IS SOUTH AFRICA GEARED UP FOR NEW CYBERSPACE CHALLENGES? Transnational Threats and International Crime Division 26 January 2015

© Copyright – Institute for Security Studies – 26 January 2015

    Governing  the  virtual     New  Challenges  in  Cyber  Space   Twi9er  |@NLinSouthAfrica    |@rosenthal_uri                                |#GCCS2015   www  |www.dutchembassy.co.za  |www.gccs2015.com  

Brig Piet Pieterse Section Head: Electronic Crime Unit (ECU) Commercial Crime Directorate for Priority Crime Investigation South African Police Service [email protected] 3

© Copyright – Institute for Security Studies – 26 January 2015 © Copyright – Institute for Security Studies – 26 January 2015

A SOUTH AFRICAN PERSPECTIVE

“…Directorate for Priority Crimes Investigation (DPCI) is one of the key investigative organs in the SAPS that require the necessary capacity and expertise in order to give full effect to its mandate…This Directorate represents a specialised investigative capacity within the SAPS whose focus is on crimes that are a national priority such as serious economic crime, with a KEY CONSIDERATION being the COMBATING OF CYBER CRIME…”

4

© Copyright – Institute for Security Studies – 26 January 2015 © Copyright – Institute for Security Studies – 26 January 2015

§ Develop and implement strategies decided by Cabinet § Justice, Crime Prevention and Security (JCPS) Cluster has developed, as part of its mandate and obligations under Outcome Three/Output Seven, a National Cyber-security Policy Framework (NCPF) § NCPF seeks measures to address national security threats in terms of cyberspace to promote the combating of cyber crime to build confidence and trust in the secure use of Information and Communication Technology (ICT) develop, review and update substantive and procedural laws to ensure alignment § NCPF is intended to provide a holistic approach and will be supported by a National Cyber-security Implementation Plan © Copyright – Institute for Security Studies – 26 January 2015

5

§ JCPS, working in consultation with other Government Departments, will oversee the realization of the implementation plan, with the aim of ensuring a centralized approach in coordinating cyber security § JCPS Cyber-security Response Committee, chaired by State Security Agency (SSA), has been established to ensure the implementation of Output Seven, further be supported by a Cyber Security Centre (CSC) § CSC coordinates all cyber security matters pertaining to national security, inclusive of cyber crime § Within proposed conceptual framework of the CSC the creation of a SA Police Service Cyber Centre is envisaged § In terms of NCPF an approved Cyber Crime Strategy needs to be presented by the SA Police Service, as the lead Department © Copyright – Institute for Security Studies – 26 January 2015

6

§ “Traditional investigative methodology” approach in addressing cyber crime threat, does not effectively address the business systems in relation to cyber crime § Upsurge in cyber crime within the financial environment poses a threat to South Africa’s democracy/economy § Imperative that strategies be developed in order to successfully eradicate cyber crime within South Africa § Greater use of encryption and access protection poses a growing challenge of extracting evidence from computers § Reluctance of victims to report offences-many victims are unaware that their computers had been compromised § Strategies/measures against cyber crime would have to follow a criminal justice rationale, linked to broader crime prevention and criminal justice policies, aimed at contributing to the rule of law/the promotion of human rights © Copyright – Institute for Security Studies – 26 January 2015

7

What is the extent and impact of the cyber crime phenomenon manifestation within South Africa, with specific reference to the impact on financial (banking) related cyber crime fraud? What is the extent to which the South African Police Service (SAPS) in general, and more specifically the Directorate for Priority Crime Investigation (DPCI), can effectively address the identified cyber crime phenomenon? How can the cyber crime priority threat- and risk assessment process be identified and defined, in order to establish the criminal business enterprise? What strategies, action plans and operational initiatives should be developed, together with identified stakeholders, to effectively address the identified criminal business enterprise, from a combating/preventative/investigative/prosecutorial perspective? © Copyright – Institute for Security Studies – 26 January 2015

8

Commercial crime increasingly show unique transnational organised crime characteristics Cyber crime/electronic related crime equally present similar international trends

South African experience

Cyber crime clearly reflect elements of transnational organised crime and has evolved in a sophisticated crime phenomenon, with specific reference to cyber related fraud scams

© Copyright – Institute for Security Studies – 26 January 2015

9

Strategic outcome in successfully eradicating cyber crime could certainly be entrenched in the knowledge that destroying computer generated information turns out to be surprisingly difficult Fossilization of deleted information means that a forensic footprint could well exist

