To respond to South African Government's Electronic Communications Needs

Countries globally recognise the strategic role that information plays, as well as the necessity to protect a country's information. Daily there are new threats and vulnerabilities that affect systems and firewalls (electronic protection) within organisations, and these threats can compromise national security through information leakage, as well as the collapse of the business environment.

While 'hacking', 'viruses' and 'cyber crime' have become fairly common terms when discussing Information and Communication Technology (ICT) security, the threats reach much further. Foreign governments, industrial espionage and disgruntled employees need to be considered as does the individual responsibility of each State employee. A system can be of the best international standard but without responsible human behaviour, the 'keys to the ICT door' may be given away. Electronic communication encompasses technology, people and trust.

An integrated response is required; one that encompasses all levels of State security requirements. National Government infrastructure needs to be audited with ongoing upgrades and security assessments. Best practices need to be developed, including minimum standards for those Government departments that may only require low level security infrastructure. The process will necessitate change management and control, essentially ensuring that the change to a new electronic security environment is understood and upheld by all concerned.

Continuous management and monitoring of the electronic communications systems, by trained and expert security staff, is essential to ensure an uninterrupted, secure environment. This constitutes real-time security intelligence and allows for an immediate response to emergencies. To consolidate the secure environment, procurement of best fit or customised products, geared for South African and State requirements, is necessary. The Comsec mandate is a proactive response to these requirements.

Why an Integrated approach to Electronic Communications and ICT Security is necessary?

Currently there is no overall strategic approach to electronic communications security in Government. At best, the approach has been fragmented and best practices are not shared. Planning, procurement (the buying of hardware, software and further resources), as well as deployment (the roll out of a system), is done in isolation at departmental level.

Information and Communication Technology (ICT) and electronic communications are the backbone upon which business is run, so ensuring that these systems remain functional and secure is paramount. However, management and monitoring of the various ICT systems has been limited and dependent on the availability and access to security expertise. While international and local security solution providers remain an advantage with regards to access to information and technology, without verification or accreditation this constitutes a significant security risk. Any externally-developed product or system may have a 'backdoor' (or loophole) thus allowing for unauthorised access.

Over and above the issue of security, it is essential that any ICT product or service is a best fit for the Government environment. Both foreign and locally-developed ICT systems may not suit the needs of the Government, necessitating further customisation. Comsec's Research and Development division will focus on this type of advancement.

While certain departments may have the latest security hardware and software, the emphasis may not have been on monitoring and timeous response. The set up and deployment of a secure electronic communication environment is the first step. From thereon, consistent monitoring and reaction is essential if electronic communication is to remain secure. Comsec provides Managed Security Service (MSS), focused on cross-Government electronic communication monitoring, management, reaction and feedback.

The result of disparate communication systems within Government has meant a lack of alignment in terms of approach, technology, etc. With alignment will come a set of best practices and a minimum set of standards. This ensures that electronic communications are secure and protected. Added to this, a cohesive approach also offers economies of scale. The current electronic communication set-up allows for duplication, extra costs and less negotiating power as the focus has been upon single divisions.