The Civilian Secretariat for Police Service (CSPS) presented on the Critical Infrastructure Protection Bill [B22B-2017]. It outlined the background to the Bill, and gave an overview of its development. It discussed and outlined its purpose and structure, how it differentiated between infrastructure and critical infrastructure (CI), the formation of a CI Council, the administration of the Act, the process of declaring specific infrastructure as CI, the offences, regulations, penalties and transitional provisions.
Members raised concerns about cyber security and the provisions made in relation to it in the Bill, especially in respect of the CI Council and Cyber Response Committee. Tight deadlines for reviewing the Bill were also an area of concern.
The Committee was informed of the legal effect of the High Court order on its consideration of the notice for firearms amnesty, and was told that the order did not affect it. The effect of the Bill on provinces was discussed, and it was highlighted that because infrastructure was likely to be declared as CI in areas which were under the control and oversight of provinces, according to the Constitution it would influence the provinces.
The Minister of Police, who attended the meeting, said the development of the Critical Infrastructure Protection Bill was necessary, and that prioritising cyber security was important for the future. South Africa’s laws in respect of gun control and policing were outdated, and would be reviewed.
The Chairperson, in agreement with other Members said the meeting would start earlier than planned, as Members were already present. They would deal with the Critical Infrastructure Bill, which was a Section 75 Bill, and was handled by the Civilian Secretariat on Police Service (CSPS). The Bill was affecting amendments to the National Key Points Act (NKPA), and the CSPS would discuss these changes.
Civilian Secretariat on Police Service presentation
Ms Dawn Bell, Chief Director: Legislation, CSPS, introduced the presentation by giving background to the legislation. The Department of Police had started the review back in 2007 by publishing the draft NPKA for public comment, and the Strategic Interventions Bill. In March 2014, the Public Protector had recommended a review of the NPKA in Report 25 of 2013/14. In December 2014, the High Court of South Africa had examined the NKPA in the matter of the Right2Know Campaign v The Minister of Police, and had pointed out constitutional shortcomings. The High Court made the process go faster. A draft policy was then formulated to form basis for the Critical Infrastructure Bill, which had been developed through a series of consultations.
The Bill seeks to replace the NKP Act and bring the legal framework for the protection of critical infrastructure in line with constitutional imperatives and changing developments, both nationally and internationally. The Bill was aimed at ensuring that South Africa maintains a robust and sustainable approach to the protection of South Africa’s critical infrastructure in the interests of the state and all citizens.
The Bill creates a transparent process of declaring critical infrastructure, which involves several government departments, the private sector and community bodies.
The Bill ensures constitutionality by providing for the Application of the Promotion of Access to Information Act as well as the Promotion of Administrative Justice Act, and an improved description of offences by requiring that conduct must be unlawful, for an unlawful purpose or in contravention of a notice. These provisions were not part of the previous Act. The Act helps when questions are asked about the Key Points
The Bill promotes a spirit of cooperation between various role players in order to provide for a multi-disciplinary approach to deal with Critical Infrastructure (CI) protection.
During the development of the draft Bill, several government departments were consulted in order to improve upon the 2007 draft. In 2015, the draft Bill was processed to obtain Cabinet approval for publication. On 13 April 2016, Cabinet had approved publication of the draft Bill in the Gazette for public comment.
Ms B Engelbrecht (DA, Gauteng) interjected, objecting to the meeting being started before 10h30. She said the meeting could not be started because other colleagues might still be coming.
The Chairperson responded that Ms Engelbrecht could not speak without being recognised first.
Ms G Oliphant (ANC, Northern Cape) said she had asked that the meeting start early because by 10h30 she would have to leave, and because everyone had been present there did not appear to be a reason not to start. Ms Engelbrecht had been present when it was decided to start the meeting early, but she had walked out with her phone when it started. What was wrong about starting a meeting early?
Ms Engelbrecht said three DA members were yet to arrive, and that if there were no apologies then it was not procedural to start before other Members could arrive.
