Critical Infrastructure Protection Bill: PSIRA on role of private security; Council funding; overlap with Cybercrimes Bill; response to Eskom submission

This premium content has been made freely available

Police

14 March 2018
Chairperson: Mr F Beukman (ANC)
Share this page:

Meeting Summary

The Committee received a briefing from the Private Security Regulating Authority (PSIRA) on the role of the Regulator in the implementation of the Critical Infrastructure Protection Bill [B22-2017]. 

The Regulator reported that the facility becomes an In-house employer of the security officers as defined in the Code of Conduct for Security Service Providers. The facility will then be required to enlist with PSiRA as the in-house employer. The facility is required to notify the Authority of all the security personnel in its employment. All the security officers employed and deployed by the facility must be registered, trained and comply with the minimum requirements set under Section 23 of the PSIR Act and the facility is then subject to the provisions of the Code of Conduct for Security Service Providers, 2003

PSIRA mentioned that the bill is not clear in respect to the type and calibre of the firearms that will be used within the facility more especially when the facility is guarded by the contracted security service provider and or the In-house employer. Regulation 13 of the Private Security Industry Regulation, 2002 requires only business issued firearms should be used to render security services by security officers deployed on the premises. PSIRA will regulate the issuing, use and possession of firearms. The Leave of access granted under section 15 of the Bill should be extended to PSiRA Inspectors. The restriction of access to inspectors will impede detection of non-compliance by providers. It is suggested that in line with the spirit of the Bill as found in the preamble, the protection of the facilities should be restricted to include only validly registered, trained and vetted citizens and locally based owned private security service providers who are registered with PSiRA and vetted according to the Bill.

Members asked about the regulation of firearms, the vetting of security personnel, the use of foreign owned security companies and the use of unregistered security guards.

The Civilian Secretariat for Police (CSP) made a briefing on the funding of the Critical Infrastructure Council and the effect this will have on the organisation’s budget. Concerns were raised about whether CSP would be able to fund the Bill while it still had the responsibility to fund the DNA Board and the Directorate for Priority Crime Investigation (DPCI) Judge. CSP affirmed that it would be able to fund the Council. The Bill would be funded as category B in terms of the funding of public entities and this is the same level as the DNA Board. The only amount that would be paid by CSP for the Council would be for attending meetings and preparations, accommodations, meals including the catering when having the meetings. There would also be expenses for car and travel including car hire and this would not be applicable to all members. The Council is going to be chaired by the Secretariat for Police and therefore there is no need to employ staff for this position. The new proposed structure has already been submitted to the Minister and this structure needed to be implemented immediately. The R510 000 would be funded from the baseline and there will be a re-look into the budget if there is a need for adjustments.

Members asked if the Secretariat will create a new sub-programme and if any benchmarking of calculations was undertaken with National Treasury. There was also a suggestion that stated that PSIRA should go through the Department of Public Service and Administration as the structure was at chief directorate level.

The State Law Advisor informed the Committee on the overlapping issues between the Critical Infrastructure Protection Bill and the Cybercrimes and Cybersecurity Bill. The overlap in protection measures that must be implemented at the respective infrastructures, is found in clause 57(4)(e) of the Cybercimes and Cybersecurity that provides for “minimum physical …… measures that must be implemented in order to protect the critical information infrastructure” and paragraph (b) of the definition of “security measure” in clause 1 of the Infrastructure Protection Bill that provides for physical security measures to preserve and to protect “any physical structure that partly consists of, incorporates or houses information infrastructure”. It is clear that the Infrastructure Protection Bill does not aim to extend protection to the information infrastructure, itself, but only a structure that houses such information infrastructure. On the other hand clause 57(4)(e) of the Cybercimes and Cybersecurity also aims to extend to physical security of an information infrastructure that may include “any building, structure, facility” (in other words physical components that need to be protected). Furthermore, the State Law Advisor indicated that clause 57(12)(d) of the Cybercimes and Cybersecurity Bill defines ''information infrastructure ''as any data, computer program, computer data storage medium, computer system or any part thereof or any building, structure, facility, system or equipment associated therewith or part or portion thereof or incidental thereto”. This definition may equally include some structures that may resort under the Critical Infrastructure Protection Bill. There are important differences between critical infrastructure protection and critical information infrastructure protection. The main differences included threats, protection measures, enforcement of protection measures and offences. The distinction between critical infrastructure and critical information infrastructures already existed before the promotion of the Critical Infrastructure Protection Bill and the Cybercimes and Cybersecurity Bill as a result of the co-existence of National Key Points Act, and the Electronic Communications and Transactions Act (ECTA) on the Statute Book .Various countries deal with the protection of physical infrastructures and information infrastructures. In terms of their regulatory measures different agencies have mandates to deal with infrastructure protection and information infrastructure protection.

