The Independent Communications Authority of South Africa (Icasa) this week published a discussion document to determine its role in the regulation of cybersecurity.
Interested parties have until November 30 to make their written submissions on the matter, after which the authority will likely hold public hearings.
While the evolution of technology is not taking place in an unregulated environment, there is a need to define the role of the regulators in an era where the proliferation of Internet interconnections and increased data services have led to a significant growth of cyberattack incidents.
“With the many players in the information and communications technology (ICT) environment, the development of a coherent mechanism has been regarded as an urgent requirement in the cybersecurity space.
“Icasa intends to adopt a flexible and adaptive approach to its cybersecurity efforts as threats to cybersecurity are constantly evolving,” said Icasa Councillor Palesa Kadi.
With the role that Icasa plays in the ICT sector, it has found itself well positioned in terms of its mandate, resources and experience to deal with current and emerging cybersecurity challenges.
However, the discussion document explained that cybersecurity standards and practice often lag and, as cyberthreats grow, security policy, technology and procedures need to evolve even faster to stay ahead of the threats.
Advanced threats evolve and innovate on a daily basis, whereas the cybersecurity framework takes months, if not years, to gain consensus and to finally be implemented into law, the document outlined.
Studies show that cybersecurity concerns cannot be resolved solely by market forces or by regulation but require a novel mix of solutions, with the document examining the role of various ICT regulators in the governance of cybersecurity in their respective countries.
“The purpose of this process is to benchmark or compare the role of these regulators to Icasa’s role and to consult on whether it is necessary for Icasa to adopt similar responsibilities, taking into account its mandate and . . . the confines of South African law,” Kadi noted.
The benchmark has revealed that cyber concerns are present in all countries; however, each country combats the presence of cyberthreats differently and, generally, cybersecurity is not regulated by a single government institution but through a collaboration of government institutions that assign work among themselves.
The document recommends the adoption by the authority of private sector cooperation and industry regulation; capacity building; research and development; and the regulation of cybersecurity standards.
The authority will consult with all interested parties before making a final determination on issues raised, following which a findings document will be published.