The Chairperson said Ms Engelbrecht’s behavior was highly disrespectful, as she had interjected and talked without being recognised by the Chairperson.
Ms Engelbrecht said she had full rights to walk out to take a call before the meeting started on its actual time.
The Chairperson asked Ms Engelbrecht to leave the meeting.
Ms Engelbrecht objected to leaving.
The Chairperson gave a last warning.
Ms Mokwele (EFF, North West) said the Committee had started the meeting before the actual start time, and any action taken would be against the Chairperson. As Members, it had been agreed to start the meeting before 10h30. She requested that the Chairperson and Ms Engelbrecht calm down, and that the apologies be read to check if DA Members were coming.
Mr D Ximbi (ANC, Western Cape) said a member could not just intervene at a meeting as Ms Engelbrecht had done. This behavior was not appropriate for elders, and it would be better to sit down and address elders instead of walking in and disrupting a meeting.
Mr J Mthethwa (ANC, KwaZulu-Natal) said he was disappointed by the behavior of Ms Engelbrecht, as it undermined the Chairperson and the Committee. Ms Engelbrecht could have spoken when she sat down and explained her view instead of disrupting the meeting. In agreement with Ms Mokwele he said there had been an agreement to start the meeting early at the time. The presentation had just begun and those who came late could just read the document to catch up, and therefore it was not a major issue. Members must be disciplined and not allow the standard of the Committee to deteriorate.
Ms Engelbrecht said her suggestion to read apologies must be considered
The Chairperson requested an apology from Ms Engelbrecht
Ms Engelbrecht replied she did not have to apologise as the meeting had not started, and that she had said “point of order.”
The Chairperson asked if he had granted her permission to speak.
Ms Engelbrecht said she thought she had been granted permission to speak
The Chairperson responded that Ms Engelbrecht was undermining people, especially black people.
Ms Englebrecht replied that the Chairperson should not pull the race card on her, because he had not been procedurally correct.
Mr Gurshwyn Dixon, Committee Secretary, read apologies for Mr M Chetty (DA, KwaZulu-Natal), Mr M Mohapi (ANC, Free state), and Ms T Wana (ANC, Eastern Cape).
Ms Engelbrecht said she would disrupt the meeting until it started at 10h30.
Ms Bell said she would continue on slide 5.
Ms Engelbrecht said the presentation must start at the beginning.
The Chairperson told Ms Bell to proceed from where she had stopped.
Ms Bell said on the 26 April 2016, Cabinet had approved the publication of the draft Bill, and it had been published in the Gazette for public comment. On 13 May 2016, the draft Bill had been published and comments invited until 15 June 2016. All comments were considered and the draft Bill edited to incorporate those comments that were considered valuable. She presented a list of stakeholders who had consulted or commented on the Bill.
During August and September 2016, the edited draft Bill, with comments considered, was presented at various Director General (DG) cluster meetings for approval to submit to Cabinet. In November 2016, the Bill had been tabled at the National Economic Development and Labour Council (NEDLAC), where a task team had deliberated on the Bill. In April 2017, Cabinet had approved the Bill for introduction, on condition that deliberations at NEDLAC were finalised. The CSPS had gone through the Bill clause by clause with NEDLAC. In July 2017, the NEDLAC process was completed and the NEDLAC report was finalised.
In November 2017, the Bill was introduced in Parliament. The Portfolio Committee on Police had published the Bill for public comments and several organisations had commented and made submissions. As a result of the submissions and a legal opinion from AmaBhungane, legal opinion was obtained by the Parliamentary Legal Services, which resulted in amendments, primarily to clause 26 (offences). The Bill was deliberated on, and several amendments were made by the Committee before adoption on 14 August 2018. During the second reading debate on 28 August 2018, the Bill was supported by all political parties
Purpose of the Bill
Mr Nkululeko Ntwana, Director: Legislation, CSPS, said the purpose of the Bill was to secure:
- Critical infrastructure (“CI”) against threats;
- Objective criteria for identification and declaration;
- Public-private cooperation for identification and protection of CI;
- Promote cooperation and a culture of shared responsibility;
- Enhance capacity to absorb and mitigate security risks;
- Ensure that CIs comply with regulatory measures;
- Support integration and coordination of functions.