The Drafting Team (CSP and SAPS) then provided responses to issues raised by Eskom in their submission in the relation to the Bill. There was a proposal by Eskom in clause 21(2) that one certificate must be issued for all infrastructures under the control of one person. In this case Eskom basically said in the submission that they cannot have inventory of all assets or infrastructure as this was too complicated. There must be an available asset register and therefore the comment by Eskom cannot be correct. Clause 21(3) is clear that only the security manager that would needed to be vetted and security clearance and vetting are two different things as vetting is a much simpler process. The Bill is subject to the Promotion of Administrative Justice Act (PAJA) and therefore any individual has that right to the take Minister on review. Clause 22(2) already provides for submission of written representation and therefore the angle is also covered in this instance.

There was a comment on clause 24(8) where Eskom submitted that it was not feasible to send location notices everywhere at each transmission and distribution. The drafting team considered this as a fair comment and would be taken into consideration. For example, it would be impossible to places notices at critical infrastructures like Koeberg as located in ocean. There will be a representation of a redraft in this clause. The redrafted clause 26 to be presented to the Committee for deliberation covered the concern on clause 204(4) that the reliance on Trespass Act makes the offence less serious. It must be pointed out that the Bill regulates the safety measures at the critical infrastructure.

Members asked if there is a possibility of including a provision or an allowance for owner procured auditing as provided for in the Cybercrimes and Cybersecurity Bill. They also wanted to know more information on the continuity of the Council, the vetting process and security clearances and the offences.

Meeting report

Briefing by Private Security Regulating Authority (PSIRA)
Mr Manabela Chauke, Director (CEO), PSIRA, said that the Authority looked at the contents of the Critical Infrastructure Bill, its application and the role played by the Private security Industry Regulatory Act. There were a number of points that had been highlighted including the question on how PSIRA relates to the Critical Infrastructure facility where the latter uses its own employees to protect the facility. The facility becomes an In-house employer of the security officers as defined in the Code of Conduct for Security Service Providers. The facility will then be required to enlist with PSiRA as the in-house employer. The facility is required to notify the Authority of all the security personnel in its employment. All the security officers employed and deployed by the facility must be registered, trained and comply with the minimum requirements set under Section 23 of the PSIR Act and the facility is then subject to the provisions of the Code of Conduct for Security Service Providers, 2003.
Mr Chauke mentioned that in relation to registration requirements for critical infrastructure Inspections, the personnel must meet section 21 requirements: the security manager at the critical infrastructure facility must possess a minimum grade B training or equivalent/higher. All service providers must be vetted through PSIRA prior to appointment at any facility. Currently State Security Agency is providing that function. In relation to powers of inspectors, the Act provides all inspectors with powers similar to that of PSIRA inspectors. The inspectors are required to report all contraventions to PSIRA. There was a question as to whether the powers of the Inspector appointed under section 10 of the Bill can be extended to other parties. It must be clarified that Section 11(8) of the Bill provides for the appointment of any other person as an Inspector by the Minister. The PSiRA inspectors are peace officers and may inspect the facilities.

Mr Chauke stated that on the matter of the scope of regulations in respect to the Bill, Section 27(1)(m) of the Bill makes provision for the Minister to make regulations in respect to security personnel in the critical infrastructure facility environment. The determination of the training requirements under section 27(1)(m)(ii) should be made in line with section 4 (k) of the Private Security Industry Regulation Act 56 of 2001. All training must be determined and recognised by PSIRA in terms of section 4(k). The bill is not clear in respect to the type and calibre of the firearms that will be used within the facility more especially when the facility is guarded by the contracted security service provider and or the In-house employer. Regulation 13 of the Private Security Industry Regulation, 2002 requires only business issued firearms should be used to render security services by security officers deployed on the premises. PSIRA will regulate the issuing, use and possession of firearms.

