The establishment of a Cyber Commissioner to monitor cyber security in the public sector is one step closer.
The Democratic Alliance’s Constitution Amendment Bill for the establishment of a new Chapter Nine office, the Cyber Commissioner, was tabled in Parliament on 11 July.
Advocate Glynnis Breytenbach, the DA’s shadow minister for Justice and Constitutional Development, says the DA is optimistic the Bill will receive bipartisan support.
“The party aims to collaborate across the political spectrum to enhance South Africa’s cyber security protections, ensuring a safer digital environment for all,” she says.
Widely referred to as the Cyber Commissioner Bill, the legislation’s official name is the Constitution Twentieth Amendment Bill.
Breytenbach says when the Constitution was adopted, cyber security was not a significant threat.
“Over the past few decades, cyber-attacks on state institutions have emerged as a serious concern, endangering both the functioning of the state and the security of its citizens’ information.”
According to a report by cyber security company Kaspersky, spyware attacks in South Africa rose by 18.8% between the last quarter of 2022 and the first quarter of 2023.
Breytenbach says recent incidents have illustrated that state departments and critical infrastructure lack the necessary tools to protect against cyber threats and to defend sensitive public information from data breaches.
“The Postbank recently revealed substantial losses of over R18 million in a three-month period due to cybercrime attacks. Additionally, an attack in October 2021 resulted in a loss of at least R90m.”
Listing other examples, she says in August last year, the South African Reserve Bank experienced an attempted cyber-attack from a criminal syndicate, and in May this year, the Western Cape Provincial Parliament fell victim to a cyber-attack, rendering its ICT systems inaccessible.
Then there was a breach suffered by the Department of Justice and Correctional Services’ Guardians Fund, resulting in the theft of more than R17m and the suspension of beneficiary payments.
“With the increasing reliance on technology, it is crucial to develop new strategies to safeguard data and protect the rights of citizens utilising these technologies,” Breytenbach says.
If established, the new Chapter 9 institution will be tasked with supporting and strengthening constitutional democracy through advising, monitoring, and establishing cyber security capability in the public sector.
The office will also work with tertiary institutions and the public sector to establish minimum standards and build cyber security capacity.
According to Breytenbach, the Cyber Commissioner’s powers will include establishing and maintaining cyber security capabilities across all state organs and entities dealing with public information, operating a cyber security hub for reporting, monitoring, and investigating incidents and threats, advising the Defence Force on cyber defence capabilities, and guiding institutions responsible for critical infrastructure regarding cyber security.
“Moreover, the Commissioner will promote, monitor, and evaluate compliance with cyber security capabilities and standards. To fulfil these responsibilities effectively, the Cyber Commissioner must be a fit and proper individual with specialised knowledge or suitable qualifications in cyber security and cyber forensics,” she says.