Cybersecurity; e-Government, national e-Strategy and SMME strategy: DTPS briefing

Meeting report

The Chairperson welcomed the delegates from the Department of Telecommunication and Postal Services (DTPS). She emphasized the need to see transformation happening through DTPS because it was a tool towards the reduction of inequality. She said all the presentations were guides towards the 2030 National Development Strategy (NDS). When considering the benefits of Information and Communication Technology (ICT), the country needed to be conscious of the consequences, such as job losses. The DTPS must ensure that employees were multi-skilled to avoid a loss of jobs as a result of the introduction of ICT. The need for the growth of Small Medium and Micro-sized Enterprises (SMMEs) required a good strategy against cyber attacks. Although the conditions attached were not yet known, she had learnt that R1.3 bn had been provided by the Chinese government towards the funding of SMMEs in Africa, and added that the PC on Telecommunications and Postal Services would play an oversight for the beneficiaries of such fund.

The Chairperson allotted 15 minutes to each of the presentations.

Department of Telecommunications and Postal Services (DTPS)

 

Mr Robert Nkuna, Director General: DTPS, said the presentation was the third on the issues that emanated from the presentation of the White Paper, which the Department was working on implementing without delay. It was a defining moment, where the sector would pay a role in the recovery of South Africa’s economy. The three women who would be presenting were leaders who were playing big roles in driving the implementation of the strategies in the Department. Critical issues on the cutting edge of the future were being led by women.

Mr Ali Mashishi, Acting Deputy Director General (ADDG): DTPS, said one of the implementations that had to happen was to deal with the aggregating factors, starting with the game changers. The implementation of the strategy for ICT industrial growth, the internet economy, cyber security and SMMEs was important and relevant to the present economic growth. The internet economy would become one of the key contributors to the gross domestic product (GDP) of South Africa in the very near future. The contribution would be between five and ten percent.

When moving a society into a digital mode, there was a need for future-focused policies, laws and strategies, a highly corporate ICT sector and a technologically savvy society. The provinces had been engaged and the DTPS was aware of the digital divide, because technology could be appreciated only when it solved the challenges facing the provinces. In the national e-strategy there was a sectored focus, and in the e-Government there was a focus on the clustering of government services for efficiency.

Presentation on e-Strategy

Ms Angie Mokgabudi, Chief Director: DTPS, said the approach adopted by DTPS for e-strategy was to establish inter-branch committees, inter-departmental committees and consultative workshops. The development of e-strategy was multi-sectored and includes the private sector. To ensure that the DTPS avoided fragmentation, each of the strategies fitted into the overall ICT strategy. The DTPS was set to develop an e-strategy in a cohesive manner to promote literacy and develop ICT opportunities in the sector. The need for the strategy was informed by government transformation and the need for digital inclusion for the underserved population.

She said the national e-strategy was building on existing ICT interventions by government and the strategies were people-orientated. The national e-strategy would be an overarching framework, with a common agenda that directed and guided all ICT interventions. The government of South Africa needed a detailed e-government strategy which integrated legacy systems. The DTPS was working with different sectors to infuse technology into their service delivery. It had developed a national cyber security framework. The national e-strategy framework was focused on the development of the Fourth Industrial Revolution Action Plan, the provision of an enabling environment, and the reassertion of government as a model user of ICT through the rollout of e-government to improve the quality of services delivered to the citizens.

Presentation on e-Government

 

Ms Jeanette Morwane, Chief Director: DTPS, said the role of e-governance had been previously driven by the Department of Public Service and Administration (DPSA), but had been transferred to the DTPS in 2014. The DTPS also had the role of providing oversight on the State Information Technology Agency (SITA). An interdepartmental committee, which included the DPSA, SITA, other key departments and provinces, was engaged in the process of developing the strategy. The key issues addressed by the strategy were problems of service delivery, defragmentation and the duplication of services, addressing the issue of digital divide and servicing the digitally demanding citizens through collaboration with other stakeholders. The strategy’s provision would include the digital transformation of the public service, absolute inclusion of people and digital access.

The evolution of e-Government was being driven by the DTPS, and its strategy had been aligned with SITA. The Inter-Ministerial Digital Transformation Committee would formulate plans for the required e-Government infrastructure and the delivery of e-Services to realize an inter-operable government. The DTPS and DPSA would champion the coordination of e-Government programmes in collaboration with the respective departments to raise public awareness of e-Services, to increase the take-up. The process of defining the strategy had involved several departments that were involved in the previous framework making their contributions.

The DTPS had also engaged with the provinces during the process and the concerns that were raised were the role of SITA, the channels of e-Government services, content and the language of delivering e-Government services, the role of the post offices, and the skills and literacy of the citizens of South Africa. The National e-Government Strategy had been published in the Government Gazette for public consultation and comments in April 2017. Provincial consultations had commenced on 8 May until 9 June 2017, and the National e-Government Strategy would be presented to the Cabinet for approval in 2017/18.