Mr Chauke said that the Bill restricts access to personnel under section 199 of the Constitution. PSIRA Inspectors have the power to enter any premises in terms of section 34 of the PSIR Act. Section 25 of the Bill may be in conflict with section 34 of the PSIR Act. The Leave of access granted under section 15 of the Bill should be extended to PSIRA Inspectors. The restriction of access to inspectors will impede detection of non-compliance by providers. In line with the spirit of the Bill as found in the preamble, the protection of the facilities should be restricted to include only validly registered, trained and vetted citizens and locally based owned private security service providers who are registered with PSIRA and vetted according to the Bill.

Discussion
Ms D Kohler-Barnard (DA) wanted to know if the inspection that was to be conducted by PSIRA inspectors was to inspect private security guards with a focus on things like uniform and nothing else. In relation to the regulation of firearms to be used by private security guards, was this implying that PSIRA would now be involved in the regulation of the type of firearms to be used by guards? The PSIRA Bill had been sitting on the President’s desk for about 5 years after there was an indication that there would be an expropriation of 51% of any foreign owned private security company. The Bill had not been signed off because it had the potential to destroy our country’s economy as all foreign owned companies would pull-out if that regulation was to be implemented. It was impossible for PSIRA to take a decision that the protection of our critical infrastructure should only be done by locally-based companies and exclude foreign-owned companies until a President had taken a decision on the PSIRA Amendment Bill.

Ms M Molebatsi (ANC) asked about any possible confusion if private security guards are on the same level as police members. It was important to get a clarification if Grade B certificate allowed guards to perform any access control conducts.

Ms M Mmola (ANC) wanted to know what action would be taken if a security company employed unregistered security guard.

Mr L Ramatlakane (ANC) noted that the presentation mentioned that under the scope of regulation, any training to be undertaken is to be done through PSIRA. It looked like this was implying that there are similar institutions doing training of security personnel but this training is an unregulated training. Where could this be happening? In relation to the limitation of access, what is it perhaps that the Committee needed to take into consideration when dealing with the Bill on a clause-by-clause basis? Was there any possible interchangeability that was being foreseen in this instance?

Mr J Maake (ANC) enquired about the meaning of cross-reference as this seemed to mean that it would cover everything.

Mr P Mhlongo (EFF) asked if the vetting was specifically referring to the service providers or security personnel. The focus should be on vetting the security personnel than simply focusing on the service providers.
Mr Chauke responded that PSIRA was quite aware that gun licenses are issued to security companies in terms of the Firearms Control Act. PSIRA Act Section 35 empowers the Minister to regulate the use and issuing of the firearms. PSIRA was currently experiencing a huge problem with the issuing, provision and possession of the firearms. For example, there are private security companies in taxi ranks where there is violence and the security guards there are carrying imposing firearms that look like AK47. PSIRA was simply saying one cannot go for example to the crèche with a rifle as this would be against the regulations. There was an incident in the shopping mall where a child was killed by a firearm that was accidently discharged and the type of firearm that killed that child should not have been there in the first place. PSIRA was developing policy regulation of the type of firearm to be used in a specific location. There is a need to regulate the type of firearm to be used when there is protest. The Bill is not clear on the type of firearm to be used in a specific location.

Ms Kohler-Barnard maintained that wording of the sentence on the regulation of firearms in the presentation was clear that PSIRA would now regulate the issuing, use and provision of firearm to be used despite the fact that this was already covered in the Firearms Regulation Act. PSIRA was now trying to control which firearms the security entities would be using. Where could this be coming from?