Lessons learned

There is a positive aspect to the increasing use of technology by criminals in that the involvement of computers in crime has resulted in an abundance of digital evidence that can be used to apprehend and prosecute offenders Cyber crime is generally transnational in nature Difficult/time-consuming to secure evidence Despite expensive security measures, criminals will counter it successfully

© Copyright – Institute for Security Studies – 26 January 2015

10

Corruption of corporate and state employees Sophisticated techniques employed by criminals Difficult, time-consuming to understand crime threat (Faceless problem) The approach of “follow the money” not always guarantee success and it is time consuming Lessons learned

Cyber crooks often use known criminals to receive the proceeds of crime Difficult to identify and successfully prosecute cyber criminals International cooperation MLA/Communication with International role player on informal basis Hand-in-glove approach with prosecution most effective method Attempts at investigation involving computers often fail because of mistakes made at a very early stage essential digital evidence is ignored/destroyed/compromised/inappropriately handled

© Copyright – Institute for Security Studies – 26 January 2015

11

Council of Europe’s Cyber Crime Convention enhances: §  Mutual Legal Assistance (MLA) §  comprehensive powers to expedite preservation of stored computer data and partial disclosure of traffic data §  make production orders §  search computer systems §  seize stored computer data §  enable real-time collection of traffic data §  intercept the content of questionable electronic data © Copyright – Institute for Security Studies – 26 January 2015

12

Project driven/major investigations Stakeholder partnership Investigative strategy

Operational best practices

Prosecutorial strategy Focus on Asset Forfeiture/Revenue Value chain analyses Strategic Intervention Strategy Focus on IMPACT with regard to crime threat/phenomenon

© Copyright – Institute for Security Studies – 26 January 2015

13

Council of Europe’s Convention on Cyber Crime proved a sound basis for essential cross border law enforcement cooperation required to combat cyber crime Serve as a purpose built mechanism on which countries can fashion own domestic legislation and enhance international cooperation in relation to cyber crime SA signed Convention on Cyber Crime- not ratified SA has laws dealing with cyber crime, not in one framework, Electronic Communications & Transactions (ECT) Act fail to recognize seriousness of cyber offences

© Copyright – Institute for Security Studies – 26 January 2015

14

Establishment of US/SA Cyber Working Group: §  Identified areas of mutual interest §  Strengthening opportunities for cooperation §  Focus on technical assistance/capacity building/training/ sharing of best practices §  Foreseen future meetings will include private sector/civil society stakeholders

© Copyright – Institute for Security Studies – 26 January 2015

15

Procedural Law: Criminal investigations/prosecutions in South Africa undertaken in terms of Criminal Procedure Act (CPA), 1977 CPA probably needs to be amended to fully accommodate implications of Information Technology South African criminal law offers a variety of common-law and statutory offenses, which could be applied to prosecute offenders of cyber crime Most significant legislation in South Africa is undoubtedly ELECTRONIC COMMUNICATIONS AND TRANSACTIONS (ECT) ACT, 2002 Need to ensure legislative framework is addressed in accordance with International legislation

© Copyright – Institute for Security Studies – 26 January 2015

16

Electronic Communications and Transactions (ECT) Act (25/2002) objectives: To provide for facilitation/regulation of electronic communications/transactions To provide for development of a national e-strategy To promote universal access to electronic communications/transactions To prevent abuse of information systems To encourage use of e-government services

© Copyright – Institute for Security Studies – 26 January 2015

17

§  To contribute to the eradication of the cyber crime phenomenon by detecting and successfully prosecuting cyber perpetrators

§  To provide a national investigative response to the most serious incidents of cyber crime

§  To collaborate with appropriate stakeholders in order to improve and develop specialist capabilities, thereby providing a safer and more secure cyber environment that enhance trust and increase public confidence

© Copyright – Institute for Security Studies – 26 January 2015

18

Digital evidence will in future form part of most crime scenes, yet there is still widespread ignorance amongst law enforcement officials in the gathering of digital evidence (standard operating procedures-SOP’s) There is a need for cyber crime investigators to address cyber related investigations and be exposed to testimony in the criminal courts Urgent need for more trained experts to analyse and to testify about digital evidence Digital evidence often highly volatile and easily compromised by poor handling. The chances of success in litigation or successful criminal prosecution by law enforcement agencies depend heavily on the availability of prima facie evidence

