State Information Technology Agency Update and Cybercrime Report

Meeting report

PUBLIC SERVICE AND ADMINISTRATION PORTFOLIO COMMITTEE
15 August 2007
STATE INFORMATION TECHNOLOGY AGENCY UPDATE AND CYBERCRIME REPORT

Acting Chairperson: Mr Richard Boloyi (ANC)

Documents handed out:
State Information Technology Agency (SITA) presentation by CEO
State Information Technology Agency (SITA) presentation on Cybercrime
Committee Report on Global Forum V on fighting corruption and safeguarding integrity
Committee Report on Global Organisation of Parliamentarians Against Corruption Conference
Committee Programme

Audio recording of meeting

SUMMARY
The State Information Technology Agency briefed the Committee on the recent departure of the CEO and executive personnel, the various Memoranda of Understanding between SITA and other Governments, organisations and private companies and reported on the Cybercrimes conference attended in February 2007. The complexity of the legalities around cybercrime was discussed.

Members were concerned by the loss of valuable skills and asked questions about SITA’s ability to protect Government’s systems and sensitive information against unauthorised or malicious access.

Two Members submitted their reports on the recent Global Forum V and Global Organisation of Parliamentarians Against Corruption (GOPAC) conferences. It was agreed that Members study the reports for discussion at the Committee’s next meeting.

MINUTES
State Information Technology Agency (SITA) briefing
Mr Peter Pedlar (Acting CEO, SITA) introduced the delegation from SITA and apologised that documents were not circulated to the Members in time. He briefed the Committee on recent changes within SITA, including the departure in May 2007 of the CEO, Mr Mavuso Msimang, to take up the post as Director-General of the Department of Home Affairs. Messrs Sol Ngubane and Jonas Bogoshi left in June 2007 to join the private sector. Mr Pedlar was appointed Acting CEO while a new CEO was recruited. He assured the Committee that operationally, SITA was performing very well and improved financial statements would be submitted at its annual general meeting on 17 August 2007. During his tenure, Mr Pedlar had concentrated on stabilizing the organisation and assuring SITA’s clients of its ability to continue with service delivery. The vacant posts at the executive level were advertised and a short-list of candidates compiled. Appointments would however only be made once the new CEO was appointed.

Mr Sol Ngubane (Consultant to SITA) briefed the Committee on the Memoranda of Understanding (MoU) between SITA and various entities. SITA was assisting the Pan African Parliament with the architecture and design of its economic empowerment information technology (IT) systems as well as assisting them to obtain funding for this. SITA was part of the NEPAD E-Commission and involved with the E-Schools project. Although not very active, it was involved with consulting and fundraising for the project to lay cables along the east and west coasts. The Japanese Government had pledged $60 million for this project. The MoU with Comnet IT (an organisation within the Commonwealth Network) included arranging conferences and offering training programs for public servants, particularly in the SADC. A training course was held in Maputo in 2006. The MoU with Telkom however did not achieve the goals intended as it transpired that Telkom understood that it would take over SITA’s mandated services, which was not the case. Subsequently, SITA’s tender for the provision of infrastructure services was awarded to Neotel. SITA hosted delegations from the Sudan, Ghana, Nigeria, Swaziland, Namibia and Angola that were interested in using the expertise gained by SITA to set up similar organisations in their own countries. A MoU was drawn up (but not yet signed) with Galaxy Backbone PLC of Nigeria for SITA to provide design and consulting services. Various MoUs were drawn up with private companies and industry partners in India and China in order to benchmark services and to make use of research and development and design solutions for telecommunications and networking services to Government.

Mr Tau Mashigo (Head of Department, Business Performance, SITA) briefed the committee on the Cybercrimes Conference held in Cape Town in February 2007. He said that IT was a key component in both public service and administration functions. He explained that the more advanced technology became, the greater the risk and the more opportunity existed for cybercrime. Mr Mashigo explained a network, an inter-network and the internet and played a graphic demonstration of how information was processed on the internet. He provided statistics of internet users in Africa (2.6% of the population) as compared to the rest of the world (17.9% of the population). Africa accounted for $5.2 billion of internet sales and was showing good growth and potential, albeit moving off a very low base.

Mr Baloyi asked if a breakdown per country in Africa was available. Mr Ngubane replied that South Africa accounted for 67% of internet use in Africa.

Mr Mashigo explained that cybercrime was crime committed in cyberspace by using computers and the internet. This included viruses, worms, spam, trojans, phishing, hacking, child pornography and unregulated gambling. A graphic demonstration on cybercrime was played and a breakdown of losses per type of cybercrime was given. In 2005, losses amounted to $130 million. A graphic demonstration of child luring was played to the Committee. An example of the global nature and legal complexities around cybercrime was illustrated by the case of an attack on a bank in the Philippines, traced to Argentina, Korea and eventually Canada. To combat cybercrime, international co-operation was essential. Countries need to enact laws, commit adequate personnel and skills, improve the ability to locate and identify criminals and improve the ability to collect and share information.

Mr Ngubane explained the complexity of the international legal issues around cybercrime, particularly where the access to personal records can be regarded as an infringement of legal rights, such as the right to privacy.

Discussion
Mr Boloyi thanked SITA for its presentation.

Mr M Sikakane (ANC) expressed concern that a newspaper was apparently able to access a minister’s confidential medical records.

Mr N Gcwabaza (ANC) asked to what extent SITA’s own systems are kept up to date.

Mr M Nyambi (ANC) asked what benefits SITA gained from MoUs, besides sharing experiences. He commended SITA’s efforts to establish itself as a centre of excellence but was concerned by the loss of knowledge and skills resulting from the recent resignations. He wanted to know if knowledge and skills were retained and asked whether senior staff members left because the CEO had left the Agency.

