The objective of this study was to formulate a roadmap upon which a curriculum for cybersecurity can be built to bring about a resilient cyber-workforce, thereby enabling South Africa to be on par with or ahead of international cybersecurity know-how through a fusion of innovation, research and development that sharpens the country’s academic programmes and training. The purpose of this roadmap is to emphasise sustainability strategies relating to policy, capacity, and governance.
A mixed method research design, comprising a design-based approach that was iterative, integrating, flexible, context based, pragmatic and grounded in both theory and real-world contextual situations and a case study approach that complemented the design-based research through the interrogation of real-world contextual situations, was adopted for the study. Purposive sampling with domains of exploratory, descriptive, and inductive research was used to support the case study approach. Curriculum development managers, lecturers and managers of the Media, Information and Communication Technologies Sector Education and Training Authority (MICT SETA) were approached to take part in interviews. Owing to the homogeneity of the target population, non-probability convenience sampling was also used for the study. For purposes of qualitative research, interviews were conducted to collect meaningful content, a survey questionnaire was administered to randomly sampled research respondents and online surveys were administered to purposefully sampled respondents for the quantitative triangulation of data.
The results of the study revealed that there is a great need for cybersecurity skills to guarantee the country’s cyber liberty. South Africa lacks resources, expertise, and governance processes, and this is hindering institutions’ readiness to prioritise educational programmes on computer security (CS) in response to unabated cyberattacks and rampant cyber espionage. This has systematically produced less cybersecurity professionals while the demand for skills in cryptography, secure coding, penetration testing, digital forensics, network security and cybersecurity risk management, among other things, continues to increase. The results of this study also highlight a need for coherent thinking that pulls legislators, policymakers, researchers, innovators, and educators together to plug the security holes, to ease institutional rigidity and to tackle the lack of depth and breadth in South Africa’s CS offering. The inadequate CS offering has caused multinationals and other private sector stakeholders to import or train their own talent, leaving the public sector with a shortage of cybersecurity skills
The recommendations made based on the findings of the study include the elimination of restrictive practices that work against innovation, on the one hand, and the promotion of cybersecurity investment and outside collaboration, on the other. Capacity governance, according to the model proposed in the study must augment the Cybercrimes and Cyber Security Bill which does not adequately address the cybersecurity skills agenda. The government needs to adopt medium to long-term policies that will create a sustainable supply of cybersecurity professionals in academia and industry. South Africa should embark on large-scale CS awareness-raising and public education on the importance of cybersecurity through, for example, cyber-hygiene campaigns that target different demographics of its cyber-citizenry and effect meaningful change in academic settings and hiring practices. CS courses must be introduced from the primary and secondary levels to the tertiary and postgraduate levels. Inter-institutional cooperation will be vital since we are all fighting the same adversaries in the cyber-terrain. The use of shared laboratories and simulation laboratories must be explored as a possible means of creating the resources needed to bring about a competitive CS offering. Training will be vitally important in creating champions of change in the fields of justice, law enforcement, academia, research and policy formulation. In the interest of delivering impactful education and cutting-edge resources, well-funded research is paramount to building a capable state, stimulating innovation, promoting commercialisation, and reversing the information technology import/export conundrum.
Inhloso yalolucwaningo kwakungukwakha umgomo wezindlela zokwenziwa kwezifundo ze-cybersecurity ukwakha amandla okusebenza kwesibhekelele, ngakho-ke kwenza iNingizimu Afrika ibe ngokulingana noma ingaphezu kokwazi kwesibhekelele sezwe lonke ngesihlanganiso sobuchwepheshe, ucwaningo nokuthuthukiswa lokukhiqiza izinhlelo zokufunda nokuzimisela zezwe. Injongo yalomgomo wezindlela wkugcizelela izinhlelo zokuphila ezihlobene nemithetho, namandla nokuphatha. Uhlelo lokucwaninga oluhlanganisiwe, oluqukethe uhlelo lokwakha olubhekene nokucwaninga olubhekene nokuhlanganiswa, ukubeka kabusha, ukunquma, ukusekelwa kwendawo, ukuba nomsebenzi nokuzimisela emazingeni amaningi kanye nokuhlanganiswa kwesimo sangempela namazinga amaningi, kanye nohlelo lwengcwaningo lwe-case study olusekelisana nohlelo lokwakha olubhekene nokucwaninga ngokuhlola izimo zangempela, lwamukelwa kulolucwaningo. Ukutholwa kwamaphuzu okucwaninga okungokuzinikela ngamagumbi okucwaninga okuyizindaba ezihlobene. Abaphathi bezinhlelo zokuthuthukisa isifundo, abafundisi nabaphathi be-Media, Information and Communication Technologies Sector Education and Training Authority (MICT SETA) batholakala beyingxenye yemibuzo. Ngenxa yokufana kwengeniso yomphakathi wokucwaninga, ukuthukutholwa kwamaphuzu okucwaninga okungokuzinikela kwasetshenziswa kulolucwaningo.