Structure of the Bill
Chapter 1: Definitions, purpose and application of the Act.
Chapter 2: Critical Infrastructure Council and structures
Chapter 3: Declaration as Critical Infrastructure -- administrative arrangements, such as the power of the Minister to declare critical infrastructure, the factors to be taken into account, applications for declaration, etc.
Chapters 4-7: Powers and duties of persons in control; offences and penalties; regulations and general and transitional provisions.
Definition of infrastructure
“Infrastructure” meant any building, centre, establishment, facility, installation, pipeline, premises or systems needed for the functioning of society, or a network for the delivery of electricity or water, but excluded any information infrastructure as contemplated in any legislation on cybersecurity;
Mr Ntwana added that he did not know if Members were aware of another Bill being developed by the Department of Justice, which deals with cyber security.
“Critical infrastructure” referred to the above listed infrastructure only when it was formally declared as such.
The definition of “infrastructure” therefore spanned several sectors where there was the need for proper functioning of the government and delivery of basic public services. These sectors included energy, communication, food supplies, water, transport, administration, health and technology. However, “critical infrastructure” referred only those which were formally declared by the Minister.
The Bill takes into account that critical infrastructure may fall into various sectors, such as communication, energy, transport, water etc. The Bill seeks to harmonise this with sectoral legislation, with a view to protecting the physical integrity of these infrastructures.
The process of determining CI goes from a National Commissioner (functional), who advises the CI Council (Advisory), which advises the Minister, so the Minister ultimately determines what CI is.
Critical Infrastructure Council
The Council was new and was not in the NKPA, and was outlined in clause 4 of the Bill.
It was composed of government, private sector and community-based organisations. The Council would be chaired by the CSPS. There would be five people with expertise appointed by the Minister on the recommendation of the Portfolio Committee on Police. The Bill provides for the establishment for the CI Council. The proposal was that government employees would be from the level of Chief Director and upwards, as well as the five persons from the private and community sector.
The Council would approve guideline standards etc, receive and consider applications, reports and assessments, make recommendations on applications; evaluate, monitor and review the implementation of the policy, legislation and reports, establish procedures and report to the Minister. The Bill proposes that the Council report to the Minister three months after each financial year.
Administration of the act
The Act must be administered by the National Commissioner of Police, who was responsible for the authority to administer the Act and advising the CI Council. The functions of the National Commissioner were to develop guidelines and standards, develop structures and mechanisms for cooperation, establish procures and directives, consider applications, physical security assessments, recommend applications, inspections and compile and submit quarterly reports to the Council.
Inspectors would be South African Police Service (SAPS) members starting at the rank of Warrant Officer, and their responsibilities would be to inspect, verify information and exercise powers, such as compliance orders.
A list of other structures supporting the National Commissioner could be found clause 12 of the Bill. It was proposed that ad hoc and standing committees may be established to assist the National Commissioner in respect of functions involving standards, procedures and recommendation of applications.
SAPS would focus on physical security, Disaster Management would focus on disaster management, and the State Security Agency (SSA) would focus on information security. The Bill proposes the establishment of a Cyber Security Response Committee that would assist the National Commissioner with matters of information infrastructure.
Process of declaration
The bill proposes that the application in the prescribed format would have to be submitted to the National Commissioner. The National Commissioner would then carry out physical security assessments and categorise the infrastructure and based on this, would make recommendations to the Council. Thereafter, the Council would consider the reports and make recommendations to the Minister. The Minister would consider the report and recommendations, and then infrastructure would be declared as CI and placed in a category.
After infrastructure had been determined as CI, a certificate would be issued by the Minister with its location, category and conditions on control. The person in control would receive a notice in terms of security measures and appointing a security manager. Security measures that had to be considered, such as access control and searching, were also outlined once infrastructure was declared as CI.