In response to Mr Sikakane’s question, Mr Pedlar replied that newspapers have their own sources to obtain information but in his opinion the confidentiality of any person’s medical records must be protected.

In response to Mr Gcwabaza’s question, Mr Pedlar replied that SITA maintained good cooperation with other organs of state, such as Comtec and National Intelligence. It made use of the best technology available to protect the networks and continuously strived to stay abreast of developments. Care was taken to employ persons with the appropriate skills and competences for the job, use was made of the latest technologies and investments were made in research and development. In addition to signing international agreements, SITA also brought new technology from abroad and encouraged the development of solutions within the country. He gave the assurance that SITA was doing everything in its power to protect the information and systems.

In response to Mr Nyambi’s questions, Mr Pedlar illustrated the good co-operation SITA had with ex-employees by explaining the willingness of Mr Ngubane to assist with the presentation on very short notice. He said that it was very difficult to appoint senior personnel in the absence of a permanent CEO but that the necessary steps were taken to ensure that a proper hand-over of skills took place when people leave the Agency. He remarked that SITA had not experienced any negative press coverage over the last few months.

Mr Ngubane explained that, although South Africa passed the Electronic Communications Act two years ago, the country was lagging behind Botswana and Mauritius in this regard. Certain issues are still a challenge, for example the admissibility of certain types of electronic records as evidence in court and the difficulty of proving whether documents were altered or not. He explained that both the Department of Home Affairs (DHA) and the South African Police Service (SAPS) maintained large databases of fingerprint records. Although this was a duplication of effort, SAPS cannot be allowed access to the DHA records because of the issue of “criminalising the population”. The international nature of cybercrime made for very complex legal issues, for example allowing access to information on a server situated in one country that was needed as evidence in a case in another country. It was his opinion that technology will not solve these issues but that legal solutions needed to be found.

In response to Mr Gcwabaza’s question, Mr Ngubane explained that SITA introduced intrusion detection systems into the core network two years ago. SITA was responsible for the core network and all other systems in certain departments (e.g. SAPS) but other departments made their own arrangements and often did not have adequate virus detection software or firewalls in place, resulting in unauthorised access or virus attacks on the core system. The sophisticated intrusion detection system was able to shut down the ports and deny access to the core network.

Mr Ngubane commented that although Africa was a minor user of the internet, Nigeria was ranked number four and South Africa number ten in the top ten cybercrime countries. He said that it was important that the cybercrime issue was taken seriously.

In response to Mr Nyambi’s question, Mr Ngubane explained that SITA tended to be a net giver of services in MoUs with companies and countries in Africa. In the case of MoUs with India and Brazil, there was agreement to share open source code and benefit from successful R&D projects. SITA provided personnel to run the server for the recent elections in the Democratic Republic of Congo.

Mr Pedlar added that there were collateral and indirect benefits to the country as a result of the training and assistance provided by SITA in other African countries. South Africa was seen to be a friendly country and gained acceptance and credibility.

In conclusion, Mr Boloyi said that the Committee would investigate the breakdown in communication with SITA that led to the short notice of the briefing that was given. He said it was important that stakeholders were aware of the Committee’s expectations in order to provide the necessary information and to ensure that it was kept fully informed on the main issues. In the case of the MoUs, the Committee needed to know what the main points of the agreements were. More detailed information was required of the type and effectiveness of training done by SITA. Further details were required of the nature of SITA’s responsibility for the protection of sensitive and classified information and the effectiveness of the measures in place. He noted that Mr Gcwabaza’s question was not fully answered and said the Committee had a responsibility to ensure that valuable skills were not needlessly lost. He remarked that exit interviews were only of value if properly conducted and if the real reason for leaving can be determined by the interviewer. He accepted the challenge of the Acting CEO position and said that SITA needed to continue to play an active role.

Mr Pedlar assured the Committee that SITA had a skills retention strategy in place and its board had approved a Human Resources strategy. He thanked the Members for their input and undertook to provide the feedback requested.

The delegation from SITA was excused from the meeting.

Report on Global Forum V conference on fighting corruption and safeguarding integrity
Dr U Roopnarain attended the conference held in Johannesburg on 2-5 April 2007 and had submitted her draft report to the Committee. However, she was unable to attend this Committee meeting to report back. It was agreed that the Members read the report and note their comments for discussion at the Committee’s next meeting.

Global Organisation of Parliamentarians Against Corruption (GOPAC) conference report
Mr M Sikakane attended the conference held in Monaco on 28 June to 1 July 2007 and submitted his report to the Committee. Mr Sikakane briefed the Committee on the issues that were discussed and said that a policy of transparency promoted good governance and corruption was reduced when a Government was held accountable. A “Dialogue on Civilisation” was held and the wide range of topics discussed included crime, democracy, corruption and the behaviours of nations. He mentioned the concern of Islamic countries that they are all regarded as terrorist countries as a result of Al Queda. Mr Sikakane wanted his report to be used by the Committee to stimulate debate and to make recommendations.

Discussion
Mr Baloyi asked what the objectives of GOPAC were. He said it was important that Members attended conferences dealing with corruption as that was where strategies and methods to counteract corruption can be found. He mentioned that the Committee intended to participate in the African Parliamentarian Network Against Corruption (APNAC) conference to be held in 2008 as well as the next international GOPAC conference to be held in Dubai. He suggested that Members read Mr Sikakane’s report and note the issues for further discussion at the Committee’s next meeting.

Committee Programme
The Members of the Committee then discussed its revised program for the period October 2007 to March 2008.

The meeting was adjourned.