Mr Chauke said that he has already explained why there is a need for regulation. PSIRA was not in any way suggesting the need to take away any right of security companies to be armed. Security companies would need to comply with regulation. Grade B is a minimum requirement to be a security manager. PSIRA ensures that unregistered security personnel are removed and arrested as this was a criminal offence in the country and it meant that those security guards are not adequately trained and not vetted to perform required duties. The space for training is a very highly competitive space and we have seen in the past that some service providers have accreditation to provide training and this is a certain kind of training that is not recognised by regulators. There are very few security companies providing training in terms of the National Key Points Act. The reason for this is because there was a conflict in the past between private security companies and those in the space of the National Key Points Act. The National Key Points Act people use to say “look this is our space and therefore people who work in these facilities would need to have our training”. The Act is now clear that PSIRA is a custodian of training private security companies and this mandate needed to be taken into consideration.

Mr Chauke pointed out that Section 27 of the Bill limits the access to these facilities only to people referred to in Section 199 of the Constitution. This simply means that PSIRA inspectors would not be allowed access in those facilities. The cross-referencing that was being referred to is that inspectors in the area as referred to in the Bill are ordinarily police officers. The Act already says that police officers have the same powers as PSIRA. There is a need perhaps to stipulate in the Bill that inspectors referred to in the Bill would have the same powers as referred to in Section 34 of the PSIRA Act. This cross-referencing would allow PSIRA in these facilities. Vetting will be both for security companies and security personnel. The PSIRA Act does not distinguish between security service providers and security personnel.

Mr Maake said that it totally made sense that it should only be locally based security companies that are able to become guardians for our critical infrastructure. It did not make any sense to involve foreign companies as guardians of our critical infrastructure.

Mr Chauke explained that PSIRA was clear that only locally based private security companies should be involved in our critical infrastructure as this was able to minimise all the potential risks involved. There were cases previously where foreign based security companies were given responsibility to guard our critical infrastructure and this was indeed strange and absurd. 

Briefing by the Civilian Secretariat for Police (CSP)
Mr Alvin Rapea, Secretariat, CSP; indicated that there had been concerns around the ability of CSP to fund the Critical Infrastructure Council. There were also issues raised on whether CSP would be able to fund the Bill while it still had the responsibility to fund the DNA Board and the Directorate for Priority Crime Investigation (DPCI) Judge. There was a time when CSP was running out of money and this era passed a long time ago. The entity has been stabilised and financial irregularities was no longer a problem for the entity. The concern of the entity currently is on the expenditure model with a specific focus on over-expenditure and under-expenditure. The challenge for the DNA Board is that it did not have a specific plan on how it was going to spend its money and money was available. CSP noted that the DNA Board had under-spent for the period that it had been established.

Mr Rapea explained that the Bill would be funded as category B in terms of the funding of public entities and this is the same level as the DNA Board. The only amount that would be paid by CSP for the Council would be for attending meetings and preparations, accommodations, meals including the catering when having the meetings. There would also be expenses for car and travel including car hire and this would not be applicable to all members. There are five members that CSP is eligible to pay and the estimation is that there would be 6 meetings per year with a standard of 2 meetings per quarter.  There might be some additional work that would need to be done. In terms of the remuneration, this was coming to R510 000 per annum including other expenses like accommodation, catering and car and air travel. The team that was working on the legislation costed this to R900 000 but the calculation of CSP concluded that this would cost R510 000.
Mr Rapea concluded that the Council is going to be chaired by the Secretariat for Police and therefore there is no need to employ staff for this position. The new proposed structure has already been submitted to the Minister and this structure needed to be implemented immediately. There will be a component that is going to look after the entities. The R510 000 would be funded from the baseline and there will be a re-look into the budget if there is a need for adjustments. The inspectors are the ones who are going to be responsible for doing the assessments and not the Secretariat and the reports then get tabled by the inspectors and whoever that would be responsible for critical infrastructure. CSP would be able to fund this Council.

Discussion
The Chairperson recalled that CSP had already indicated to the Committee that the Act would be financed from a baseline budget. It would be important to know if there would be a sub-programme within CSP. It is clear that CSP had reworked its budget and therefore it would be essential to know if there was any benchmarking of calculations that was undertaken with the National Treasury.
Mr Rapea replied that CSP was creating a new component and there will be a submission tmade to the Treasury and this is where there would be discussions on the budget structure. The new component would be at the chief director level. CSP used the document called 2017 adjustment of remuneration levels, service benefit packages for office bearers of certain statutory and other institutions for calculations of remuneration and this was in line with the Treasury regulation.

