The beginning of a beginning –Integrated ICT Policy for South Africa

On Thursday the 19th April 2012 I attended the National Integrated ICT Policy Colloquium in Midrand, Gauteng Province. South Africa’s Minister of Communications, Dina Pule, officially opened the colloquium where the Department of Communications (DoC) aims to offer industry a chance to review its policies. Policies on information and communications technology (ICT) should be aligned with government’s developmental goals and address the challenges facing the industry, says Communications Minister Dina Pule.

DoC Minister Dina Pule

Pule said the outcome of the ICT policy development process had to be aligned with government’s top priorities of fighting crime and corruption, rural development, improving health and education, and creating sustainable jobs.

“We needed to have this policy review to overhaul all the legislation in our sector such that they reflect the work that the government does and helps this country and industry to benefit from sustainable ICT development and services for the next 20 years,” Pule said.

“We expect to consolidate all policy on broadcasting services in the digital environment; broadband and internet access; spectrum licensing framework for the country’s development; new regulatory areas in all of these; funding and investment; e-skills development; local content development and ICT market growth,” she said. I participated in the commission working on e-Commerce and Digitising Government and I shared the table with an enthusiastic group of young IT Pros.

Policy Requirements

ICT Policy Colloquium should result in the formulation of the White Paper on Integrated National ICT Policy through consolidation of all policies on:

  • Broadcasting services in the digital environment
  • Broadband and internet access
  • Spectrum licensing framework for the country’s development
  • New regulatory areas in all of the above
  • Funding and investment
  • e-Skills development
  • Local content development and
  • ICT market growth.

ICT policy must respond to the government priority of job creation. It must also answer questions that include:

  1. How best can we influence investment in local electronics manufacturing for the future of our country?
  2. How will we ensure that rural connectivity becomes a reality in the roll-out of broadband internet?

There is a  need for technology transfer to help meet the demand for technologies and a need for  fair competition in the market that will lead to the lowering of the costs of communications. As a result, the two day Colloquium boasted six commissions chaired by ICT sector experts. These are:

  • Broadcasting
  • Telecommunications
  • Policy and Regulation
  • e-Commerce and Digitizing Government
  • Investments and Industry Development
  • Local Digital Content

Cybersecurity Agenda

As we start looking into the future, 18 years from now –  we also have the opportunity to look back 18 years. South Africa had a new president in Nelson Mandela with a brand new cabinet. Five years later the new dispensation was brought to the attention of our  ICT environment because of the “Y2K”. The work “From Y2K to Security Improvement: A Critical Transition” captures the essence of security improvement programs (SIP) that were enhanced by the Y2K exercises executed as countries National “Security” Agendas. This was followed by the 9/11 events which also enhanced the disaster recovery plan programs mostly driven by or around ICT.  The work  by Dr Andile Ngcaba on the Policy Framework for South Africa titled “ Digital Life in Buidling a Digital Lifethe Eco-System” takes us back to the pro’s and con’s towards the development of the ICT policy and it should be an important lesson as we begin this journey. Let’s all  look into the security lessons discussed here, with particular focus to the legislation like Data Protection Act, Protection of Personal Information Act (POPIA), Regulation of Interception of Communications Act (RICA), etc. How can they strengthen the new policy  and vice-versa?

The chairperson of our commission, Chose Choeu, challenged me and other InfoSec colleagues on the security considerations towards building an Integrated ICT Policy for 2030. This took me back to the to Policymakers page that help educate policymakers on matters relating to online privacy, safety, and security. Policymaker GuideThe guide, Building Global Trust Online Volume 2: Policymaker Guide to Privacy, Safety and Security, (pdf file) was compiled from extensive work and on-going research by Microsoft teams, as well as consultation with external subject-matter experts. It’s worthwhile to read to facilitate positive and informed contribution.

As a country we need to determine clearly what are key elements in terms of Cybersecurity Agenda. It is a very sensitive issue, which needs to be based on a level of trust between citizens, people in the public and the private sector, within the public sector and within the private sector.  A very common approach is to set Cybersecurity equal to Computer Security or Information Security. The classical security with the goal to secure the information of a government, company or end-user is definitely part of any cybersecurity agenda of any government. However, it cannot and shall not be the end. Cybersecurity is more than “just” IT security. To be successful, it is of outstanding importance to expand a classical Cybersecurity approach from a merely technical and internal policy view to a broader approach covering everything from the technology to critical infrastructure protection to cybercrime prevention and successful prosecution. Only an integrated strategy can lead to a successful cybersecurity agenda.


On a high level, the diagram above can be summarized as follows:

  • It has to cover the alignment between social, legal and economical themes. An initiative cannot be successful if it is not socially accepted or economically feasible for the companies having to implement the measures. This has to be embedded in the cultural environment. The challenge there, however, is that a lot of measures have to be designed and implemented globally (like law enforcement collaboration, aligned legislation allowing for efficient work) and therefore some compromises have to be made most probably.
  • It needs to address strategies and policies from supply chain security to government training to internal collaboration to innovation. Typically the training part has to be addressed and so is the supply chain security, even though it might have to be broadened. What should not be missed is the whole notion of innovation. Research and development in the area of cybersecurity with the goal to help the economy grow on the base of a sound and secure environment can be a smart way to help to cover the cost of such and initiative.
  • On such a base, the whole infrastructure can be addressed. Infrastructure being the government’s own infrastructure, the critical national infrastructure and an identity strategy. This is often the area, where a cybersecurity agenda starts and is driven as it is known best (but unfortunately still key concepts are neglected).
  • And this finally lays the foundation for any kind of solution and application.
  • Besides that the governments has to engage with different communities. There is an absolute necessity to collaborate internationally in a close partnership as well as with the private sector and the citizen/consumer of all ages. Not to exclude the security research community.

With such an approach, there is a high probability of successfully working towards the vision of having “citizens, business and government enjoying the full benefits of a safe, secure and resilient cyber space: working together, at home and overseas, to understand and address the risks, to reduce the benefits to criminals and terrorists, and to seize opportunities in cyber space to enhance the country’s overall security, resilience” and economic growth.

This Agenda need a high political will and pressure to make people work together and pull in the same direction. There’s a lot of work going on by the Justice, Crime Prevention and Security Cluster (JCPS) – Let the organised ICT professionals, business, labour and citizens add to this momentum.  

The Programme Director, Themba Phiri, who’s also the DDG: ICT Policy and Development kept on emphasising that we are just beginning and no one should feel left behind.  Any additional comments and/or questions on the process to date as well as your suggestions for the way forward are requested to be send to and web access to commissions/work-streams is here. This particular method of communication is said to be kept open until the end of May. 

One response to “The beginning of a beginning –Integrated ICT Policy for South Africa

  1. Pingback: Cybersecurity Agenda – How are we doing in South Africa? | Dr Khomotso Kganyago on Security·

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s