[10 November 2022] The Democratic Alliance has introduced a private member’s bill to amend the Constitution through the insertion of new provisions to create the office of a Cyber Commissioner. This would be a Chapter 9 institution at the same level as the Public Protector, appointed for a five-year period and given wide powers over cybersecurity, including interception and monitoring of data.
[pdf-embedder url=”https://www.ellipsis.co.za/wp-content/uploads/2021/07/Draft-CAB-18th-Cyber-Commissioner.pdf” title=”Draft CAB 18th Cyber Commissioner”]
__
[4 July 2021] The Cybersecurity Hub situated within the Department of Communications and Digital Technologies has developed a Cybersecurity Awareness Portal with some useful information and resources.
__
[30 March 2019] ICASA has published its findings and positions in respect of any potential roles and responsibilities it may have with regard to cybersecurity through its nexus with electronic communications services and electronic communications network services licensees.
Findings and Position Paper on the Role and Responsibilities of ICASA in Cybersecurity
The findings can be summarised as follows:
- There were conflicting views on the role of the Authority in cybersecurity. It has chosen to adopt a limited role with a focus on consumer protection.
- ICASA’s view is that its mandate under the ECA is limited to network reliability and information security (noting that the latter is not defined or otherwise dealt with in the ECA).
- ICASA will work in collaboration with other organisations who deal with cybersecurity to not duplicate their efforts and ensure that there is a clear demarcation of roles. ICASA will participate in research and development within the ICT sector and partner with relevant institutions and government departments such as the Departments of Communications and Justice, academic and research institutions. It will also advise the Minister on policy matters and amendments to ECA and its underlying statutes.
- With regards to setting standards, ICASA will facilitate collaboration with the Departments of Communications and Justice as well as industry to identify the most suitable standards for South Africa. These standards will be guided and informed by international standards as identified by the ITU and may include consumer protection issues such as giving consumer choice on whether location services should automatically be switched on, upon purchase of cell phone, etc.).
This effectively ends the ICASA process.
___
[2 January 2019] The below written submissions were sent to ICASA in response to its inquiry about whether it should get involved with cybersecurity issues:
CellC
FNB-Connect
ISPA
MMA
MTN
NAB
Research
SACF
Sentech
Telkom
Vodacom
___
[21 December 2018] ICASA will be holding oral hearings on the “The roles and responsibilities of ICASA in Cybersecurity” in response to submissions made in respect of the discussion document. The hearings will be held on 17 and 18 January 2019 at ICASA’s head office in Centurion, the schedule for which can be found at the link below:
___
[4 October 2018] ICASA has published a discussion document soliciting the views of stakeholders as to whether it should play a role in cybersecurity, with specific reference to:
- Private sector cooperation and industry regulation
- Capacity building
- Research and development, and
- Regulation of cybersecurity standards
Inquiry into the Role and Responsibilities of ICASA in Cybersecurity
The deadline for comments is 16h00 on 30 November 2018. These should be submitted to Ms Violet Letsiri, Senior Manager: Social Policy for ICT Services, per email vletsiri@icasa,org.za.
___
[31 May 2018] The Cybersecurity Hub of the Department of Telecommunications and Postal Services has released a Cyber Readiness report as the starting point of fulfilling a broader mandate set by the National Cybersecurity Policy Framework. The report provides a baseline assessment of South Africa’s cybersecurity readiness and works towards enabling the Hub to coordinate information and provide support in the event of cybersecurity-related incidents.