Figure 18 serves to orient the Reader, and shows that this section will be used to discuss the NCMF Mandates. The five Mandates identified by NATO, and displayed in
Figure 18 are:
• Military cyber • Counter cybercrime
• Intelligence and counter-intelligence
• Critical information infrastructure protection (CIIP) and national crisis management • Cyber diplomacy and internet governance
A mandate is a formal order, or provides someone with the authority to do something, or to behave in a certain way [87]. In the context of the NCMF, the mandate gives the NCMF the authority to act in a specific way during the nation’s cybersecurity effort. It also influences the selection and prioritisation of national cybersecurity functions. NATO [1], identified five mandates and these are military cyber, counter cybercrime, intelligence and counter-intelligence, critical information infrastructure protection (CIIP), national crisis management and cyber diplomacy and internet governance.
A National Cybersecurity Management Framework for Developing Countries
80 Figure 18: Section 3.6 Orientation - Mandates
The NCMF can operate in one, many, or all mandates, and each mandate is the responsibility of a Government department, or one Government department could be responsible for more than one mandate. One or more of the cybersecurity mandates need to be selected for the NCMF. The purpose of the national cybersecurity mandates is to:
• Provide input into the selection and prioritisation of cybersecurity functions. As an example, if a nation selects the military cyber mandate, then actors and functions supporting the mandate will receive priority for implementation.
• Assist nation states to identify responsible actors. Different mandates require different actors. The five mandates, as taken from NATO [1], and adapted for the South African context, are introduced next.
3.8.1 Mandate 1: Military cyber
This mandate forms part of the offensive domain, and as discussed, our focus is on the defensive domain. The military cyber mandate is thus not discussed in detail. This military cyber mandate consists of five services and these are [1]:
• Protection of South African defence networks. • Establishing a cyber warfare capability.
81
The NCMF Level 1
• Development of a network-centric warfare capability (sensor to shooter, or intelligent logistics). • Battlefield or tactical cyber warfare, and,
• Strategic cyber-warfare.
In-South Africa, the military cyber mandate is executed by cybersecurity functions and services offered from the DOD Cyber Command, as prescribed by the NCPF [6] and the Cybercrimes and Cybersecurity Bill [34].
3.8.2 Mandate 2: Counter cybercrime
Cybercrime happens when criminals exploit the anonymity and speed of the internet to commit crimes across borders. This mandate covers cyberterrorism, theft of identity, and theft of intellectual property. Cybercrime is one of the fastest growing areas of crime globally. The World Economic Forum (WEF) estimates the cost of cybercrime at $445 billion per annum [88]. Interpol distinguishes between two main categories of cybercrime [89].
The first category is advanced cybercrime. This category describes sophisticated attacks against computer systems. The second category is cyber-enabled crime. This is where a traditional crime is enabled by cyber. Examples include crimes against children, terrorism, and financial crime. Since there are no jurisdictional restrictions or boundaries where it concerns cybercrime, collaboration and cooperation between nations is essential. From a South African perspective, this mandate is performed by national cybersecurity functions offered from the SAPS Cybercrime Centre, as mandated by the NCPF [6] and the Cybercrimes and Cybersecurity Bill [34]. The Counter Cybercrime mandate resides in the defensive domain.
3.8.3 Mandate 3: Intelligence and counter-intelligence
This mandate prescribes national cybersecurity functions to detect and combat cyber intrusions, and could rely on aspects outside of the cyber domain, such as human-intelligence and signal- intelligence. Specific foreign policy response mechanisms need to be developed to govern intelligence and counter-intelligence in the cyber domain.
This mandate may also include functions to spy on nations. From a South African perspective, this mandate is performed by national cybersecurity functions offered by the State Security Agency (SSA) using various cybersecurity structures, as well as the DOD Cyber Command as prescribed by the NCPF [6] and the Cybercrimes and Cybersecurity Bill.
A National Cybersecurity Management Framework for Developing Countries
82 The Intelligence and Counter-Intelligence mandate resides in both the defensive and offensive domains in that this mandate may be helpful to predict cyber-attacks (see Section 3.6.2). It may also be used in an offensive manner during times of war, to actively spy on nation states.
3.8.4 Mandate 4: Critical information infrastructure protection (CIIP) and
national crisis management
Critical Information Infrastructure (CII) must be defined and identified and should form part of the national crisis management structure. Mechanisms must be put in place to facilitate the collaboration and dissemination of information between CII service providers South Africa addresses . CIIP in the NCPF [6], the South African Cybercrimes and Cybersecurity Bill [34] and the Protection of Critical Infrastructure Bill [90].
The National Crisis Management mandate-is satisfied through national cybersecurity functions offered from a national SOC or CSIRT structure [1]. The critical information infrastructure protection (CIIP) and the national crisis management mandate resides in the defensive domain.
3.8.5 Mandate 5: Cyber diplomacy and internet governance
This mandate covers the promotion of norms and standards for cyber behaviour, as well as the process by which state and non-state actors manage the internet. Internet governance implies non- government, self-regulation and is comprised of the public sector as well as government.
Some examples of organisations are the Internet Architecture Board (IAB) [91] and the Internet Engineering Task Force (IETF) [92]. Their focus in terms of cybersecurity is a preventative one. The cyber diplomacy and internet governance mandate resides in the defensive domain.