**Cybersecurity Policy and the Legislative Context of the Water and Wastewater Sector in South Africa**

**Masike Malatji 1, Annlizé L. Marnewick 1,\* and Suné von Solms 2**


**Abstract:** The water and wastewater sector is an important lifeline upon which other economic sectors depend. Securing the sector's critical infrastructure is therefore important for any country's economy. Like many other nations, South Africa has an overarching national cybersecurity strategy aimed at addressing cyber terrorism, cybercriminal activities, cyber vandalism, and cyber sabotage. The aim of this study is to contextualise the water and wastewater sector's cybersecurity responsibilities within the national cybersecurity legislative and policy environment. This is achieved by conducting a detailed analysis of the international, national and sector cybersecurity stakeholders; legislation and policies; and challenges pertaining to the protection of the water and wastewater sector. The study found some concerning challenges and improvement gaps regarding the complex manner in which the national governmen<sup>t</sup> is implementing the cybersecurity strategy. The study also found that, along with the National Cybersecurity Policy Framework (the national cybersecurity strategy of South Africa), the Electronic Communications and Transactions Act, Critical Infrastructure Protection Act, and other supporting legislation and policies make provision for the water and wastewater sector's computer security incidents response team to be established without the need to propose any new laws or amend existing ones. This is conducive for the immediate development of the sector-specific cybersecurity governance framework and resilience strategy to protect the water and wastewater assets.

**Keywords:** cybersecurity; cybercrime; legislation; policy; systems thinking; water