The person in control must take the prescribed steps to secure the CI and must appoint a security manager. Provision is made for the measures to be put in place, such as access control. The costs of security were borne by the person in control. This person may advance reasons why the government should finance or co-finance the costs if they could not afford security measures. The Minister, in consultation with Minister of Finance and other affected Ministers, would make a determination. If it was at the national level, the consultation and determination would have to be with the Minister, but if it was at the provincial level it would have to be with the MEC of Finance. At the local level, it would be a Municipal Council
Clause 26 includes offences relating to the unlawful disclosure of information or unlawful photography of security measures. As a result of the submissions made to the Portfolio Committee of Police, and the legal opinions arising from the submissions, the Committee had agreed on limiting the offences and penalties, to be in line with constitutional requirements. The offences relating to security measures were limited to unlawful actions, where security measures that were not visible or in the public domain were concerned. For this purpose, a definition of “security measures” had been included in clause 26 to ensure that innocent persons were not prosecuted for these offences.
The list of offences included:
- The unlawful and intentional tampering with, damaging or destroying of critical infrastructure (includes collaborators);
- The unlawful hindering or obstruction of a person in control or a person who performs functions relating to security;
- Unlawful entry or access without the consent of the security manager, or in contravention of a notice;
- Damages, endangers or disrupts critical infrastructure;
- Unlawful collusion or assistance in respect of offences;
- Persons in control who furnish false information, or refuse or fail to take the required steps, commit an offence
The penalties prescribe a maximum of three years’ imprisonment, or a fine. When there was intent to cause damage or harm, the maximum imprisonment is increased to a maximum of three, five or seven years, depending on the risk category of the CI. When there was actual damage or harm caused, the maximum imprisonment was increased to 10, 15 or 20 years, depending on the risk category of the CI. A person in control committing an offence (providing false information, failing to comply with security requirements etc.), may be sentenced to a maximum of five years’ imprisonment or a fine. In the case of a corporate body the fine may not exceed R10 million.
The regulations must come into operation at the same time as the Bill.
Before the Minister promulgates the regulations, he or she must publish the proposed regulations in the Gazette inviting comments; revise the regulations to reflect comments where applicable; and table the revised regulations in Parliament for scrutiny.
Issues that were not in the Bill would be dealt with in the regulations. The processes to be driven by the regulations were functioning and administrative procedures, identification, classification or designation, risk categories, joint planning committees, security measures, security service providers and firearms and other measures, emergency and evacuation procedures, notices, and demarcation etc.
Transitional provisions included that existing key points must be declared as CI and published in the Government gazette. All deemed CI must be reviewed within 48 months to become CI, after which a new list of CI would be created, where some infrastructure may be added or fall off.
Mr Ntwana added that in the Bill, there was a proposal that the Minister must table a report to Parliament biannually, but it was noticed in terms of Clause 7 the Council tables a report only once annually. The Committee should look into this matter because it could be an anomaly, as the Minister would have to report twice while the Council reported only once.
The Chairperson responded that Mr Ntwana should advise and help the Committee on such matters.
Mr Ntwana replied that perhaps the Minister should report annually instead of biannually, to align with the Council.
Mr Bheki Cele, Minister of Police, said he was pleased by the move from the NPKA to the CI Protection Bill, as the NPKA was said to be abused by Ministers, and there were other issues which he hoped would be better addressed by the new Bill. He agreed with the suggestion that the Minister report once, unless the Council was made to report twice, but it remained that the matter had to be synchronised.
The Chairperson said that he had received a letter from AmaBhungane regarding the flaws in the report by the Portfolio Committee on Police. The Select Committee would engage independently from the Portfolio Committee on the matter.
Impact of the Bill on Provinces
Ms Anthea Van der Burg, Committee Content Advisor, spoke about the impact of the Bill on provinces.
