Although in theory, security measures are in place in government and private institutions, in practice, some of SA's most critical data could be open to compromise, says information security specialist and academic Prof Basie von Solms, from the University of Johannesburg.
Professor von Solms, Director of the Centre of Cyber Security and key-note speaker at the forthcoming ITWeb Security Summit warns that there are no guarantees of the total security of the nation's personal data.
Professor Von Solms, who will make a keynote address at the ITWeb Security Summit, in Sandton, taking place from 15 - 17 May, is Director of the Centre for Cyber Security (a joint venture between the UN's ITU and the University of Johannesburg). Professor Von Solms warns there are no guarantees of the total security of the nation's personal data.
He adds that in theory, databases containing important national information can be declared critical databases, and government cyber security inspectors can access these databases at any time to ensure that it is adequately protected.
In practice, he says, he knows of no database that has been declared a critical database, and very few, if any, cyber security inspectors exist at this point of time. Therefore, the nation's personal information, health information, biometric data, social welfare information and financial information may reside in databases that may not be fully secure. This risk arises mainly from the use of the Internet by such systems, and the absolute sophistication of modern malware and cyber crime.
In a worst-case scenario, he says, such information could be hacked, made public, or even simply deleted, resulting in chaos and serious social and political repercussions.
Prof Von Solms says there is no public evidence that the critical personal data in the hands of the government and the private industry is effectively secured, and there is no body with an oversight role to ensure such security. He is currently agitating for the establishment of a Parliamentary Standing Oversight Committee for Cyber Security, which can perform such an oversight role.
“The new Cyber Security policy was approved by Parliament in March of this year, but it is not yet available for public scrutiny – we waited for two years for this final policy to be approved, and now we have already waited two months to see it,” he says. “I just trust that this new policy will provide a proper holistic and integrated platform to properly secure SA's cyber space and will include some form of Parliamentary oversight.”
Prof Von Solms will speak at the upcoming ITWeb Security Summit, in Sandton, later this month. The event will focus on reinventing information security where trusted technologies have failed. Among the issues to be focused on during the two-day event will be the cyber war threat, IT security and politics, the growing IP theft problem and the rise of hacktivism. Among the international speakers who will present talks at the summit are renowned white hat hacker, Moxie Marlinspike, and US Naval Intelligence cyber defence expert, Kenneth Geers.
The ITWeb Security Summit is tailored to address the current IT security concerns of SA's CISOs and strategic decision-makers. The 2012 summit features two days of informative sessions presented by leading international and local security experts, and a full day of interactive workshops. For more information and to book your seat, go to www.securitysummit.co.za.