The Chairperson stated that PSIRA should go through the Department of Public Service and Administration (DPSA) as the structure was chief directorate level.

Mr Rapea responded that there was already a submission to DPSA and this was an important step that needed to be taken. The final structure needs to be submitted to the Minister for Public Service and Administration and CSP would have an interim administrator that would support this Council if the structure is not approved. This would be an interim position while CSP is busy with the finalisation of the structure. There is an additional funding for the entire structure and CSP is saying to the Treasury that the structure would need to be implemented gradually than once-off.

Briefing by the State Law Advisor
Mr Sarel Robbertse, State Law Advisor, Office of the Chief of State Law Advisor; stated that the Critical Infrastructure Protection Bill, seeks to replace the National Key Points Act, 1980 (Act 102 of 1980). Clause 16 of the Infrastructure Protection Bill empowers the Cabinet member responsible for policing (the Minister) to declare critical infrastructure and critical infrastructure complexes after considering the conditions provided for in clauses 16(2) and 17. For purposes of the current discussion clauses 16(4), (5) and (6) are important. The National Cybersecurity Policy Framework (NCPF) for South Africa was approved by Cabinet in 2012 and provides for measures to address national security in cyberspace; measures to combat cyber warfare, cybercrime and other cyber irregularities; the development, review and updating of existing substantive and procedural laws; and measures to build confidence and trust in the secure use of Information Communications Technologies. In terms of paragraph 16.1 of the NCPF, the Department of Justice and Constitutional Development must review and align the cybersecurity laws of the Republic to ensure that these laws are aligned with the NCPF and in order to provide for a coherent and integrated cybersecurity legal framework for the Republic. The Bill gives effect to this mandate of the Department of Justice and Constitutional Development.

Mr Robbertse indicated that the Critical Infrastructure Protection Bill and the Cybercrimes and Cybersecurity Bill must be considered in light of the fact that many traditional critical infrastructures rely on information and communication technologies to function. Such information infrastructures may be localised at a specific critical infrastructure, may extend to critical infrastructure complexes by means of local area networks or networks that do not belong to such an infrastructure and which may be used to transfer data from one destination to another or as a means of communication. Information infrastructure may further either be contained at a specific place at an infrastructure or may be incorporated to various degrees in other physical components at an infrastructure. Critical infrastructure and critical infrastructure complex is defined in the Infrastructure Protection Bill with reference to the definition of ‘‘infrastructure’’. Infrastructure is in turn defined as “any building, centre, establishment, facility, installation, pipeline, premises or systems needed for the functioning of society, the Government or enterprises of the Republic, and includes any transport network for the delivery of electricity or water”. This broad definition may include information infrastructure by virtue of the words “facility”, “installation”, “system”, “network for the delivery of water”.

Mr Robbertse indicated that clause 57(12)(d) of the Cybercimes and Cybersecurity Bill defines ''information infrastructure ''as any data, computer program, computer data storage medium, computer system or any part thereof or any building, structure, facility, system or equipment associated therewith or part or portion thereof or incidental thereto”. This definition may equally include some structures that may resort under the Critical Infrastructure Protection Bill. There are important differences between critical infrastructure protection and critical information infrastructure protection. The main differences included threats, protection measures, enforcement of protection measures and offences. The distinction between critical infrastructure and critical information infrastructures already existed before the promotion of the Critical Infrastructure Protection Bill and the Cybercimes and Cybersecurity Bill as a result of the co-existence of National Key Points Act, and the Electronic Communications and Transactions Act (ECTA) on the Statute Book .Various countries deal with the protection of physical infrastructures and information infrastructures. In terms of their regulatory measures different agencies have mandates to deal with infrastructure protection and information infrastructure protection.

