A computer hard-drive failure at the Independent Communications Authority of SA (ICASA) has raised the issue of the communications regulator's perceived lack of physical and electronic information security.
ICASA CEO Karabo Motlana says last week a shared services drive (drive h) on one of the organisation's servers failed, but it did not affect ICASA's work or compromise any information.
“Our disaster recovery plan was put into effect and no data was lost and we continued to operate normally,” he says.
Companies wishing to apply for various ICASA-administered licences, either within the telecommunications or the broadcasting arenas, have to supply sensitive information, such as financial summaries, business plans and strategies.
Industry doubts
There has been a sense of disquiet among applicants that the information is either not as well guarded as it should be, or that ICASA's own filing and recordkeeping is sloppy.
“The number of times we have had to send and resend documents, despite having ICASA's own stamps on receipts, is incredible,” one industry source says.
Another industry source says despite having corrected ICASA on the change of ownership of a licence, the official records do not yet reflect these changes.
“Hearing of a hard-drive failure just increases our worry about information security there,” the person says.
ISPA warning
Industry body, the Internet Service Providers Association (ISPA), is so concerned about the perceived lack of information security at ICASA that it has recommended its members exercise caution when supplying sensitive information.
“ISPA has written to ICASA requesting information relating to its information security policy and the steps which it takes to ensure confidentiality is respected. ICASA has acknowledged receipt and we are awaiting a substantive response,” says ISPA legal representative Dominic Cull.
He says the association is also aware of a number of rumours circulating in industry relating to confidential information made available to third parties by ICASA personnel, but does not have any substantiated information in this regard.
“ISPA is also aware of a number of instances where information, confidential and non-confidential, has been misplaced,” Cull says.
He says that, while ISPA has not made a firm recommendation to its members not to submit confidential information, it would certainly advise them to exercise caution when doing so.
“This is obviously not an ideal position given that effective regulation is dependent on ICASA receiving comprehensive information and we would urge ICASA to take urgent steps to reassure industry in this regard.”
Concerns dismissed
Motlana, however, dismisses these concerns and says the regulator has revamped its electronic and physical security.
“We have implemented the Minimum Information Security Standards templates as set up by the National Intelligence Agency (NIA) and we have hired a physical security consultant to help on that front. Security at ICASA is very different from what it was a year ago,” Motlana says.
Two years ago, ICASA and its chairman, Paris Mashile, were severely embarrassed by the leaking of employee exit reports. This prompted Mashile to request help from the NIA to shore up ICASA's security. However, the NIA subsequently denied it had received such a request from him.
Share