18 September 2015 - NW3166
Dreyer, Ms AM to ask the Minister of Telecommunications and Postal Services
(a) What policy objectives and framework for cybersecurity has he communicated to the state-owned companies for the development of their cybersecurity strategies, (b) how was the specified framework developed, (c) by whom was it developed, (d) when was it communicated to state-owned companies, (e) who will (i) evaluate the specified strategies and (ii) monitor the implementation of the specified strategies and (f) by when must the specified strategies be implemented?
(1)(a) The NCPF was communicated to the state-owned companies for the development of their cybersecurity strategies. The National Cybersecurity Policy Framework (NCPF) adopted by Cabinet in 2012, sets the agenda for cybersecurity in South Africa. Whilst the implementation of this policy is government led, its implementation includes all stakeholders, public and private sector, and citizens.
(b) The NCPF was developed taking into consideration South Africa’s national
interest, and global development.
(c) The policy framework was developed by an inter-departmental task team of the JCPS Cluster.
(d) It was communicated to the state-owned companies at the Joint DTPS- state-owned companies strategic workshop held in February 2015.
(e)(i) The strategies developed by SoCs are meant to mitigate the risk associated
with their respective businesses. To this end it is envisaged that the respective boards will be responsible for approving such strategies.
(ii) The boards appointed to these entities have an overall responsibility of ensuring that strategies adopted are implemented. The Department is responsible SoC oversight.
(f) The management and the boards of the state-owned companies will determine date of implementation.