IS SOUTH AFRICA GEARED UP FOR NEW CYBERSPACE CHALLENGES? Transnational Threats and International Crime Division 26 January 2015
© Copyright – Institute for Security Studies – 26 January 2015
Governing the virtual New Challenges in Cyber Space Twi9er |@NLinSouthAfrica |@rosenthal_uri |#GCCS2015 www |www.dutchembassy.co.za |www.gccs2015.com
Brig Piet Pieterse Section Head: Electronic Crime Unit (ECU) Commercial Crime Directorate for Priority Crime Investigation South African Police Service
[email protected] 3
© Copyright – Institute for Security Studies – 26 January 2015 © Copyright – Institute for Security Studies – 26 January 2015
A SOUTH AFRICAN PERSPECTIVE
“…Directorate for Priority Crimes Investigation (DPCI) is one of the key investigative organs in the SAPS that require the necessary capacity and expertise in order to give full effect to its mandate…This Directorate represents a specialised investigative capacity within the SAPS whose focus is on crimes that are a national priority such as serious economic crime, with a KEY CONSIDERATION being the COMBATING OF CYBER CRIME…”
4
© Copyright – Institute for Security Studies – 26 January 2015 © Copyright – Institute for Security Studies – 26 January 2015
§ Develop and implement strategies decided by Cabinet § Justice, Crime Prevention and Security (JCPS) Cluster has developed, as part of its mandate and obligations under Outcome Three/Output Seven, a National Cyber-security Policy Framework (NCPF) § NCPF seeks measures to address national security threats in terms of cyberspace to promote the combating of cyber crime to build confidence and trust in the secure use of Information and Communication Technology (ICT) develop, review and update substantive and procedural laws to ensure alignment § NCPF is intended to provide a holistic approach and will be supported by a National Cyber-security Implementation Plan © Copyright – Institute for Security Studies – 26 January 2015
5
§ JCPS, working in consultation with other Government Departments, will oversee the realization of the implementation plan, with the aim of ensuring a centralized approach in coordinating cyber security § JCPS Cyber-security Response Committee, chaired by State Security Agency (SSA), has been established to ensure the implementation of Output Seven, further be supported by a Cyber Security Centre (CSC) § CSC coordinates all cyber security matters pertaining to national security, inclusive of cyber crime § Within proposed conceptual framework of the CSC the creation of a SA Police Service Cyber Centre is envisaged § In terms of NCPF an approved Cyber Crime Strategy needs to be presented by the SA Police Service, as the lead Department © Copyright – Institute for Security Studies – 26 January 2015
6
§ “Traditional investigative methodology” approach in addressing cyber crime threat, does not effectively address the business systems in relation to cyber crime § Upsurge in cyber crime within the financial environment poses a threat to South Africa’s democracy/economy § Imperative that strategies be developed in order to successfully eradicate cyber crime within South Africa § Greater use of encryption and access protection poses a growing challenge of extracting evidence from computers § Reluctance of victims to report offences-many victims are unaware that their computers had been compromised § Strategies/measures against cyber crime would have to follow a criminal justice rationale, linked to broader crime prevention and criminal justice policies, aimed at contributing to the rule of law/the promotion of human rights © Copyright – Institute for Security Studies – 26 January 2015
7
What is the extent and impact of the cyber crime phenomenon manifestation within South Africa, with specific reference to the impact on financial (banking) related cyber crime fraud? What is the extent to which the South African Police Service (SAPS) in general, and more specifically the Directorate for Priority Crime Investigation (DPCI), can effectively address the identified cyber crime phenomenon? How can the cyber crime priority threat- and risk assessment process be identified and defined, in order to establish the criminal business enterprise? What strategies, action plans and operational initiatives should be developed, together with identified stakeholders, to effectively address the identified criminal business enterprise, from a combating/preventative/investigative/prosecutorial perspective? © Copyright – Institute for Security Studies – 26 January 2015
8
Commercial crime increasingly show unique transnational organised crime characteristics Cyber crime/electronic related crime equally present similar international trends
South African experience
Cyber crime clearly reflect elements of transnational organised crime and has evolved in a sophisticated crime phenomenon, with specific reference to cyber related fraud scams
© Copyright – Institute for Security Studies – 26 January 2015
9
Strategic outcome in successfully eradicating cyber crime could certainly be entrenched in the knowledge that destroying computer generated information turns out to be surprisingly difficult Fossilization of deleted information means that a forensic footprint could well exist