Mr Robbertse admitted that there is a measure of overlap between the Critical Infrastructure Protection Bill and the Cybercimes and Cybersecurity Bill. The overlap in protection measures that must be implemented at the respective infrastructures, is found in clause 57(4)(e) of the Cybercimes and Cybersecurity that provides for “minimum physical …… measures that must be implemented in order to protect the critical information infrastructure” and paragraph (b) of the definition of “security measure” in clause 1 of the Infrastructure Protection Bill that provides for physical security measures to preserve and to protect “any physical structure that partly consists of, incorporates or houses information infrastructure”. It is clear that the Infrastructure Protection Bill does not aim to extend protection to the information infrastructure, itself, but only a structure that houses such information infrastructure. On the other hand clause 57(4)(e) of the Cybercimes and Cybersecurity also aims to extend to physical security of an information infrastructure that may include “any building, structure, facility” (in other words physical components that need to be protected).

The Cabinet member responsible for State security decides that the infrastructure that houses an information infrastructure should be dealt with in terms of the provisions of the Cybercimes and Cybersecurity, clause 57(4) obliges the said Cabinet member to consult, among others with the Minister on the directive that should be issued to regulate standards that should be implemented at such infrastructure. This double consultation requirement will ensure that no contradictory or overlapping security measures are prescribed in respect of the same physical structure that houses an information infrastructure.
In conclusion, Mr Robbertse highlighted that there is an overlap between the Infrastructure Protection Bill and the Cybercimes and Cybersecurity Bill as a result of clause 57(4)(e) in the latter. Clause 57(4)(e) can only be used to regulate security measures at a physical infrastructure if an information infrastructure is declared a critical information infrastructure and there is a building, structure, facility, system or equipment associated therewith. If an information infrastructure is not considered critical, it must be dealt with in terms of the Critical Infrastructure Protection Bill. The fact that a critical information infrastructure exists at an infrastructure does not imply that the infrastructure in question will become a critical information infrastructure. In practice, the two Bills will complement each other. The Critical Infrastructure Protection Bill that provides for physical security measures addresses unlawful physical actions against information infrastructures or their components at a critical infrastructure that may affect their availability and integrity. The Critical Infrastructure Protection Bill, however, does not primarily deal with the protection of information infrastructure that may have an adverse effect on the critical infrastructure itself.

Briefing by the Drafting Team: Response to issues raised by Eskom submission
Brigadier Bert Van Der Walt, Section Head: Legal Support; South African Police Service (SAPS), indicated the definition of national security would be included in the Bill. It must be stated that clause 19 was redrafted to a large extent and the proposal will be made during clause-by-clause deliberation. There was a proposal in clause 21(1) that a paragraph must be added so that the certificate of declaration must reflect whether the information regarding the security measures must be restricted. The drafting team was taking note of that proposal and this would be looked into when the Committee is dealing with the Bill on a clause-by-clause basis. There was a proposal in clause 21(2) that one certificate must be issued for all infrastructures under the control of one person. In this case Eskom basically said in the submission that they cannot have inventory of all assets or infrastructure as this was too complicated. There must be an available asset register and therefore the comment by Eskom cannot be correct. Clause 21(3) is clear that only the security manager that would needed to be vetted and security clearance and vetting are two different things as vetting is a much simpler process. The Bill is subject to the Promotion of Administrative Justice Act (PAJA) and therefore any individual has that right to the take Minister on review. Clause 22(2) already provides for submission of written representation and therefore the angle is also covered in this instance.
Brigadier Van Der Walt mentioned that there was a request that clause 23 must be clarified. There is a subtle difference between termination and relocation and this needed to be taken into consideration. It is important for clause 24(2) to be read with clause 24(1). Clause 24(2) is intended to convey that the person in control of critical infrastructure must first look at its own employees before contracting out and spending additional money. The comment in regard to clause 24(3) must be taken in context to the reality that security service providers who provide service to the critical infrastructure must go through the vetting process and PSIRA even underlined this point. There is no way that the drafting team can say the security service providers can function without being vetted. There was a submission in clause 24(7) around Eskom and the role of security manager for transmission and distribution lines. The Bill does not exclude the possibility of a security manager that is overall responsible for critical infrastructures under one owner.

The Chairperson interrupted and indicated that he would need to be excused as he needed to attend another important engagement. The Committee would meet again on Thursday to deliberate further on the Bill. There will also be a briefing by the Parliamentary Legal Advisor to deal with the categorisation of the Bill. The Committee would be provided responses by the drafting team on submissions made by South African National Editors’ Forum (SANEF) and Media Diversity Project.

