This article examines current and emerging threats to infrastructure as South Africa transitions from the National Key Points Act (NKPA), Act No. 102 of 1980 to the Critical Infrastructure Protection Act (CIPA), Act No. 8 of 2019. The aim is to provide risk and security architecture frameworks that will inform regulations and the design of security measures. To do this, the notion of risk and risk appetite are used to define the critical infrastructure risk model in terms of output risk; enterprise risk; input risk and threat risk. These risks are interpreted in relation to CIPA and its regulations. Threat risk is explored in more detail as a design basis for a security operational concept. Important areas that CIPA will need to augment will be contextualising critical infrastructure and essential infrastructure within an infrastructure ecosystem with a related strategy. In the last part of the article, the link between how the security operational concept address the threat risks and the constituents of a security architecture.
Reference:
Gonçalves, D.P. & Serfontein, C.J. 2022. Systemic approaches to critical infrastructure risk and security capabilities. http://hdl.handle.net/10204/12557 .
Gonçalves, D. P., & Serfontein, C. J. (2022). Systemic approaches to critical infrastructure risk and security capabilities. http://hdl.handle.net/10204/12557
Gonçalves, Duarte P, and Christian J Serfontein. "Systemic approaches to critical infrastructure risk and security capabilities." 16th INCOSE South Africa Systems Engineering Conference (Virtual), 14-16 November 2022 (2022): http://hdl.handle.net/10204/12557
Gonçalves DP, Serfontein CJ, Systemic approaches to critical infrastructure risk and security capabilities; 2022. http://hdl.handle.net/10204/12557 .