A cybersecurity governance framework for broadband expansion projects in the Western Cape

Abstract

In recent years, cybersecurity has emerged as a major concern for governments across the globe. Protection of computer systems, networks, information and software from cyberattacks and cybercrimes is the motivation behind the focus on cybersecurity. Cyberattacks and cybercrimes vary in complexity and nature, but usually are aimed at gaining access to sensitive information, modifying and potentially stealing it, leading to denial of access to and the destruction of network and system services in businesses, identity theft or personification and, in some cases, holding users to ransom. There is a worldwide drive to bridge the digital divide and to grant universal Internet access to citizens. The global push for universal access to the Internet has seen a growing dependence on various digital services and the mushrooming of a wide range of social networks. Consequently, this has seen the growth of a new range of threats called cyberthreats and witnessed the birth of cybercrimes and cyberattacks, which threaten governments, public and private institutions as well as individuals in communities. Having an effective and definite cybersecurity system is crucial and a necessity for every organisation. The aim of this study was to investigate cybersecurity governance in broadband expansion projects and to propose the development of a framework to administer cybersecurity in broadband expansion projects. This study includes a review of South Africa’s current cybersecurity policies and legislation relating to this topic. A sociotechnical research approach that explores the relevant standards of cybersecurity administration and user awareness at broadband expansion projects is assumed. The study employed the multiple case study strategy. Broadband expansion projects are a collective drive in South Africa, both in the private and public sector, with the goal of expanding broadband access to all citizens. For this reason, the multiple case study approach was employed as the researcher investigated both public and private broadband expansion projects. A qualitative model of enquiry was used. Data collection methods used in this research included semi-structured interviews, multiple case studies and a literature review.

The unit of analysis for the research was cybersecurity legislation in the selected broadband expansion projects. Selected personnel involved with cybersecurity on these broadband expansion projects of the selected cases were interviewed with their consent. The literature was surveyed and the data collected from various cases alluded to the fact that user engagement, awareness training and education are vital for cybersecurity. On the upside is the fact that legislation is already in place in South Africa, for example the Protection of Personal Information Act, the National Cybersecurity Policy Framework (NCPF) and the Cybercrimes Act 19 of 2020. However, all these are top level documents that do not provide reference for the broadband expansion projects. This being the case, an operational framework that informs appropriate cybersecurity practices in broadband expansion projects is recommended in the conclusion to this study. The framework seeks to address cybersecurity practices by considering network data and information security; user awareness and engagement; policies; and legislation. The result of the framework, if implemented, would be a broad preventative, investigative and corrective approach when organisations deal with cybersecurity.