The Independent Communications Authority of South Africa (Icasa) is working to determine its role and responsibilities in cybersecurity and cyberthreat regulatory matters and in the overall environment.

The authority started an inquiry with the publication of a discussion document early in October to consult with industry and obtain sector viewpoints amid the proliferation of Internet interconnections and increased data services, which is leading to a significant growth of cyberattack incidents.

Interested stakeholders have until November 30 to make their written submissions on the discussion document, after which the authority may hold public hearings and publish a findings document.

The actual role the authority can play will depend on a number of variables, including how cybersecurity and cyberthreats are perceived, which is found to be a key determinant of how the roles and responsibilities are assigned among government institutions.

Icasa intends adopting a flexible and adaptive approach, as threats to cybersecurity are constantly evolving; however, the authority believes it is well positioned in terms of mandate, resources and experience to deal with current and emerging cybersecurity challenges.

“The evolution of technology is not taking place in an unregulated environment; however, telecommunication regulators have been existing to regulate the technical, economic and social uses of Internet services,” says Icasa councillor Palesa Kadi.

“In this respect, the technology evolution in the telecommunications sector imposes a need for [change in terms of] the role of the regulators,” she adds.

The rapid adoption in developing countries of new information and communication technology (ICT) infrastructure and the Internet is creating opportunities for countries and their citizens to participate in the international flow of information, ideas and commerce.

“More than two-billion users send more than 88-quadrillion emails a year, and they register a new domain name with Internet Corporation for Assigning Names and Numbers every second of every day,” the discussion document outlines.

While the exponential growth of the Internet delivers many advantages, protection of the security of consumers, businesses and the Internet infrastructure has become evermore critical.

As cyberthreats grow, security policy, technology and procedures need to evolve even faster to stay ahead of the threats.

However, cybersecurity standards and practice often lag, while advanced threats evolve and innovate on a daily basis.

“Cybercrimes such as phishing, spam, computer-related fraud and other similar offences are rapidly increasing and evolving in step with the development and adoption of new ICT services. Cybersecurity is a growing global challenge.”

The discussion document examines the role of various ICT regulators in the governance of cybersecurity in their respective countries as a means to benchmark or compare the role of these regulators to Icasa’s role and to consult on whether it is necessary for Icasa to adopt similar responsibilities, taking into account its mandate.

Studies show that cybersecurity concerns cannot be resolved solely by market forces or by regulation, but require a novel mix of solutions, with each country combating the presence of cyberthreats differently.

Generally, cybersecurity is not regulated by a single government institution, but rather government institutions working together and assigning work among themselves.

The document reveals that regulators often deal with the technical aspect of cybersecurity and public awareness about risks.

The document recommends Icasa consider adopting the roles and responsibilities of private-sector cooperation and industry regulation; capacity building; research and development; and the regulation of cybersecurity standards.

The country has prepared for cybersecurity through various interventions of its different respective areas of expertise and Icasa aims not to duplicate any role resulting in possible resource waste.