Presentation on Small Medium and Micro-sized Enterprises (SMME)

Ms Tsholofelo Mooketsi, Chief Director: DTPS, said the Department recognised SMMEs as the backbone of the economy. The National Development Plan (NDP) envisaged that the small business sector would create 90% of the expected 11 million jobs by 2030. The Small Enterprise Development Agency (SEDA) had reported in 2016 that 14% of the total employment in the country was through SMMEs. The Medium Term Expenditure Framework (MTEF) also highlighted the important need of developing markets for SMMEs and supporting the roll-out and sustainability of incubators.

She listed the current challenges facing the ICT SMMEs as the high levels of concentration in the ICT market, the high cost of communication, an inhibiting policy and regulatory environment, limited commercialisation of innovation, constraints in access to finance, skewed deployment of infrastructure, lack of market access, lack of appropriate skills and entrepreneurial capabilities, the lack of a central comprehensive database for ICT SMMEs, the lack of appropriate incentive schemes and the lack of coordination and an integration mechanism to drive and monitor ICT SMME-related programmes and interventions.

The ICT SMMEs were designed to develop key interventions to accelerate the development and growth of small enterprises in the ICT sector with the aim of facilitating increase in the levels of uptake and usage of ICTs by the general small business sector. The strategy provided an assessment of the ICT industry value chain, particularly in the telecommunications and Information Technology (IT) sectors. Findings revealed opportunities for SMMEs in broadband infrastructure deployment and the provision of broadband services and hardware, software, service and content for the IT sector. The study identified several opportunities in the broad band infrastructure, broad band services, hardware, software, content, data centres and services for which interventions were targeted by the Department. Some of the outcomes of public consultations listed by the DTPS were to create a centre of excellence for start-ups, create an ICT hub, and establish an ICT SMME development Incubator, allowing access to teaching, funding and skills development.

Presentation on Cyber Security

Dr Kiru Pillay, Chief Director: Cybersecurity Operations, DTPS, said the DTPS had been mandated by National Cybersecurity Policy Framework (NCPF) to establish a national Computer Security Incident Response Team (CSIRT) cyber security hub, in consultation with the Justice Crime Prevention and Security (JCPS) cluster departments, the private sector and civil society, as well as the sector CSIRTs.

CSIRT was a team of dedicated information security specialists who prepared for and responded to cyber security breaches or cyber security incidents. Over the years, CSIRTs had extended their capacities and increased their service offerings. CSIRTs had moved from being a reactive force to a complete security service provider. The first membership initiative was currently under way, with the Council of Scientific and Industrial Research (CSIR) being a strategic partner. The initiative was meant to give access to international CSIRTs (369 members), facilitate trusted interactions amongst security teams to exchange ideas and best practices, facilitate responses to transnational threats and validate processes, policies and technologies.

At the end of the 2015-2016 financial year, the finance sector had been well represented with respect to sector-based CSIRTs, with at least four active CSIRTs, and others being planned. The higher education sector also had an effective CSIRT responsible for universities, museums and research councils. The DTPS had created two sector CSIRTs -- the Consumer Goods Council and Internet Service Provider CSIRTs. There were many private sector-based CSIRTs. but the banking sector had a more mature CSIRT compared to the others.

The DTPS had established a CSIRT forum in response to the increasing number of sector-based CSIRTs. The forum consisted of representatives from the established and soon-to-be established CSIRTs. The intention of the forum was to coordinate activities amongst the various CSIRTs. The benefits of the association were information sharing among sector-CSIRTs, skills development and the promotion of uniform standards. There had been increased consultation between the Justice Crime Prevention and Security (JCPS) cluster and the other national CSIRTs, as mandated by the National Cybersecurity Policy Framework (NCPF). The Department was currently updating its awareness portal so that information on cyber security could be classified.

 

Discussion

 

Ms J Kilian (ANC) asked why the country was still ranked so low on cyber security in Africa and internationally. She could not understand why Mauritius, Nigeria, Ghana and Kenya should beat South Africa in the ranking. She sincerely welcomed the strategy on the development of SMMEs. It would give an opportunity for small businesses to grow.

Based on the shortcomings of past strategies, she was worried that the DTPS might have presented a guideline without giving a clear roadmap, as there were no targeted dates for the e-Governance and the e-Strategy activities. She asked if the DTPS had conducted an audit of the number of employees that had the ability to use ICT, as this was a critical component of e-Governance. The fourth industrial revolution would not wait, so the different departments must be ready for it. Also, since the post offices had not been connected, what strategies did the DTPS intend to use to connect the rural areas in the digital transformation?

