Small-scale cybersecurity: Developing cybersecurity resilience within Provincial and Local Government

The South African government’s pursuit of widespread Internet access and the increasing use of and reliance on e-government services and the ubiquity of social networks, as well as the emergence of an Internet of Things (IoT) has given rise to exponential risks of cyberattacks. Additionally, the government is faced with the challenge of coordinating cybersecurity activities and data protection across the whole of government, which includes national, provincial and local government. The growing concern over the standard of cybersecurity of small organisations, provincial and local government highlights an imbalance in the way cybersecurity has been monopolised by national departments.

The continuous evolution of the cyberspace and the associated threats require a continuous adaptation in the approaches employed to build the resilient cyber defences on all levels of government. The different levels of government, especially the provincial and local government have to deal with different contexts as opposed to the national level. Lack of adequate cybersecurity measures at provincial and local levels may make it easy for attackers to gain a foothold on national critical information infrastructure given the interconnectivity of all these government levels.

The aim of this paper is to improve cyber resilience within the local government, to help reduce cyber risks and also build better cyber defence capabilities. This will be done through evaluating the National Cybersecurity Policy Framework and any other cybersecurity related policy or regulation against how the local governments are governed. Additionally, the aim of the paper is to understand the different cybersecurity drivers within the local government and to also determine the possible challenges faced by this government level when it comes to the implementation of resilient cybersecurity measures.

Shingange and Masombuka