• South Africans have until 11th June to comment on Constitution Twentieth Amendment Bill, 2023.
• The bill proposes the creation of a cybersecurity commissioner that would help secure South Africa’s borders.
• The bill’s author, Advocate Glynnis Breytenbach says state-owned entities tasked with securing SA are “chronically underfunded or lack proper expertise”.

Are you of the opinion that South Africa’s cybersecurity is woeful and doesn’t fully protect citizens? Then you have until June to comment on a bill introduced by DA MP, Advocate Glynnis Breytenbach in November last year, which has since been renamed.

Titled Constitution Eighteenth Amendment Bill when it was first introduced, it is now known as the Constitution Twentieth Amendment Bill, 2023.

“Cyber technology is increasingly central to government functioning and the provision of services to citizens,” reads a summary of the bill.

Proper cybersecurity is also fundamental to safeguarding many of the rights enshrined in the Bill of Rights and safeguarding our critical infrastructure and democracy. At present, personal information of individuals in possession of state departments is also not sufficiently protected against cyber-attacks.

These attacks place private and public information at risk, which results in state-owned entities and the economy losing billions of rands to cyber-crime,” it continues.

The bill calls for the creation of a Cyber Commissioner office which would be tasked with advising, monitoring and establishing cybersecurity capabilities in the public sector. The Commissioner would work with tertiary institutions and the private sector to establish minimum good standards, build capacity and create awareness.

“The state-owned entities currently tasked with addressing cyber-crime are chronically underfunded or lack proper expertise to perform their function adequately. In addition, these entities are not sufficiently streamlined, and often operate in silos across Government Departments. It is further vital that an entity that is directly accountable to Parliament and not to the national executive be tasked with safeguarding such fundamental rights,” reads the bill.

Given the renaming of the bill, there are now 30 days in which submissions and comments on the proposal can be submitted. The deadline is Sunday 11th June 2023 and comments can be submitted via the following channels:

• Post: Mailed to Speaker, P.O Box 15, Cape Town, 8000
• Email: speaker@parliament.gov.za, legislation@da.org.za
• In person: addressed to Speaker, New Assembly Building, Parliament Street, Cape Town.

Speaking to Cape Talk in November 2022, Breytenbach said that the commissioner would work with the likes of the Information Regulator to sure up South Africa’s cybersecurity.

That having been said, the MP said that South Africa is ill-equipped to deal with a cyberattack should one take place.

Whether a Cybersecurity Commissioner would help secure our digital borders is unclear, especially when the Information Regulator exists.

Last week the Information Regulator issued an Enforcement Notice (PDF) to the Department of Justice and Constitutional Development following an incident in 2021.

As many 1 200 files were grabbed from the department following a breach and the Information Regulator has ordered a number of issues be addressed. This includes showing the regulator that it has renewed its Trend Anti-Virus licence, the Security Incident and Event Monitoring licence and the Intrusion Detection System licence.

Should it fail to comply with these and other measures, the DOJCD could be fined as much as R10 million.

Perhaps then a Cybersecurity Commissioner could assist the Regulator, the bill needs to find support though so be sure to file comments whether you support this idea or not before 11th June.