If he or she decides it should not, then the question of whether to declare as “critical infrastructure” would be decided under the Critical Infrastructure Protection Act.