She added that it had been a lovely presentation. Having developed the strategies in conjunction with SITA, there had been feedback from the provinces that SITA lacked capacity. She asked if DTPS had the right approach in giving SITA the right mandate, which was important since it was a major driver of the strategy.

Mr K Siwele (ANC) commented that in the presentation, the DTPS had said there had been complaints about SITA during consultations. He asked if people were expecting results outside of SITA’s mandate, because the DTPS had mentioned reviewing SITA’s mandate. What needed to be reviewed and when would the review take place? He asked about the timeframe for starting the five years’ implementation plan of the strategy, and how soon South Africa would be made aware of cybersecurity threats, and how timely would the response be. He also asked the DTPS to state the status of upgrading of the government network programme on e-Strategy.

Ms N Ndongeni (ANC) said that the presentation had highlighted that the DTPS and DPSA would champion the coordination of government programmes, in collaboration with the respective departments, to raise public awareness to increase the take up. She therefore asked the DTPS to indicate what was effective and working, as some Government projects had stalled a bit in terms of cross-sectoral coordination. She also asked what the DTPS had done to ensure that the various departments were aware of the benefits of digitalization and the efforts it had made to ensure that the various departments were capacitated. She also asked DTPS to state strategies it had used to ensure that citizens were aware of cybersecurity risks.

Mr C Mackenzie (DA) asked the delegates to explain what was meant by “vulnerability” and “availability” on slides 10 and 11. He also asked how ready the DTPS was to deal with a cyber attack.

Ms M Shinn (DA) said the presentation was impressive, but ambitious. She asked thee DTPS to state what the deadlines of the plan were, and who would drive the plan. What kind of verification would be done by the DTPS to the people on its database? She commented that the DTPS had talked about its alignment with the private sector, and as the private sector was way ahead of the government in building accessible systems and customer interfaces, she believed the DTPS should focus more on government departments becoming more user friendly. She also asked the DTPS to indicate who took the lead among the cyber security advisory council, the ICT forum chapter of cyber security and the DTPS, and if there were no overlaps among the three bodies. She also asked the DTPS to state the other financial contributors towards cyber security, because the current fund of R60m in three years may not be sufficient to fund its activities.

Mr N Koornhof (ANC) said unless there was a clear timeline, the strategy would not be useful, and asked what government had done with the 2001 strategy. The broken and fragmented departments were already hindrances to the success of government strategies. Where would the public computer response team be located -- would it be in the Council for Scientific and Industrial Research (CSIR), or some other area of government? He said the Fourth Industrial Revolution (FIR) had arrived, and asked when the DTPS would constitute an Inter-Ministerial Digital Transformation committee, because it needed to drive the strategy.

He said that oversight visits to post offices in rural areas showed that they were not ready to become digital hubs, given their current state, and asked how the DTPS intended to fix the post offices and how it would get the money to fix them. He asked for the cost of first membership to the DTPS. He advised the DTPS that if it had a product that had a commercial potential, it would find funding, so it should look at ideas for raising funds and how the Government could use the private sector for funding purposes. He asked which province was leading in the provision of e-Government services, and what could be learnt from the province that could be leveraged on a national scale.

The Chairperson asked the DTPS to state what it had successfully implemented since 1995, even though he knew that the current leadership of the Department had not been there since 1995, but the programme was part of a package inherited by the current leadership. She asked if there was any progress towards resolving the complaints of poor infrastructural challenges in the rural areas. Did the DTPS envisage challenges that could hinder the achievement of NDP 2030? Who would deal with the challenges if they existed? She asked if DTPS had any joint education programme to help people who had been born before the digital age to be integrated, so that duplication by different departments would be avoided, thereby reducing costs. What mechanisms did it use to identify big enterprises that used the SMMEs as a front, because it hindered the development of potential entrepreneurs? She asked if there was anything the government could do for South Africa to benefit from the funds of the China Development Bank.

Responses

 

DTPS

Mr Nkuna said all the activities in the strategies had time specifications. The time specifications were included in the document released for public consultation. The DTPS was working on the establishment of the FIR commission. Everything done in the DTPS was linked to the FIR, such that already some elements of FIR were already being implemented by the Department. The Department of Trade and Industry (DTI) and the Department of Science and Technology (DST) were also dealing with the Industrial Revolution. The call for a FIR commission was to ensure that all the initiatives across government would form a part of the process.

The cost of communication was uppermost in government’s agenda. The Independent Communications Authority of South Africa (ICASA) was currently dealing with the issue of transparency and working on increasing the days for the validity of data than had previously been stipulated by mobile network companies. The Competition Commission would also start its study in September. The introduction of an open access regime would add value to competitiveness in the sector.

The DTPS would provide a breakdown on the cost of improving the post offices. There was clarity between the DTPS and the DPSA. The DPSA was needed as one of the drivers of the strategies and there was no conflict in roles of the two departments.

