is south africa geared up for new cyberspace … · 1/26/2015 · strategy objective objective of...

© Copyright – Institute for Security Studies – 26 January 2015

IS SOUTH AFRICA GEARED UP FOR NEW CYBERSPACE CHALLENGES? Transnational Threats and International Crime Division

26 January 2015

3 © Copyright – Institute for Security Studies – 26 January 2015


Brig Piet Pieterse Section Head: Electronic Crime Unit (ECU) Commercial Crime Directorate for Priority Crime Investigation South African Police Service [email protected]

4 © Copyright – Institute for Security Studies – 26 January 2015


A SOUTH AFRICAN PERSPECTIVE

“…Directorate for Priority Crimes Investigation (DPCI) is one of the key investigative organs in the SAPS that require the necessary capacity and expertise in order to give full effect to its mandate…This Directorate represents a specialised investigative capacity within the SAPS whose focus is on crimes that are a national priority such as serious economic crime, with a KEY CONSIDERATION being the COMBATING OF CYBER CRIME…”

© Copyright – Institute for Security Studies – 26 January 2015 5

§ Develop and implement strategies decided by Cabinet § Justice, Crime Prevention and Security (JCPS) Cluster has developed, as part of its mandate and obligations under Outcome Three/Output Seven, a National Cyber-security Policy Framework (NCPF)

§ NCPF seeks measures - to address national security threats in terms of cyberspace - to promote the combating of cyber crime - to build confidence and trust in the secure use of Information and Communication Technology (ICT) - develop, review and update substantive and procedural laws to ensure alignment

§ NCPF is intended to provide a holistic approach and will be supported by a National Cyber-security Implementation Plan


§ JCPS, working in consultation with other Government Departments, will oversee the realization of the implementation plan, with the aim of ensuring a centralized approach in coordinating cyber security § JCPS Cyber-security Response Committee, chaired by State Security Agency (SSA), has been established to ensure the implementation of Output Seven, further be supported by a Cyber Security Centre (CSC)

§ CSC coordinates all cyber security matters pertaining to national security, inclusive of cyber crime

§ Within proposed conceptual framework of the CSC the creation of a SA Police Service Cyber Centre is envisaged

§ In terms of NCPF an approved Cyber Crime Strategy needs to be presented by the SA Police Service, as the lead Department


§ “Traditional investigative methodology” approach in addressing cyber crime threat, does not effectively address the business systems in relation to cyber crime § Upsurge in cyber crime within the financial environment poses a threat to South Africa’s democracy/economy

§ Imperative that strategies be developed in order to successfully eradicate cyber crime within South Africa § Greater use of encryption and access protection poses a growing challenge of extracting evidence from computers

§ Reluctance of victims to report offences-many victims are unaware that their computers had been compromised

§ Strategies/measures against cyber crime would have to follow a criminal justice rationale, linked to broader crime prevention and criminal justice policies, aimed at contributing to the rule of law/the promotion of human rights


What is the extent and impact of the cyber crime phenomenon manifestation within South Africa, with specific reference to the impact on financial (banking) related cyber crime fraud? What is the extent to which the South African Police Service (SAPS) in general, and more specifically the Directorate for Priority Crime Investigation (DPCI), can effectively address the identified cyber crime phenomenon? How can the cyber crime priority threat- and risk assessment process be identified and defined, in order to establish the criminal business enterprise? What strategies, action plans and operational initiatives should be developed, together with identified stakeholders, to effectively address the identified criminal business enterprise, from a combating/preventative/investigative/prosecutorial perspective?


South African experience

Commercial crime increasingly show unique transnational organised crime characteristics Cyber crime/electronic related crime equally present similar international trends Cyber crime clearly reflect elements of transnational organised crime and has evolved in a sophisticated crime phenomenon, with specific reference to cyber related fraud scams


Lessons learned

Strategic outcome in successfully eradicating cyber crime could certainly be entrenched in the knowledge that destroying computer generated information turns out to be surprisingly difficult Fossilization of deleted information means that a forensic footprint could well exist There is a positive aspect to the increasing use of technology by criminals in that the involvement of computers in crime has resulted in an abundance of digital evidence that can be used to apprehend and prosecute offenders Cyber crime is generally transnational in nature Difficult/time-consuming to secure evidence Despite expensive security measures, criminals will counter it successfully


Lessons learned

Corruption of corporate and state employees Sophisticated techniques employed by criminals Difficult, time-consuming to understand crime threat (Faceless problem) The approach of “follow the money” not always guarantee success and it is time consuming Cyber crooks often use known criminals to receive the proceeds of crime Difficult to identify and successfully prosecute cyber criminals International cooperation MLA/Communication with International role player on informal basis Hand-in-glove approach with prosecution most effective method Attempts at investigation involving computers often fail because of mistakes made at a very early stage essential digital evidence is ignored/destroyed/compromised/inappropriately handled