When provincial powers were looked at in Chapter 6 of the Constitution, it was outlined that there were functional areas under provincial powers, and that provincial legislatures must maintain oversight over the implementation of legislation and any provincial organ of state. It was clear from the presentation that was given today that there was a spirit of cooperation in the Bill when looking at CI. The preamble mentioned the need to enhance cooperation between government and the private sector, and that there would be government representatives on the CI Council.
The broad definition of infrastructure illustrated that there could be an influence on provincial competencies, as infrastructures could be in the domain of provinces. Chapter 3 of the Bill speaks to the declaration of CI and the determination of CI, where there were sections which related to provinces. Section 16 mentions that infrastructure qualifies for the declaration as CI if such infrastructure was essential for the economy, national security, public safety and the continuous provision of basic services. Section 17 it says a person in control of infrastructure may, in the prescribed manner and format, lodge with the National Commissioner an application to have such infrastructure declared. Section 18 says any infrastructure under the control of, or occupied by, a local or provincial government department, must advise the relevant municipal manager or the relevant head of the department in the province to lodge an application. She highlighted these sections of the Bill to illustrate why public participation by provinces was important for the Bill. The Secretary to the Committee would talk about the procedural note on public participation.
Mr Dixon said on the procedural note, he would mention a few points. This was a section 75 Bill, and would normally not go to the provinces, but it had been advised that it had been advertised widely to provinces. Considering what Ms Van der Burg had said on the implications for provinces, provinces might want to comment on the Bill. The Bill would be advertised to provinces, and it would be provinces’ own imperative to publicly participate. A briefing for 12 September had been scheduled, and adverts had been quoted. The normal process would be that Members would have a review of written comments and decide if written comments were sufficient to carry on the deliberations, or if additional information was needed. Members needed to finish the process by 14 November.
The Chairperson said that Bill had been sent to the Committee on Monday, 10 September, and provinces still needed to go through the Bill. These timelines were placing the Committee in a predicament between the Parliamentary and legislative processes. He made it clear that the deadline might not be met.
Ms Oliphant asked what AmaBhungane was, and why key issues that had been discussed were in the regulations rather than the Bill. One should bear in mind that a recess was coming soon, so would there be enough time to meet the deadlines?
The Chairperson responded that AmaBhungane was an organisation of journalists attached to the Mail and Guardian.
Mr G Michalakis (DA, Free State) said he welcomed the legislation if its inconsistencies could be sorted out. He thanked the Minister for his attendance, and said it was really appreciated as his predecessors did not attend. In regard to section 75 legislation, the National Council of Provinces (NCOP), as the second House of Parliament, had a responsibility to review the kind public participation conducted in the National Assembly, especially in regard to expertise. Ultimately, when the Bill passed, the best possible version should be passed. On the CI Council and Minister reporting, he suggested a situation where the Minister and Council report twice instead of once, to increase transparency and security of the country. On the content of the Bill, he said the most important area was the cyber component. Section 4(2) of the Bill made provision for five people who had expert capacity to be on the board, but was there a requirement that at least one cyber expert was hired? There should not be a situation where there were five experts, but none of them was a cyber expert. Was there an obligation on the CI Council to hire cyber experts, or at least to engage with experts in the cyber field?
Mr Mthethwa asked for clarity on the “R100 million” maximum fine in the case of a corporate body.
Minister Cele asked what other areas of expertise were needed, besides cyber. All areas that needed expertise need to be defined. Cyber expertise would be important in the future because of the fourth industrial revolution.
Mr Ntwana, in response to Mr Mthethwa, said it had been a typographical error in the presentation and that the maximum fine was R10 million, and not a R100 million.
On question of cyber, he said in clause 12(8) on page 13 of the Bill, there was a Cyber Response Committee mentioned, which would advise on any related matter. The Bill mainly dealt with physical security, and where there were issues of cyber there would be interaction between the Minister of State Security and Police on who should take action.
On issues placed in regulations instead of the Bill, he said the regulations were placed in clause 27 of the Bill.