Imiphumela yocwaningo ibonisa ukuthi kukhona isidingo esikhulu sezinhlelo zokusebenza kwesibhekelele ukuze kugcinwe inkululeko yesizwe esiyisisekelo. INingizimu Afrika inezinsiza, ubuchwepheshe, nemithetho yokuphatha, futhi lokhu kuyivimbela izikhungo ukuba zibe nesiqiniseko sokufaka isifundo se-computer security (CS) njengobuningi bobandlululo bezinkomba zesibhekelele kanye nobandlululo obunamandla wesizwe esiyisisekelo. Lokhu kwenzeke ngendlela ehambisanayo ekukhiqizeni abasebenzi abancane bezinhlelo zokusebenza kwesibhekelele ngenkathi isidingo sezinhlelo zokusebenza kwesibhekelele ezihlobene nokubhala okuvikelekile, ukubhala okuvikelekile, ukuhlola ukuvikeleka, ukubhalisa okuvikelekile, ukuvikeleka kwamakhompyutha nokuphatha izinhlelo zokusebenza kwesibhekelele, phakathi kwezinye izinto, siqhubeke sikhula. Imiphumela yalolu cwaningo ibonisa futhi isidingo sokucabanga okuhlanganisiwe phakathi kwabaholi bomthetho, abaphathi bezinhlelo, abacwaningi, abaqalisi kanye nabafundisi ukuze kuvalwe izikhala zokuvikeleka, ukuqeda ukungabi namandla kwamakhungo kanye nokulwa nokungabi namandla nokubanzi kokunikezwa kwe-CS eNingizimu Afrika. Ukunikezwa okunganele kwe-CS kwenze izinkampani eziningi ezimkhulu kanye nabanye abasebenzi bezinsiza bazitholele noma bazifundise izinhlelo zabo zokusebenza kwesibhekelele, lapho isizwe esiyisisekelo sishiywe nesidingo sezinhlelo zokusebenza kwesibhekelele.
Izimpendulo ezinikezwe ngokusekelwa imiphumela yolucwaningo ziqukethe ukususa izinhlelo ezivimbayo ezisebenza ngokuphikisana nobuchwepheshe, ngakunye nokukhuthaza ukungena kwemali kanye nokusebenzisana ngaphandle. Ukuphatha amandla, ngokwesimo esiphiwe kulolucwaningo kumele kusekelise i-Cybercrimes ne Cyber Security Bill engenakwazi ukuphatha kahle isihloko sezinhlelo zokusebenza kwesibhekelele. Uhulumeni udinga ukwamukela imithetho emaphakathi esizweni esizokwakha isiqiniseko sokutholakala kwabasebenzi bezinhlelo zokusebenza kwesibhekelele emazingeni aphakeme nasezinkampanini. INingizimu Afrika kumele iqale ngokwethula imibhalo yokwazi i-CS nokufundisa umphakathi ngobalulekile bokuvikelekile kwesibhekelele ngesihlanganiso sobuchwepheshe obuhlanganisiwe obubhekene nezihlobo ezahlukene zabantu abangabasebenzi bezinkomba zesibhekelele bese kushintsha okuqukethwe nokufundiswa emazingeni aphakeme nasezinkampanini. Izifundo ze-CS kumele zifakwe kusukela emazingeni aphansi kuze kube emazingeni aphakeme. Ukusebenzisana phakathi kwezikhungo kubalulekile ngoba sonke nenkinga yabantu abaningi abangabasebenzi bezinkomba zesibhekele. Ukusetshenziswa kwama-laboratory wokwabelana nokwakha amalabhorari okuhlanganisiwe, kumele kuqaphelisiswe njengendlela engenayo yokwakha izinsiza ezidingekayo ukuze kube khona isifundo se-CS esinamandla.
Die doel van hierdie studie was om ’n rigtingwyser te formuleer waarvolgens ’n kurrikulum vir kubersekuriteit ontwikkel kan word om ’n veerkragtige kuberwerksmag te bewerkstellig. Sodoende kan Suid-Afrika op gelyke voet met, of vóór, internasionale kubersekuriteit-kennis wees deur ’n samevoeging van innovering, navorsing en ontwikkeling wat die land se akademiese programme en opleiding verbeter. Die rigtingwyser het ten doel om strategieë vir volhoubaarheid ten opsigte van beleid, kapasiteit en bestuur te beklemtoon.
