A bill has been introduced in parliament to establish a Cyber Commissioner to take charge of and coordinate of the country’s cyber security.

The Democratic Alliance (DA) – South Africa’s official opposition party – introduced a bill to parliament to establish a Cyber Commissioner, to take charge of and coordinate of the country’s cyber security.

Amid a rise in high-profile hacks, the party also says there is an urgent need for improved protection of personal information, and it hopes to receive bipartisan support for the bill to strengthen South Africa’s cyber security protections.

The DA announced the introduction of the Cyber Commissioner Bill on Tuesday. Adv Glynnis Breytenbach, DA shadow minister of justice and constitutional development, said: “The urgent need for a dedicated Cyber Commissioner arises from the current inadequate protection of personal information by state departments.

“In today’s digital age, cyber technology has become vital to government operations. With the increasing reliance on technology, it is crucial to develop new strategies to safeguard data and protect the rights of citizens utilising these technologies.”

A notable issue with the proposed legislation is that it will require an amendment to the South Africa’s constitution to establish a new ‘Chapter 9’ institution. Chapter 9 of the constitution mandates the creation of institutions designed to protect and support democracy.

Adv Breytenbach, said: “When the Constitution was adopted, cyber security was not a significant threat. However, over the past few decades, cyber-attacks on state institutions have emerged as a serious concern, endangering both the functioning of the state and the security of its citizens’ information.

“South African state departments and critical infrastructure are currently insufficiently protected against cyber threats and lack the necessary tools to defend sensitive public information from breaches.”

The proposed legislation comes at a time when African countries are increasingly becoming focal points for cyber threats. The continent features prominently in the global top 100 for online threats, with Kenya ranked 35th, Nigeria 50th and South Africa 82nd, according to data from the Kaspersky Security Network.

In South Africa, several public and private institutions have been attacked in recent months.

The Postbank recently revealed losses of over R18 million in a three-month period, due to cyber-attacks. The institution was previously hit in October 2021, resulting in a loss of at least R90 million.

The Western Cape Provincial Parliament fell victim to a cyber-attack in May this year, rendering its ICT systems inaccessible.

In August 2022, the South African Reserve Bank experienced an attempted cyber-attack from a criminal syndicate.

Also, the Department of Justice and Correctional Services’ Guardians Fund suffered a breach, resulting in the theft of over R17 million and the suspension of beneficiary payments. 

The department, which houses the current steward of data protection – the Office of the Information Regulator, was recently the first organisation to be fined by the regulator for a Protection of Personal Information Act breach in 2021.

Adv Breytenbach said: “To address these pressing challenges, the Cyber Commissioner will play a crucial role in modernising the state’s cyber security capabilities and protecting personal information from interception and loss.

“The Cyber Commissioner’s powers will include establishing and maintaining cyber security capabilities across all state organs and entities dealing with public information, operating a cyber security hub for reporting, monitoring, and investigating incidents and threats, advising the defence force on cyber defence capabilities, and guiding institutions responsible for critical infrastructure regarding cyber security.

“Moreover, the Commissioner will promote, monitor, and evaluate compliance with cyber security capabilities and standards.”

Further, she said, to fulfil these responsibilities effectively, the Cyber Commissioner must be a fit and proper individual with specialised knowledge or suitable qualifications in cyber security and forensics.

“By establishing a Cyber Commissioner, we take a significant step towards achieving these goals and securing a stronger cyber security framework for our nation,” said Breytenbach.