Mr Michalakis raised concern about the Cyber Security Bill not going through Parliament before the end of the year, as this would lengthen the processes of the much-needed Bill, considering the limited cyber legislation in the country. CI that relied heavily on information technology was under threat of cyber-attack. A CI cyber-attack happening, as opposed to a physical attack, was more likely in the future. Waiting for cyber legislation to become functional would create a gap where the state was unprotected. He was aware that cyber security fell under State Security, but the gap was a threat to CI.
Dr H Mateme (ANC, Limpopo) asked what other fields of expertise would be needed, and if cyber was the only area of concern. She said it would be better if all appointments involving expertise were made at the same time.
Mr Ntwana responded that on page 7 clause 4(3) and 4(2) of the Bill, it gave the conditions for hiring members of the CI Council. If there was another area of expertise not listed, it could be added.
He added that determining the regulations was up to the CSPS. When the Bill was brought to the National Assembly, it was said that the Minister must just notify Parliament with regard to regulations, but the Portfolio Committee on Police felt that this should come from them.
Mr Nathi Mjenxane, Legal Advisor, Parliament, briefed the Committee on the legal effect of the High Court order regarding the notice for the firearms amnesty
A legal opinion on the matter had been prepared for the Portfolio Committee on Police relating to the High Court order’s effect on the Firearms Amnesty notice currently before the Committee. There had been an interim order by the Court prohibiting the Department from accepting firearms at police stations, in the category defined in the judgment. The order remained an interim order which had been granted in the favour of the applicants, which were the Gun Owners of South Africa (GOSA) against the Minister of Police and the National Commissioner. The applicants were applying for the prohibition of police stations or any other places to accept firearms for the sole reason that the firearm licence had expired, and for the Court to extend the application period for firearms licensing.
The effect of judgement was that firearms with expired licences must not be required to be handed over and that police stations were prohibited from accepting firearms whose owners were in the process of applying for renewal. The judgment mentioned that the information technology (IT) systems of the firearms register had to be improved.
The legal advice given was in relation to how the Committee’s work would be affected by the court order, and the conclusion on this had been that the judgment did not affect the Committee.
Mr Michalakis referred to page 3, paragraph 6, of the legal document, and said that it mentioned that the Minister and National Commissioner were advised to appeal the interim court order directly to the Constitutional Court. Had the Minister appealed, and was there a time frame for this to happen?
The Chairperson said Minister might not be prepared to answer the question.
Minister Cele said it was a question of principle, because maybe there was not complete readiness, as there were 430 000 firearms that were unlicensed. It would be better to deal with matters together with the owners first, as opposed to going to court. He showed Members a picture of 30 unlicensed firearms that had been discovered at a house in the Northern Cape. He said it was a question of who, on behalf of South Africans, was more appropriate to make the decision -- the individual gun owner or the government. He could not find a reason for the Minister or the National Commissioner not to appeal, for now. It was open to discussion on how to address the matter, together with private owners.
Dr Mateme asked how long a firearm could remain unlicensed, in terms of the judgment.
Mr Mjenxane responded that the licensing of firearms was specified in legislation, but the effect of judgment was that people who held firearms licences had had their licences extended. It was important to note that the judgment was based on the current interim order, and there was no guarantee that the same conclusion would be held by another judge who finalised the matter.
Dr Mateme asked if the firearms in the picture shown by the Minister were illegal, and how many there were.
The Chairperson responded that from his perspective, it would not be legal for an individual to own that many firearm licences, and therefore it would be illegal.
Minister Cele said he had requested that the law be combed, because laws of 1947 were still in place. There was a need to repeal and amend laws. The gun laws allow any individual to own an unlimited number of firearms, which was based on an Anglo-Boer War agreement, and the law needed to be repealed. The Department of Police was ready to fight.
Ms Mokwele asked if nothing had been done in the past 25 years, since the laws were still outdated, and if that was why 57 people were killed daily. Lawlessness had to be addressed in relation to gun control.
The minutes of 31 August were adopted.
Download as PDF
You can download this page as a PDF using your browser's print functionality. Click on the "Print" button below and select the "PDF" option under destinations/printers.
See detailed instructions for your browser here.