Lessons learned
There is a positive aspect to the increasing use of technology by criminals in that the involvement of computers in crime has resulted in an abundance of digital evidence that can be used to apprehend and prosecute offenders Cyber crime is generally transnational in nature Difficult/time-consuming to secure evidence Despite expensive security measures, criminals will counter it successfully
© Copyright – Institute for Security Studies – 26 January 2015
10
Corruption of corporate and state employees Sophisticated techniques employed by criminals Difficult, time-consuming to understand crime threat (Faceless problem) The approach of “follow the money” not always guarantee success and it is time consuming Lessons learned
Cyber crooks often use known criminals to receive the proceeds of crime Difficult to identify and successfully prosecute cyber criminals International cooperation MLA/Communication with International role player on informal basis Hand-in-glove approach with prosecution most effective method Attempts at investigation involving computers often fail because of mistakes made at a very early stage essential digital evidence is ignored/destroyed/compromised/inappropriately handled
© Copyright – Institute for Security Studies – 26 January 2015
11
Council of Europe’s Cyber Crime Convention enhances: § Mutual Legal Assistance (MLA) § comprehensive powers to expedite preservation of stored computer data and partial disclosure of traffic data § make production orders § search computer systems § seize stored computer data § enable real-time collection of traffic data § intercept the content of questionable electronic data © Copyright – Institute for Security Studies – 26 January 2015
12
Project driven/major investigations Stakeholder partnership Investigative strategy
Operational best practices
Prosecutorial strategy Focus on Asset Forfeiture/Revenue Value chain analyses Strategic Intervention Strategy Focus on IMPACT with regard to crime threat/phenomenon
© Copyright – Institute for Security Studies – 26 January 2015
13
Council of Europe’s Convention on Cyber Crime proved a sound basis for essential cross border law enforcement cooperation required to combat cyber crime Serve as a purpose built mechanism on which countries can fashion own domestic legislation and enhance international cooperation in relation to cyber crime SA signed Convention on Cyber Crime- not ratified SA has laws dealing with cyber crime, not in one framework, Electronic Communications & Transactions (ECT) Act fail to recognize seriousness of cyber offences
© Copyright – Institute for Security Studies – 26 January 2015
14
Establishment of US/SA Cyber Working Group: § Identified areas of mutual interest § Strengthening opportunities for cooperation § Focus on technical assistance/capacity building/training/ sharing of best practices § Foreseen future meetings will include private sector/civil society stakeholders
© Copyright – Institute for Security Studies – 26 January 2015
15
Procedural Law: Criminal investigations/prosecutions in South Africa undertaken in terms of Criminal Procedure Act (CPA), 1977 CPA probably needs to be amended to fully accommodate implications of Information Technology South African criminal law offers a variety of common-law and statutory offenses, which could be applied to prosecute offenders of cyber crime Most significant legislation in South Africa is undoubtedly ELECTRONIC COMMUNICATIONS AND TRANSACTIONS (ECT) ACT, 2002 Need to ensure legislative framework is addressed in accordance with International legislation
© Copyright – Institute for Security Studies – 26 January 2015
16
Electronic Communications and Transactions (ECT) Act (25/2002) objectives: To provide for facilitation/regulation of electronic communications/transactions To provide for development of a national e-strategy To promote universal access to electronic communications/transactions To prevent abuse of information systems To encourage use of e-government services
© Copyright – Institute for Security Studies – 26 January 2015
17
§ To contribute to the eradication of the cyber crime phenomenon by detecting and successfully prosecuting cyber perpetrators
§ To provide a national investigative response to the most serious incidents of cyber crime
§ To collaborate with appropriate stakeholders in order to improve and develop specialist capabilities, thereby providing a safer and more secure cyber environment that enhance trust and increase public confidence
© Copyright – Institute for Security Studies – 26 January 2015
18
Digital evidence will in future form part of most crime scenes, yet there is still widespread ignorance amongst law enforcement officials in the gathering of digital evidence (standard operating procedures-SOP’s) There is a need for cyber crime investigators to address cyber related investigations and be exposed to testimony in the criminal courts Urgent need for more trained experts to analyse and to testify about digital evidence Digital evidence often highly volatile and easily compromised by poor handling. The chances of success in litigation or successful criminal prosecution by law enforcement agencies depend heavily on the availability of prima facie evidence