© Copyright – Institute for Security Studies – 26 January 2015

19

Law enforcement is increasingly turning to proactive investigations where undercover agents seek out the individuals who are already engaging in computer crimes — attempting to record, in real-time, computer criminals while they are involved in the criminal act. The proactive approach bypasses some of the investigatory hurdles of anonymity, lack of records, and under-reporting inherent in computer cases. It also has the added benefit of potentially stopping the criminal before the damage is done. In order to do pro-active investigations you need a task team who is 24/7 available to be operational From a training perspective it is time for a UNIFORM SOUTH AFRICAN VERSION OF A DIGITAL PRACTICE FIELD GUIDE (Standard Operating Procedure) that would enable all Law Enforcement officials to: §  §  § 

© Copyright – Institute for Security Studies – 26 January 2015

search, seize, secure (acquisition) and protect the evidential integrity of digital evidence (data storage devices) 20

Vulnerabilities in relation to SA criminal justice system/rule of law/ unique SA cyber security landscape identified as contributing inhibiting factors in successfully addressing cyber crime threat Successful criminal prosecution by law enforcement agencies/ prosecuting authorities depend essentially on the availability of prima facie admissible evidence Way forward

Develop a strategy to successfully eradicate cyber crime will contribute to Government’s Delivery Agreement in that “ALL PEOPLE IN SOUTH AFRICA ARE AND FEEL SAFE” Imperative strategy meet international benchmarked standards and be inclusive of a multi stakeholder approach in its design, implementation and management

© Copyright – Institute for Security Studies – 26 January 2015

21

Ensure that cyber crime threat, from a law enforcement perspective, is adequately addressed, be inclusive, in addition to offences against and by means of computers, all offences where the supplementary role of computers by definition does not constitute cyber crime Reference to cyber crime would therefore be better described as information and communication technology related crime Cyber Crime Strategy Scope

Drawing a distinction between “true computer crime” and “computer connected crime”, as separate categories of crime, would assist law enforcement in addressing specific identified threats Evident that technology/crime/methodology are so interlinked, that it makes sense to adopt a wide, generic approach to investigating information and communication technology related crimes, collectively referred as cyber crime

© Copyright – Institute for Security Studies – 26 January 2015

22

Objective of the Strategy is to ensure that rule of law applies and legitimate rights are protected within the Information Communication Technology and online environment The desired strategic outcomes of the Strategy should include:

Cyber Crime Strategy Objective

To provide a comprehensive and coordinated national investigative response to incidents of cyber crime/ targeting identified cyber crime threats To contribute by collaborating with appropriate stakeholders to improve and develop specialist capabilities towards the provision of a safer and more secure cyber environment, that enhances trust and increase public confidence To maintain and further develop the legal framework and enforcement capabilities, resulting in the effective addressing and prosecution of cyber criminals

© Copyright – Institute for Security Studies – 26 January 2015

23

The National Cybercrime Policy aims to provide for measures to be implemented by Law Enforcement in order to effectively address the manifestation of cybercrime, which proposes: The establishment of a dedicated structure within the police Specialised investigative responses to incidents of cybercrime Cybercrime policy

The development of specialised combating, preventing and investigating capacities to address cybercrime The establishment of effective partnerships with various role players to address cybercrime

© Copyright – Institute for Security Studies – 26 January 2015

24

THANK YOU

© Copyright – Institute for Security Studies – 26 January 2015

25

Highlighting 3 crucial Cyber Security issues in SA

in             y t i r g e t orce  In f n e   o t   System ents     s m a Prof Basie Von Solms n t i o r r i g v e t mic  EnSecurity The  I:nCenter e d a c A   Director for Cyber                

 

Academy for Computer Science and Software Engineering s   University of Johannesburg von  Solm   ie s a B   f Pro Toit    Jaco  du   r M [email protected]  

StarIng  point      

‘South  Africa  has  the  third-­‐highest  prevalence      of  cybercrime  in  the  world  a;er  Russia  and  China,  with     between  80%  and  84%  of  residents  having  fallen  vicCm  to     some  form  of  cybercrime.’     h=p://www.wbsjournal.co.za/arFcles/combaFng-­‐cybercrime-­‐919.html  

What  must  SA  do  to  get  off  this  list?    

•  There  are  many  aspects  which  must  receive  a9enIon     •  We  will  consider  3  of  these   •  Cyber  securing  SA's  small  companies   •  CreaIng  Cyber  Security  experIse  and  capacity   •  Overseeing  Cyber  Security  Governance  in                Government  and  in  private  companies.  

 

Strategic  and  naIonal  importance  of     •  Cyber  securing  SA's  small  companies   InternaIonally,  cyber  a9acks  against  small  companies     are  increasing  

‘Cybercriminals  have  picked  their  easiest  prey:  Small  businesses.  