Council of Europe’s Cyber Crime Convention enhances: § Mutual Legal Assistance (MLA)

§  comprehensive powers to expedite preservation of stored computer data and partial disclosure of traffic data

§ make production orders

§  search computer systems

§  seize stored computer data

§  enable real-time collection of traffic data

§  intercept the content of questionable electronic data


Operational best practices

Project driven/major investigations Stakeholder partnership Investigative strategy Prosecutorial strategy Focus on Asset Forfeiture/Revenue Value chain analyses Strategic Intervention Strategy Focus on IMPACT with regard to crime threat/phenomenon


Council of Europe’s Convention on Cyber Crime proved a sound basis for essential cross border law enforcement cooperation required to combat cyber crime Serve as a purpose built mechanism on which countries can fashion own domestic legislation and enhance international cooperation in relation to cyber crime SA signed Convention on Cyber Crime- not ratified SA has laws dealing with cyber crime, not in one framework, Electronic Communications & Transactions (ECT) Act fail to recognize seriousness of cyber offences


Establishment of US/SA Cyber Working Group: §  Identified areas of mutual interest

§ Strengthening opportunities for cooperation

§ Focus on technical assistance/capacity building/training/

sharing of best practices

§ Foreseen future meetings will include private sector/civil society stakeholders


Procedural Law: Criminal investigations/prosecutions in South Africa undertaken in terms of Criminal Procedure Act (CPA), 1977 CPA probably needs to be amended to fully accommodate implications of Information Technology South African criminal law offers a variety of common-law and statutory offenses, which could be applied to prosecute offenders of cyber crime Most significant legislation in South Africa is undoubtedly ELECTRONIC COMMUNICATIONS AND TRANSACTIONS (ECT) ACT, 2002 Need to ensure legislative framework is addressed in accordance with International legislation


Electronic Communications and Transactions (ECT) Act (25/2002) objectives:

To provide for facilitation/regulation of electronic communications/transactions

To provide for development of a national e-strategy

To promote universal access to electronic communications/transactions

To prevent abuse of information systems

To encourage use of e-government services


§  To contribute to the eradication of the cyber crime phenomenon by detecting and successfully prosecuting cyber perpetrators

§  To provide a national investigative response to the most serious incidents of cyber crime

§  To collaborate with appropriate stakeholders in order to improve and develop specialist capabilities, thereby providing a safer and more secure cyber environment that enhance trust and increase public confidence


Digital evidence will in future form part of most crime scenes, yet there is still widespread ignorance amongst law enforcement officials in the gathering of digital evidence (standard operating procedures-SOP’s) There is a need for cyber crime investigators to address cyber related investigations and be exposed to testimony in the criminal courts Urgent need for more trained experts to analyse and to testify about digital evidence Digital evidence often highly volatile and easily compromised by poor handling. The chances of success in litigation or successful criminal prosecution by law enforcement agencies depend heavily on the availability of prima facie evidence


Law enforcement is increasingly turning to proactive investigations where undercover agents seek out the individuals who are already engaging in computer crimes — attempting to record, in real-time, computer criminals while they are involved in the criminal act. The proactive approach bypasses some of the investigatory hurdles of anonymity, lack of records, and under-reporting inherent in computer cases. It also has the added benefit of potentially stopping the criminal before the damage is done. In order to do pro-active investigations you need a task team who is 24/7 available to be operational From a training perspective it is time for a UNIFORM SOUTH AFRICAN VERSION OF A DIGITAL PRACTICE FIELD GUIDE (Standard Operating Procedure) that would enable all Law Enforcement officials to: §  search, §  seize, §  secure (acquisition) and protect the evidential

integrity of digital evidence (data storage devices)


Way forward

Vulnerabilities in relation to SA criminal justice system/rule of law/unique SA cyber security landscape identified as contributing inhibiting factors in successfully addressing cyber crime threat Successful criminal prosecution by law enforcement agencies/prosecuting authorities depend essentially on the availability of prima facie admissible evidence Develop a strategy to successfully eradicate cyber crime will contribute to Government’s Delivery Agreement in that “ALL PEOPLE IN SOUTH AFRICA ARE AND FEEL SAFE” Imperative strategy meet international benchmarked standards and be inclusive of a multi stakeholder approach in its design, implementation and management


Cyber Crime Strategy Scope

Ensure that cyber crime threat, from a law enforcement perspective, is adequately addressed, be inclusive, in addition to offences against and by means of computers, all offences where the supplementary role of computers by definition does not constitute cyber crime Reference to cyber crime would therefore be better described as information and communication technology related crime Drawing a distinction between “true computer crime” and “computer connected crime”, as separate categories of crime, would assist law enforcement in addressing specific identified threats Evident that technology/crime/methodology are so interlinked, that it makes sense to adopt a wide, generic approach to investigating information and communication technology related crimes, collectively referred as cyber crime


Cyber Crime Strategy Objective

Objective of the Strategy is to ensure that rule of law applies and legitimate rights are protected within the Information Communication Technology and online environment The desired strategic outcomes of the Strategy should include:

To provide a comprehensive and coordinated national investigative response to incidents of cyber crime/ targeting identified cyber crime threats

To contribute by collaborating with appropriate stakeholders to improve and develop specialist capabilities towards the provision of a safer and more secure cyber environment, that enhances trust and increase public confidence

To maintain and further develop the legal framework and enforcement capabilities, resulting in the effective addressing and prosecution of cyber criminals


Cybercrime policy

The National Cybercrime Policy aims to provide for measures to be implemented by Law Enforcement in order to effectively address the manifestation of cybercrime, which proposes: The establishment of a dedicated structure within the police Specialised investigative responses to incidents of cybercrime The development of specialised combating, preventing and investigating capacities to address cybercrime The establishment of effective partnerships with various role players to address cybercrime


THANK YOU

The Integritas System

to enforce Integrity in

Academic Environm

ents

Prof Basie von Solms

Mr Jaco du Toit

Prof Basie Von Solms Director : Center for Cyber Security Academy for Computer Science and Software Engineering University of Johannesburg [email protected]

Highlighting 3 crucial Cyber Security issues in SA

StarIng point

‘South Africa has the third-‐highest prevalence of cybercrime in the world a;er Russia and China, with between 80% and 84% of residents having fallen vicCm to some form of cybercrime.’ h=p://www.wbsjournal.co.za/arFcles/combaFng-‐cybercrime-‐919.html

What must SA do to get off this list?

•  There are many aspects which must receive a9enIon

•  We will consider 3 of these

•  Cyber securing SA's small companies

•  CreaIng Cyber Security experIse and capacity

•  Overseeing Cyber Security Governance in Government and in private companies.

Strategic and naIonal importance of


InternaIonally, cyber a9acks against small companies are increasing

‘Cybercriminals have picked their easiest prey: Small businesses. … showed that small businesses conCnue to be the most vicCmized of all companies.’ hJp://money.cnn.com/2013/04/22/smallbusiness/small-‐business-‐cybercrime/



SA Government report in 2013 •  small companies contribute on average 55% to SA’s overall GDP and 61% to

employment.

•  66% of such small companies have online websites and •  70% of these small companies acknowledge that business without a website

would not be possible

•  small businesses are reported to be the largest growth area for cyber a=acks

•  31% of all a=acks targeted small businesses, as SMMEs are less prepared to handle cyberrisks.

Department of CommunicaFons of the SA Government, ‘E-‐commerce, Cybercrime and Cybersecurity – Status, Gaps and the Road Ahead’



Priority 1

SA must urgently cyber secure its small companies


•  CreaFng Cyber Security experFse and capacity

•  ‘Parliamentary Select Commi=ee in the United Kingdom’s House of Lords reported a global shortage of ” no less than two million cybersecurity professionals” by the year 2017’

h=p://www.networkworld.com/arFcle/2857305/cisco-‐subnet/cybersecurity-‐skills-‐shortage-‐panic-‐in-‐2015.html

•  ‘the demand for cyber security experts is growing at 3.5 Fmes the pace of the overall IT job market, (and) at 12 Fmes the overall job market’

h=p://mobile.blogs.wsj.com/cio/2013/03/04/demand-‐for-‐cyber-‐security-‐jobs-‐is-‐soaring



•  India : 50,000 cyber warriors

•  ‘Cyber security skills in SA are definitely in short supply’ h=ps://www.wolfpackrisk.com/research/south-‐african-‐cyber-‐threat-‐barometer/

•  MulF-‐disciplinary



Priority 2

SA must urgently create more cyber experFse


•  Oversee Cyber Security Governance in Government and in private companies

•  ‘… ensuring the adequacy of a company’s cybersecurity measures needs to be a criFcal part of a board of director’s risk oversight responsibiliFes.’

h=p://www.sec.gov/News/Speech/Detail/Speech/1370542057946#.VLVf600cTIU, 2014

•  ‘The board should ensure that an InformaFon Security Management System is developed and implemented.’

King 3 Report on Corporate Governance •  Parliamentary Oversight Commi=ee for Cyber Security


•  Oversee Cyber Security Governance in Government and in private companies

Priority 3

SA must urgently ensure that Cyber Security gets conFnuous oversight a=enFon at the highest level – in Government (Cabinet) and In private industry (Board)

Priority 1 SA must urgently cyber secure its small companies

Priority 2 SA must urgently create more cyber experFse

Priority 3 SA must urgently ensure that Cyber Security gets conFnuous oversight a=enFon at the highest level – in Government (Cabinet) and In private industry (Board)

Summary

Thanks [email protected]


IS SOUTH AFRICA GEARED UP FOR NEW CYBERSPACE CHALLENGES? Transnational Threats and International Crime Division

26 January 2015

is south africa geared up for new cyberspace … · 1/26/2015 · strategy objective objective of...

Documents