© Copyright – Institute for Security Studies – 26 January 2015
19
Law enforcement is increasingly turning to proactive investigations where undercover agents seek out the individuals who are already engaging in computer crimes — attempting to record, in real-time, computer criminals while they are involved in the criminal act. The proactive approach bypasses some of the investigatory hurdles of anonymity, lack of records, and under-reporting inherent in computer cases. It also has the added benefit of potentially stopping the criminal before the damage is done. In order to do pro-active investigations you need a task team who is 24/7 available to be operational From a training perspective it is time for a UNIFORM SOUTH AFRICAN VERSION OF A DIGITAL PRACTICE FIELD GUIDE (Standard Operating Procedure) that would enable all Law Enforcement officials to: § § §
© Copyright – Institute for Security Studies – 26 January 2015
search, seize, secure (acquisition) and protect the evidential integrity of digital evidence (data storage devices) 20
Vulnerabilities in relation to SA criminal justice system/rule of law/ unique SA cyber security landscape identified as contributing inhibiting factors in successfully addressing cyber crime threat Successful criminal prosecution by law enforcement agencies/ prosecuting authorities depend essentially on the availability of prima facie admissible evidence Way forward
Develop a strategy to successfully eradicate cyber crime will contribute to Government’s Delivery Agreement in that “ALL PEOPLE IN SOUTH AFRICA ARE AND FEEL SAFE” Imperative strategy meet international benchmarked standards and be inclusive of a multi stakeholder approach in its design, implementation and management
© Copyright – Institute for Security Studies – 26 January 2015
21
Ensure that cyber crime threat, from a law enforcement perspective, is adequately addressed, be inclusive, in addition to offences against and by means of computers, all offences where the supplementary role of computers by definition does not constitute cyber crime Reference to cyber crime would therefore be better described as information and communication technology related crime Cyber Crime Strategy Scope
Drawing a distinction between “true computer crime” and “computer connected crime”, as separate categories of crime, would assist law enforcement in addressing specific identified threats Evident that technology/crime/methodology are so interlinked, that it makes sense to adopt a wide, generic approach to investigating information and communication technology related crimes, collectively referred as cyber crime
© Copyright – Institute for Security Studies – 26 January 2015
22
Objective of the Strategy is to ensure that rule of law applies and legitimate rights are protected within the Information Communication Technology and online environment The desired strategic outcomes of the Strategy should include:
Cyber Crime Strategy Objective
To provide a comprehensive and coordinated national investigative response to incidents of cyber crime/ targeting identified cyber crime threats To contribute by collaborating with appropriate stakeholders to improve and develop specialist capabilities towards the provision of a safer and more secure cyber environment, that enhances trust and increase public confidence To maintain and further develop the legal framework and enforcement capabilities, resulting in the effective addressing and prosecution of cyber criminals
© Copyright – Institute for Security Studies – 26 January 2015
23
The National Cybercrime Policy aims to provide for measures to be implemented by Law Enforcement in order to effectively address the manifestation of cybercrime, which proposes: The establishment of a dedicated structure within the police Specialised investigative responses to incidents of cybercrime Cybercrime policy
The development of specialised combating, preventing and investigating capacities to address cybercrime The establishment of effective partnerships with various role players to address cybercrime
© Copyright – Institute for Security Studies – 26 January 2015
24
THANK YOU
© Copyright – Institute for Security Studies – 26 January 2015
25
Highlighting 3 crucial Cyber Security issues in SA
in y t i r g e t orce In f n e o t System ents s m a Prof Basie Von Solms n t i o r r i g v e t mic EnSecurity The I:nCenter e d a c A Director for Cyber
Academy for Computer Science and Software Engineering s University of Johannesburg von Solm ie s a B f Pro Toit Jaco du r M
[email protected]
StarIng point
‘South Africa has the third-‐highest prevalence of cybercrime in the world a;er Russia and China, with between 80% and 84% of residents having fallen vicCm to some form of cybercrime.’ h=p://www.wbsjournal.co.za/arFcles/combaFng-‐cybercrime-‐919.html
What must SA do to get off this list?
