Protecting Critical Databases – Towards a Risk Based Assessment of Critical Information Infrastructures (CIIS) in South Africa
DOI:
https://doi.org/10.17159/1727-3781/2013/v16i1a2318Keywords:
Critical databases, critical information infrastructures, national security, social and economic well-beingAbstract
South Africa has made great strides towards protecting critical information infrastructures (CIIs). For example, South Africa recognises the significance of safeguarding places or areas that are essential to the national security of South Africa or the economic and social well-being of South African citizens. For this reason South Africa has established mechanisms to assist in preserving the integrity and security of CIIs. The measures provide inter alia for the identification of CIIs; the registration of the full names, address and contact details of the CII administrators (the persons who manage CIIs); the identification of the location(s) of CIIs or their component parts; and the outlining of the general descriptions of information or data stored in CIIs.
It is argued that the measures to protect CIIs in South Africa are inadequate. In particular, the measures rely on a one-size-fits-all approach to identify and classify CIIs. For this reason the South African measures are likely to lead to the adoption of a paradigm that considers every infrastructure, data or database, regardless of its significance or importance, to be key or critical.
Downloads
References
Bibliography
Afzal, Rohaniand and Roshana 2011 ISBEIA
Afzal AZ, Rohaniand EI and Roshana T "Contractor’s strategic approaches to risk assessment techniques at project planning stage" 2011 ISBEIA 318-323
Anderson et al 2005 IEEE Transactions on Power Systems
Anderson G et al "Causes of the 2003 Major Grid Blackout in North America and Europe, and Recommended Means to Improve System Dynamic Performance" 2005 IEEE Transactions on Power Systems 1922-1928
Anderson Information Infrastructure
Anderson RH Securing the US Defense Information Infrastructure: A Proposed Approach (RAND Washington 1999)
Baocun and Fei "Information Warfare"
Baocun W and Fei L "Information Warfare" in Pillsbury M (ed) Chinese View of Future Warfare (National Defence University Washington 1997) 327-342
Bendisch et al "Towards a European Agenda"
Bendisch U et al "Towards a European Agenda for CIIP - Results from the CI2 RCO Project" in Lopez J and Hämmerli BM (eds) CRITIS 2007: Second International Workshop on Critical Information Infrastructures Security (Springer Berlin 2008) 1-12
Bolzoni and Etalle "Approaches in Anomaly-based Network Intrusion Detection Systems"
Bolzoni D and Etalle S "Approaches in Anomaly-based Network Intrusion Detection Systems" in Di Pietro R and Mancini LV (eds) Advances in Information Security: Intrusion Detection Systems (Springer Verlag London 2008) 1-15
Botma et al Navigating Information Literacy
Botma T et al Navigating Information Literacy: Your Information Society Survival Toolkit 2nd ed (Pearson Cape Town 2008)
Bowling, Marks and Murphy "Crime Control Technologies"
Bowling B, Marks A and Murphy C "Crime Control Technologies – Towards an Analytical Framework and Research Agenda" in Brownword R and Yeung K (eds) Regulating Technologies: Legal Futures, Regulatory Frames and Technological Fixes (Hart Oxford 2008) 51-78
Brazzoli "Future Prospects of Information Warfare"
Brazzoli MS "Future Prospects of Information Warfare and Particularly Psychological Operations" in Le Roux L (ed) South African Army Vision 2020: Security Challenges Shaping the Future South African Army (Institute for Security Studies Pretoria 2007) 217-232
Carcano et al "State-based Network Intrusion Detection Systems"
Carcano A et al "State-based Network Intrusion Detection Systems for SCADA Protocols - A Proof of Concept" in Rome E and Bloomfield B (eds) Critical Information Infrastructures Security: CRITIS 2009 (Springer Verlag Berlin 2010) 138-150
Chandrasekhar "Living with Disasters"
Chandrasekhar D "Living with Disasters – A Planning Approach to Critical Incidents" in Schwester RW (ed) Handbook of Critical Incident Analysis (Sharpe New York 2012) 186-200
Conant and Ashby 1970 Int J Syst Sci
Conant RC and Ashby WR "Every Good Regulator of a System Must be a Model of That System" 1970 Int J Syst Sci 89-97
Deuchars International Political Economy
Deuchars R The International Political Economy of Risk: Rationalism, Calculation and Power (Ashgate Aldershot 2004)
Durrani Information and Liberation
Durrani S Information and Liberation: Writings on the Politics of Information and Librarianship (Library Justice Duluth 2008)
Granova and Eloff 2005 Computer Fraud and Security
Granova and Eloff "A Legal Overview of Phishing" 2005 Computer Fraud and Security 6-11
Griffiths, O’Callaghan and Roach Internal Relations
Griffiths M, O’Callaghan T and Roach SC Internal Relations: The Key Concepts 2nd ed (Routledge London 2008)
Kapoor Computerised Banking
Kapoor N Computerised Banking System in India (Sublime Jaipur 2008)
Katyal 2001 U Pa L Rev
Katyal NK "Criminal Law in Cyberspace" 2001 U Pa L Rev 1003-1114
Lessig 1995 Yale L J
Lessig L "The Path of Cyberlaw" 1995 Yale L J 1743-1755
Lessig Code and Other Laws of Cyberspace
Lessig L Code and Other Laws of Cyberspace (Basic Books New York 1999)
Milone 2002 Business Lawyer
Milone MG "Hacktivism - Securing the National Infrastructure" 2002 Business Lawyer 383-413
Morgan and Yeung Law and Regulation
Morgan B and Yeung K An Introduction to Law and Regulation: Text and Materials (Cambridge University Press Cambridge 2007)
Myers "Introduction to Phishing"
Myers S "Introduction to Phishing" in Jakobsson M and Myers S (eds) Phishing and Counter-Measures: Understanding the Increasing Problem of Electronic Identity Theft (Wiley Hoboken 2007) 1-30
Nickolov 2005 Information & Security
Nickolov E "Critical Information Infrastructure Protection - Analysis, Evaluation and Expectations" 2005 Information & Security 105-119
Okhravi et al 2012 IJCIP
Okhravi H et al "Creating a Cyber Moving Target for Critical Infrastructure Applications Using Platform Diversity" 2012 IJCIP 30-39
Rittinghouse and Hancock Cybersecurity Operations
Rittinghouse JW and Hancock WM Cybersecurity Operations Handbook (Elsevier Amsterdam 2003)
Sieber "Emergence of Information Law"
Sieber U "The Emergence of Information Law - Object and Characteristics of a New Legal Order" in Lederman E and Shapira R (eds) Law, Information and Information Technology (Kluwer The Hague 2001) 1-30
Somsen "Cloning Trojan Horses"
Somsen H "Cloning Trojan Horses – Precautionary Regulation of Reproductive Technologies" in Brownword R and Yeung K (eds) Regulating Technologies: Legal Futures, Regulatory Frames and Technological Fixes (Hart Oxford 2008) 221-242
Spedding Due Diligence
Spedding LS Due Diligence and Corporate Governance (LexisNexis Coydon 2004)
Spencer Internal Auditing Handbook
Spencer PKH The Internal Auditing Handbook 3rd ed (John Wiley Chichester 2010)
Taylor SQL for Dummies
Taylor AG SQL for Dummies 7th ed (Wiley Hoboken 2010)
Taylor "Hacktivism"
Taylor PA "Hacktivism - In Search of Lost Ethics?" in Wall D (ed) Crime and the Internet (Routledge New York 2001)
Van Niekerk and Maharaj 2011 South African Journal of Military Studies
Van Niekerk B and Maharaj MS "Relevance of Information Warfare Models to Critical Infrastructure Protection" 2011 South African Journal of Military Studies 52-75
Von Solms "Critical Information Infrastructure Protection"
Von Solms B "Critical Information Infrastructure Protection – Essential During War Times, or Peace Times or Both?" in Phahlamohlaka J et al (eds) IFIP TC9 Proceedings on ICT Uses in Warfare and the Safeguarding of Peace (CSIR Pretoria 2008) 36-40
Von Solms "Securing the Internet"
Von Solms B "Securing the Internet - Fact or Fiction?" in Camenisch J, Kisimov V and Dubovitsknya M (eds) Open Research Problems in Network Security (Springer Verlag Heidelberg 2011) 1-8
Vrijling et al 2004 Journal of Risk Research
Vrijling JK et al "A Framework for Risk Criteria for Critical Infrastructures – Fundamentals and Case Studies in Netherlands" 2004 Journal of Risk Research 569-579
Webster Theories
Webster F Theories of the Information Society (Routledge London 2006)
West "Preventing System Intrusions"
West M "Preventing System Intrusions" in Vacca JR (ed) Computer and Information Security Handbook (Morgan Kaufmann Amsterdam 2009) 39-51
Register of cases
Columbus Joint Venture v Absa Bank Ltd 2002 1 All SA 105 (SCA)
Energy Measurements (Pty) Ltd v First National Bank of South Africa 2000 2
All SA 396 (W)
Indac Electronics (Pty) Ltd v Volkskas Bank Ltd 1992 1 All SA 411 (A)
LIoyds Bank Ltd v The Chartered Bank of India, Australia and China 1928 All ER Rep 285
United States v Morris 928 F2N 504 (2nd Circuit Court 1991)
United States v Robert J Riggs 739 FSupp 414 (North District of Illinois 1990)
Register of legislation
Computer Fraud and Abuse Act, 1986
Cyber Security Enhancement Act, 2002
Cyber Security Research and Development Act, 2002
Defence Act 42 of 2002
Electronic Communications and Transactions Act 25 of 2002
Electronic Communications Security Pty (Ltd) Act 68 of 2002
Financial Intelligence Centre Act 38 of 2001
National Key Points Act 102 of 1980
National Strategic Intelligence Act 39 of 1994
Protection of Personal Information Bill, 1998
Uniting and Strengthening America by Providing Appropriate Tools Required to Intercepting and Obstructing Terrorism Act, 2001
Register of government publications
GN 118 GG 32963 of 19 February 2010
Procl R1 in GG 21951 of 1 January 2001
Procl R118 in GG 32962 of 19 February 2010
Register of international conventions
Council of Europe’s Convention on Cybercrime (2001)
Council of the European Union Framework Decision on Attacks against Information Systems (2005)
Register of internet sources
Brown, Bryan and Conley 1999 http://bit.ly/16rT8h8
Brown, Bryan and Conley "Database Protection in a Digital World" 1999 Richmond Journal of Law and Technology http://bit.ly/16rT8h8 [date of use 13 Jul 2012]
Commission of the European Communities 2006 http://bit.ly/Z497fe
Commission of the European Communities 2006 Proposal for a Directive of the of the Council Identification and Designation of European Critical Infrastructure and the Assessment of the Need to Improve Their Protection http://bit.ly/Z497fe [date of use 13 Jul 2012]
Council of the European Union and Commission of the European Communities 2000 http://bit.ly/YZQlMX
Council of the European Union and Commission of the European Communities 2000 E-Europe 2002 – An Information Society for All http://bit.ly/YZQlMX [date of use 13 Jan 2012]
Cukier 2005 http://bit.ly/179q6UO
Cukier K 2005 Critical Information Infrastructure Protection – Ensuring (and Insuring?) Critical Information Infrastructure Protection http://bit.ly/179q6UO [date of use 13 May 2012]
Denning 2000 http://bit.ly/16rUw3i
Denning DE 2000 Cyberterrorism Testimony before the Special Oversight Panel of Terrorism http://bit.ly/16rUw3i [date of use 14 Jan 2012]
Fikle and Rothacker 2012 http://reut.rs/179qwdK
Fikle J and Rothacker R 2012 Iranian Hackers Target Bank of America, JPMorgan, Citi http://reut.rs/179qwdK [date of use 12 Nov 2012]
Francis 2012 http://abcn.ws/ZwFUJH
Francis E 2012 Hackers, Possibly from Middle East, Block US Banks' Websites http://abcn.ws/ZwFUJH [date of use 12 Nov 2012]
G8 2003 http://bit.ly/128xThV
G8 Justice and Interior Ministers 2003 G8 Principles for Protecting Critical Information Infrastructures http://bit.ly/128xThV [date of use 15 Jul 2012]
ICS-CERT 2009-2011 http://1.usa.gov/16fCWxp
ICS-CERT 2009-2011 ICS-CERT Incidence Response Summary Report http://1.usa.gov/16fCWxp [date of use 13 Oct 2012]
Macaulay 2009 http://bit.ly/14AqrQM
Macaulay T 2009 US Critical Infrastructure Interdependency Wheel (CIIW) – Executive Summary http://bit.ly/14AqrQM [date of use 13 Jun 2012]
Marsh 1997 http://bit.ly/Z4cWkx
Marsh RT 1997 Critical Foundations – Protecting America’s Infrastructures http://bit.ly/Z4cWkx [date of use 13 Mar 2012]
McAfee Date unknown http://bit.ly/11d0cwJ
McAfee Date unknown White Paper on Identity Theft http://bit.ly/11d0cwJ [date of use 11 Jul 2011]
OECD 2002 http://bit.ly/14Ar0tG
OECD 2002 Guidelines for the Security of Information Systems and Networks – Towards a Culture of Security http://bit.ly/14Ar0tG [date of use 18 Mar 2012]
OECD 2008 http://bit.ly/11cZ1xh
OECD 2008 Recommendations of the Council on the Protection of Critical Information Infrastructures http://bit.ly/11cZ1xh [date of use 16 Mar 2012]
Perlroth 2012 http://nyti.ms/13M0EWG
Perlroth N 2012 Cyberattack on Saudi Firm, US Sees Iran Firing Back http://nyti.ms/13M0EWG [date of use 12 Nov 2012]
Scarfone and Mell 2007 http://1.usa.gov/ZwIkbb
Scarfone K and Mell P 2007 Guide to Intrusion Detection and Prevention Systems: Recommendations of the National Institute of Standards and Technology http://1.usa.gov/ZwIkbb [date of use 12 May 2012]
US-Canada Power System Outage Task Force 2004 http://1.usa.gov/10t19NH
US-Canada Power System Outage Task Force 2004 Final Report on the August 14 2003 Blackout in the United States and Canada – Causes and Recommendations http://1.usa.gov/10t19NH [date of use 11 Nov 2012]
US Department of Energy 2012 http://1.usa.gov/XmvVwl
US Department of Energy 2012 Special Report – Inquiry into the Security Breach at the National Nuclear Security Administration’s Y-12 National Security Complex http://1.usa.gov/XmvVwl [date of use 14 Nov 2012]
VandenBrink 2011 http://bit.ly/Yr6ok9
VandenBrink R 2011 8 Years Since the Eastern Seaboard Blackout – Has It Been Long? http://bit.ly/Yr6ok9 [date of use 6 Oct 2012]
Published
Issue
Section
License
Copyright (c) 2017 Mzukisi Niven Njotini
This work is licensed under a Creative Commons Attribution 4.0 International License.
.png){kind=spacer}