Professor Von Solms, who will present a key-note address at the ITWeb Security Summit in Sandton later this month, warns that there are no guarantees of the total security of the nation's personal data. He adds that in theory, databases containing important national information can be declared critical databases, and government cyber security inspectors can access these databases at any time to ensure that it is adequately protected. In practice, he knows of no database that has been declared a critical database, and very few, if any, cyber security inspectors exist at this point of time.
Therefore, the nation's personal information, health information, biometric data, social welfare information and financial information may reside in databases that may not be fully secure. This risk arises mainly from the use of the Internet by such systems and the absolute sophistication of modern malware and cyber crime. In a worst-case scenario, he says, such information could be hacked, made public, or even simply deleted, resulting in chaos and serious social and political repercussions.
Professor Von Solms says there is no public evidence that the critical personal data in the hands of the government and the private industry, is effectively secured, and there is no body with an oversight role to ensure such security. He is currently agitating for the establishment of a Parliamentary Standing Oversight Committee for Cyber Security which can perform such an oversight role.
"The new Cyber Security policy was approved by parliament in March of this year, but it is not yet available for public scrutiny - we waited for two years for this final policy to be approved, and now we have already waited two months to see it," he says. "I just trust that this new policy will provide a proper holistic and integrated platform to properly secure our cyber space and will include some form of Parliamentary oversight."
Professor Von Solms will speak at the upcoming ITWeb IT Security Summit in Sandton later this month. The event will focus on reinventing information security where trusted technologies have failed. Among the issues to be focused on during the two-day event will be the cyber war threat, IT security and politics, the growing IP theft problem and the rise of hacktivism.