Vir hierdie studie is die volgende gebruik: ’n gemengdemetode-navorsingsontwerp bestaande uit ’n ontwerpgebaseerde benadering wat iteratief, integrerend, aanpasbaar, konteksgebaseer, pragmaties, en in teorie sowel as werklike kontekssituasies gesetel is, en ’n gevallestudiebenadering wat die ontwerpgebaseerde navorsing aanvul deur die ondersoek na werklike kontekssituasies. Doelbewuste steekproefneming met domeine van verkennende, beskrywende, en induktiewe navorsing, is gebruik om die gevallestudiebenadering te ondersteun. Kurrikulumontwikkelingsbestuurders, dosente, en bestuurders van die Media, Information and Communication Technologies Sector Education and Training Authority (MICT SETA) is genader om aan onderhoude deel te neem. Vanweë die homogeniteit van die teikenpopulasie is niewaarskynlikheid-gerieflikheidsteekproefneming ook vir die studie gebruik. Vir doeleindes van kwalitatiewe navorsing is onderhoude gevoer om betekenisvolle inhoud te bekom; ’n opnamevraelys aan ewekansige-steekproef-navorsingsrespondente gegee; en aanlyn opnames onder ewekansige-steekproef-respondente gedoen vir die kwantitatiewe triangulering van data.
Die studieresultate het getoon dat daar ’n groot behoefte aan kubersekuriteit-vaardighede is – om die land se kubervryheid te waarborg. In Suid-Afrika is daar ’n gebrek aan hulpbronne, kundigheid, en bestuursprosesse, en dit belemmer instansies se bereidheid om opvoedkundige programme oor rekenaarsekuriteit (CS) te prioritiseer in antwoord op onverswakte kuberaanvalle en onstuitbare kuberspioenasie. Dit het sistematies minder kubersekuriteit-kundiges gelewer, terwyl die vraag na vaardighede in kriptografie, beveiligde kodering, penetrasietoetsing, digitale forensies, netwerksekuriteit en kubersekuriteit-risikobestuur, onder andere, steeds toeneem. Die resultate van die studie beklemtoon ook die nodigheid van koherente denke wat wetgewers, beleidsvormers, navorsers, innoveerders en opvoeders saamvoeg om die sekuriteitsgate toe te stop; om institusionele onbuigsaamheid te verlig en om werk te maak van die gebrek aan diepte en wydte in Suid-Afrika se CS-aanbieding. Die ontoereikende CS-aanbieding het meegebring dat multinasionale maatskappye en ander belanghebbendes in die private sektor hul eie talent invoer of oplei, en sodoende die openbare sektor met ’n tekort aan sekuriteit-vaardighede laat.
Die aanbevelings wat aan die hand van die studiebevindinge gemaak word, sluit in: aan die een kant, die uitskakeling van beperkende praktyke wat innovering teenwerk, en aan die ander kant, die bevordering van kubersekuriteit-investering en samewerking van buite. Kapasiteitsbestuur, volgens die model wat in die studie voorgehou word, moet aanvullend wees tot die Wetsontwerp op Kubermisdaad en Kubersekuriteit, wat nie voldoende voorsiening maak vir die kubersekuriteit-vaardigheidsagenda nie. Die regering moet medium- tot langtermynbeleide instel wat volhoubaar kubersekuriteit-kundiges in die akademiese omgewing en die bedryf kan lewer. Suid-Afrika moet grootskaalse bewusmaking van CS en openbare opvoeding ten opsigte van die belangrikheid van kubersekuriteit aanpak, byvoorbeeld deur kuberhigiëne-veldtogte wat op verskillende demografiese kenmerke van hul kuber-burgery gerig is, en moet betekenisvolle veranderinge in akademiese kontekste en indiensnemingspraktyke bewerkstellig. CS-kursusse moet bekendgestel word van die primêre en sekondêre vlakke tot by die tersiêre en nagraadse vlakke. Inter-institusionele samewerking sal deurslaggewend wees, aangesien ons almal teen dieselfde teenstanders op die kuberterrein veg. Die gebruik van gedeelde laboratoriums en simulasielaboratoriums moet ondersoek word as ’n moontlike manier om die nodige hulpbronne te skep om ’n mededingende CS-aanbieding te bewerkstellig. Opleiding sal uiters noodsaaklik wees om kampvegters vir verandering te kweek in die regsveld, wetstoepassing, die akademiese wêreld, navorsing en beleidsformulering. Ter wille van die lewering van impakryke opvoeding en indringende hulpbronne, is goed befondsde navorsing deurslaggewend vir die bou van ’n bekwame staat, stimulering van innovering, bevordering van kommersialisering, en omkering van die inligtingstegnologie-invoer/uitvoer-strikvraag.