Brigadier Van Der Walt stated that there was a comment in clause 24(8) where Eskom submitted that it was not feasible to send location notices everywhere at each transmission and distribution. The drafting team considered this as a fair comment and it would be taken into consideration. For example, it would be impossible to place notices at critical infrastructures like Koeberg as located in the ocean. There will be a presentation of a redraft to this clause. The redrafted clause 26 to be presented to the Committee for deliberation covered the concern on clause 204(4) that the reliance on the Trespass Act makes the offence less serious. It must be pointed out that the Bill regulates the safety measures at the critical infrastructure.

Discussion
Ms Kohler-Barnard expressed concern that the SANEF submission had not been dealt with as the Committee still had a lot to do.

Mr Z Mbhele (DA) asked if there is no possibility of including a provision or an allowance for owner procured auditing as is provided in the Cybercimes and Cybersecurity Bill. This is to ensure that the whole burden of compliance and monitoring did not rest entirely on overstretched and shrinking SAPS.

Mr Ramatlakane wanted more information on the continuity and consistency of the Council when it is being reduced.

Ms Molebatsi noted that the vetting process was taking so much time and this was a concern of the Committee. The important question is what needs to be done if there are delays in the vetting process. Are we likely to see people operating while still waiting for the finalisation of the security clearance?

Brigadier Van Der Walt said that the drafting team could consider the comment by Mr Mbhele as this was a valid comment especially in view of different risk categories. It must be remembered that this is a function that is already performed by SAPS and there are already inspectors in place and the drafting team was not creating a new function. This is a valid proposal that was being made especially when the Committee deliberates on the low risk categories. There was an important point that was made by Mr Ramatlakane on the continuity and consistency of the Council when it is being reduced. The idea is to have the Security Cluster Department sit on the Council fulltime. It must be made clear that a person needed to be have been vetted before signing the contract and those would be on entry level requirements. There could be expected delays but this could be minimised if the process is followed correctly.

Ms Kohler-Barnard expressed concern about these additional responsibilities that are being given to SAPS members. There is a problem of shortage of personnel and people not doing their designated jobs within SAPS. We witnessed the shortage of staff in most Designated Firearm Officers (DFOs) and Second Hand Goods Officers and this needed to be avoided.

Mr Mbhele mentioned that on clause 24(8) Eskom was concerned about the practicality of sending location notices everywhere at each transmission and distribution. It seemed like this clause was a duplication of clause 25(8) where it is specified that a notice is placed at every entry point. It would be important to know why these two clauses dealing with notices are dealt with separately.

Mr Maake said that there was a submission by SANEF and this would be deliberated in the next engagement as agreed upon.

Brigadier Van Der Walt responded that the protection security service has a branch where there are a dedicated group of people who do the inspections at all national key points at the moment. The structure and functionality is already in existence and therefore not as similar to the example on shortage of staff in DFOs and Second Hand Goods Officers. Clause 24(8) deals specifically with parameter and this is just to put a notice that “this is a national key point and do not trespass”. Whereas clause 25(8) is a different type of notice as it would stipulate the rules and it would be a much detailed notice than simply stating that “this is a national key point”. The visitors would also be warned in this notice that they would be searched when entering the premise.

Ms Kohler-Barnard wanted to know if there is provision for a drunk or drugged person stumbling into a national key point.

Ms Molebatsi asked if these officers deployed at critical infrastructure would only be dedicated to doing searching and providing guidance to the critical infrastructure without any other responsibility.
Brigadier Van Der Walt responded that the penalties would be much higher if there is an intention to do harm to this critical infrastructure. So a drunk or drugged person stumbling to a national key point could be imprisoned for 3 years instead of the previous 30 years. If there is a proven intention to do harm then the penalty could go up. The penalty could also go up if there is actual harm to the infrastructure. In essence, a drunk or drugged person would not get a maximum sentence as the court would need to take into consideration of all the facts. The officers form part of the pool of officers that are in the structure of protection and security service and therefore they perform other functions.

The meeting was adjourned.

Share this page: