Professor Elmarie Biermann (@EBiermann) is the Director and Founder of the Cyber Security Institute in South Africa. Completing a BSc, BSc Hons (cum laude) and an MSc at the North West University, led to her obtaining a PhD in Computer Security at the University of South Africa. She boasts experience in both the academic and private sectors and have an extensive list of research and technical publications on international forums. She is an acknowledged speaker and keynote at conferences, seminars and workshops and are regularly invited as a specialist panellist on cyber-crime, cyber warfare and cyber intelligence. She previously held an Adjunct Professorship at the French South African Institute of Technology in Cape Town to assist in growing Security as a research field in the Nano-satellite environment, and currently holds an Extraordinary Associate Professorship in the Department Military Strategy, Faculty of Military Sciences at the University of Stellenbosch.
Cyber Capacity Building in the Global South – a Critical Platform for leveraging Equity in the Cyber Norms Debate: A South African Case Study
For many in the Global South, the current international dialogues on cyber norms are far removed from the struggle of millions of peoples’ daily existences. In underdeveloped and under capacitated states, the cyber norms debate is shadowed by many other pressing and resource intensive challenges. The danger of this reality is that there are many countries which will be left behind in the norms debate, the outcomes of which will impact us all in the years to come.
The current Group of Global Experts on Cyber Norms has a strong contingent of countries from the Global South. Africa is represented here by 4 states, all of which are positioned at the top end of the continent’s ITU’s Cyber Security Index. Of these, South Africa would be expected to be the leading cyber power. However, despite its strong domestic ICT sector and national system of innovation, it lags behind these and other African states in terms of the ITU’s assessment.
This paradox between advanced digital capabilities existing within an unstructured national cyber environment make for an interesting case study and pose the question as to what the inhibiting factors are which constrain cyber governance and capacity development in South Africa? From a normative state level angle there are additional factors to consider, primarily how these impacts on the operationalisation of the 11 norms in GGE framework? What does this mean for developing states in terms of a willingness to commit to a normative framework which may be beyond their current technical reach? For example, norms such as responsible vulnerability disclosure and ensuring supply chain security are vital but to what extent can underdeveloped states give substance to these norms?
As Africa’s most advanced and open economy, South Africa is critically dependant on an ordered and normative global system. Yet, there are conflicting streams of opinion on the path forward in terms of national responses to cyber threats. Civil society organisations and the private sector appear to be on a somewhat divergent path to that of the State in terms of privacy debates, legislation, and the functioning of the national cyber security echo system. To a not insignificant degree some of the issues are reflective of a higher-level fragmentation taking place between states on an international level. For example, the somewhat ideological notion of a developing an entirely sovereign internet and software echo system appears to enjoy support despite it the obvious challenges.
South Africa’s insufficient impetus within the cyber governance and policy environment indicate that there is a disconnect between the importance of the entire digital environment and national responses to building the cyber security posture. The growth of an increasingly regulatory stance towards data, crypto currency and telecommunications dealings has resulted in a fractured and compliance driven national response to digital challenges rather than a solution driven approach.
This paper will examine South Africa’s cyber capacity building progress and technical foundations as essential elements in providing the platform for a national cyber resilience and informing the strategic cyber posture. The current constraints and drivers of cyber capability will be discussed alongside the requirement for a solid skills and innovation driven response to capability requirements.