• There are many aspects which must receive a9enIon • We will consider 3 of these • Cyber securing SA's small companies • CreaIng Cyber Security experIse and capacity • Overseeing Cyber Security Governance in Government and in private companies.
Strategic and naIonal importance of • Cyber securing SA's small companies InternaIonally, cyber a9acks against small companies are increasing
‘Cybercriminals have picked their easiest prey: Small businesses.
… showed that small businesses conCnue to be the most vicCmized of all companies.’ hJp://money.cnn.com/2013/04/22/smallbusiness/small-‐business-‐cybercrime/
Strategic and naIonal importance of • Cyber securing SA's small companies
SA Government report in 2013
• small companies contribute on average 55% to SA’s overall GDP and 61% to employment. • 66% of such small companies have online websites and • 70% of these small companies acknowledge that business without a website would not be possible • small businesses are reported to be the largest growth area for cyber a=acks • 31% of all a=acks targeted small businesses, as SMMEs are less prepared to handle cyberrisks.
Department of CommunicaFons of the SA Government, ‘E-‐commerce, Cybercrime and Cybersecurity – Status, Gaps and the Road Ahead’
Strategic and naIonal importance of • Cyber securing SA's small companies
Priority 1
SA must urgently cyber secure its small companies
Strategic and naIonal importance of • CreaFng Cyber Security experFse and capacity
• ‘Parliamentary Select Commi=ee in the United Kingdom’s House of
Lords reported a global shortage of ” no less than two million cybersecurity professionals” by the year 2017’
h=p://www.networkworld.com/arFcle/2857305/cisco-‐subnet/cybersecurity-‐skills-‐shortage-‐panic-‐in-‐2015.html
• ‘the demand for cyber security experts is growing at 3.5 Fmes the pace of the overall IT job market, (and) at 12 Fmes the overall job market’ h=p://mobile.blogs.wsj.com/cio/2013/03/04/demand-‐for-‐cyber-‐security-‐jobs-‐is-‐soaring
Strategic and naIonal importance of • CreaFng Cyber Security experFse and capacity
• India : 50,000 cyber warriors
• ‘Cyber security skills in SA are definitely in short supply’ h=ps://www.wolfpackrisk.com/research/south-‐african-‐cyber-‐threat-‐barometer/
• MulF-‐disciplinary
Strategic and naIonal importance of • CreaFng Cyber Security experFse and capacity
Priority 2
SA must urgently create more cyber experFse
Strategic and naIonal importance of
• Oversee Cyber Security Governance in Government and in private companies
• ‘… ensuring the adequacy of a company’s cybersecurity measures needs to be a criFcal part of a board of director’s risk oversight responsibiliFes.’ h=p://www.sec.gov/News/Speech/Detail/Speech/1370542057946#.VLVf600cTIU, 2014
• ‘The board should ensure that an InformaFon Security Management System is developed and implemented.’ King 3 Report on Corporate Governance
• Parliamentary Oversight Commi=ee for Cyber Security
Strategic and naIonal importance of • Oversee Cyber Security Governance in Government and in private companies
Priority 3
SA must urgently ensure that Cyber Security gets conFnuous oversight a=enFon at the highest level – in Government (Cabinet) and In private industry (Board)
Summary Priority 1 SA must urgently cyber secure its small companies Priority 2 SA must urgently create more cyber experFse Priority 3 SA must urgently ensure that Cyber Security gets conFnuous oversight a=enFon at the highest level – in Government (Cabinet) and In private industry (Board)
Thanks
[email protected]
IS SOUTH AFRICA GEARED UP FOR NEW CYBERSPACE CHALLENGES? Transnational Threats and International Crime Division 26 January 2015
© Copyright – Institute for Security Studies – 26 January 2015