…  showed  that  small  businesses  conCnue  to  be  the  most  vicCmized            of  all  companies.’     hJp://money.cnn.com/2013/04/22/smallbusiness/small-­‐business-­‐cybercrime/  

 

 

Strategic  and  naIonal  importance  of     •  Cyber  securing  SA's  small  companies  

SA  Government  report  in  2013  

  •  small  companies  contribute  on  average  55%  to  SA’s  overall  GDP  and  61%  to   employment.   •  66%  of  such  small  companies    have  online  websites  and       •  70%  of  these  small  companies  acknowledge  that  business  without  a  website   would  not  be  possible   •  small    businesses  are  reported  to  be  the  largest  growth  area  for  cyber  a=acks   •  31%  of  all  a=acks  targeted  small  businesses,  as  SMMEs  are  less  prepared  to   handle  cyberrisks.      

Department  of  CommunicaFons  of  the  SA  Government,  ‘E-­‐commerce,  Cybercrime  and  Cybersecurity  –  Status,  Gaps  and  the   Road  Ahead’  

     

 

Strategic  and  naIonal  importance  of     •  Cyber  securing  SA's  small  companies  

Priority  1      

SA  must  urgently  cyber  secure  its  small  companies  

 

Strategic  and  naIonal  importance  of     •  CreaFng  Cyber  Security  experFse  and  capacity  

•  ‘Parliamentary  Select  Commi=ee  in  the  United  Kingdom’s  House  of  

Lords  reported  a  global  shortage  of  ”  no  less  than  two  million   cybersecurity  professionals”  by  the  year  2017’  

               h=p://www.networkworld.com/arFcle/2857305/cisco-­‐subnet/cybersecurity-­‐skills-­‐shortage-­‐panic-­‐in-­‐2015.html  

 

•  ‘the  demand  for  cyber  security  experts  is  growing  at  3.5  Fmes  the  pace   of  the  overall  IT  job  market,  (and)  at  12  Fmes  the  overall  job  market’                  h=p://mobile.blogs.wsj.com/cio/2013/03/04/demand-­‐for-­‐cyber-­‐security-­‐jobs-­‐is-­‐soaring    

     

 

             Strategic  and  naIonal  importance  of     •  CreaFng  Cyber  Security  experFse  and  capacity  

•  India  :  50,000  cyber  warriors    

•  ‘Cyber  security  skills  in  SA  are  definitely  in  short  supply’                      h=ps://www.wolfpackrisk.com/research/south-­‐african-­‐cyber-­‐threat-­‐barometer/  

    •  MulF-­‐disciplinary  

 

             Strategic  and  naIonal  importance  of     •  CreaFng  Cyber  Security  experFse  and  capacity  

Priority  2      

SA  must  urgently  create  more  cyber  experFse    

 

             Strategic  and  naIonal  importance  of  

•  Oversee  Cyber  Security  Governance  in                Government  and  in  private  companies  

•  ‘…  ensuring  the  adequacy  of  a  company’s  cybersecurity  measures  needs   to  be  a  criFcal  part  of  a  board  of  director’s  risk  oversight  responsibiliFes.’                      h=p://www.sec.gov/News/Speech/Detail/Speech/1370542057946#.VLVf600cTIU,  2014    

•  ‘The  board  should  ensure  that  an  InformaFon  Security  Management   System  is  developed  and  implemented.’                King  3  Report  on  Corporate  Governance    

•  Parliamentary  Oversight  Commi=ee  for  Cyber  Security    

 

             Strategic  and  naIonal  importance  of   •  Oversee  Cyber  Security  Governance  in                Government  and  in  private  companies  

Priority  3      

SA  must  urgently  ensure  that  Cyber  Security  gets   conFnuous  oversight  a=enFon  at  the  highest  level  –     in  Government  (Cabinet)  and  In  private  industry  (Board)  

Summary   Priority  1   SA  must  urgently  cyber  secure  its  small  companies   Priority  2   SA  must  urgently  create  more  cyber  experFse     Priority  3   SA  must  urgently  ensure  that  Cyber  Security  gets   conFnuous  oversight  a=enFon  at  the  highest    level  –     in  Government  (Cabinet)  and  In  private  industry  (Board)  

Thanks   [email protected]  

IS SOUTH AFRICA GEARED UP FOR NEW CYBERSPACE CHALLENGES? Transnational Threats and International Crime Division 26 January 2015

© Copyright – Institute for Security Studies – 26 January 2015