Awareness of the society about cyber-attacks could not be done alone. The DTPS was aware that the private sector was ahead of the government, but their lead had been achieved through implementing good policies, and these should be adopted by the government offices. The private sector relied on the government to provide an enabling environment on privacy, tax, confidentiality etc. The DTPS was not in competition with the private sector, and was ready to learn the best practices and to implement them. Government must take leadership in ensuring that South Africa followed a specified path in the digital transformation. The Digital Transformation Committee would stand as a clearing house, giving clear coordination and indicating how the FIR would link to the digital transformation.

e-Government

Ms Morwane said the best case studies among the provinces were Gauteng and Western Cape, both of which had e-Government strategies and innovation as a driver for their successes. The Northern Cape and Limpopo were making efforts towards the provision of e-Governance. From a systemic point of view, the key success was the promulgation of ICT, while the main obstacle was funding constraints, which could be addressed by changes in the government’s approach. If there was coordination, it was possible to leverage on one another in terms of funding. In terms of implementation, the DTPS had aligned the strategy with the SITA e-Government programme, and had started work by prioritizing e-Services by different departments.

SMMEs

Ms Mooketsi said there was a plan to develop a detailed implementation plan in the annual performance plan (APP) for the fourth quarter of the current financial year. She indicated the timeline and who was responsible for what would be reflected in the implementation plan. The DTPS was also working on a centralised and comprehensive database of all SMMEs, and this would be done in two phases. The point raised on cloud computing had been noted, and would be taken into consideration.

Cyber security

Mr Kiru Pillay said different indices were used for rating, which contributed to the reason South Africa was ranked lowly. In order to be ranked effectively, there was need for information to be fed into the process, but there was no empirical information available for this. The Cyber Crime Bill would improve the reporting structure and would help to report better on the indices. There were other reports that pointed to the sophistication of South Africa’s framework. It should be noted that out of 54 countries in Africa, South Africa was one of the 15 that had a national CSIRT.

The DTPS had prepared ahead on hearing the information about the recent international hacking incident which exploited the vulnerability in operating systems, and had reacted by sending patches out to organisations, but some organisations had not installed the patch. However, there had been no large scale breaches in South Africa.

The creation of awareness was a major part of the DTPS mandate and it was currently developing an awareness portal. It was also looking into how to deal with cyber bullying. It was currently engaging the private sector to see the type of campaigns they were running that could be replicated. The awareness portals would be launched in October. The Department was trying to see how information could be translated into different official South African languages to improve awareness.

The categories of “vulnerability” and “availability” were issues of standards, and were derived from the international category framework. The readiness to survive an attack depended on the type of attack and where the attack happened. The DTPS was working hard to provide cyber security, but the important thing was to provide immediate action and a recovery plan for attacks.

The National ICT forum had been helpful in terms of who took the lead, and the DTPS would manage the overlap if it occurred.

There was no financial contribution, but public-private partnerships. First membership looked at the security of a network. The highest cost came from infrastructure specification, and the CSIR was currently working on the cost of the infrastructure needed.

Mr Mashishi said Department was looking at modalities to reduce cost and improve affordability, because ICT was becoming one of the basic services. Several alternatives were under consideration to promote the affordability of ICT. Lessons learnt using ICT as an enabler were that there was an opportunity to save up to R4 billion, providing the ability to look at the bulk of services that would bring about cost savings and service delivery. ICT enabled time saving, and that was the direction the Department would like to go. The e-Government rating had moved from having services, to issues of e-Participation. The DTPS was conscious of the windows of opportunity for NDP 2030, and it had to look at the Medium Term Strategic Framework (MTSF) approaches in order to align the findings.

Dr Setumo Mohapi, Chief Executive Officer (CEO): SITA, said the Agency had started preparing themselves last year. It had launched the first e-Service and was putting together a long and medium term project.

Mr Koornhof asked when the digital transformation committee would be set up, and who would champion it. He said it should be the Minister, and asked if the Minister was currently championing e-Government. When would the national e-Government portal go live?

Mr Nkuna said the Minister was championing the e-Government, as evidenced by the work that SITA had been doing, but the decision on the leadership would come from the Cabinet.

Mr Mashishi said e-Government would succeed when it was adopted from the top. However, there were proposals being made that were yet to get to the Director General’s table.

The Chairperson said that as much as the nation embraced technology, it must remember the inevitable adverse impact of job losses, and the DTPS had to continue training people to acquire ICT skills. She said monopolies and big business in general had no mercy and used their might to prevent small businesses from entering the market, so the DPSA must look out for the SMMEs. It should work on delivering according to its specified plan in terms of implementation according to the timeframe. The Committee had conveyed the information shared to their constituencies regarding the implementation and timeframe. She requested that the DTPS should give South Africa hope that tomorrow would be better than yesterday.

The meeting was adjourned.