Times Of Swaziland: AG REMOVED CRUCIAL CLAUSES IN E1.2BN CYBER DEAL AG REMOVED CRUCIAL CLAUSES IN E1.2BN CYBER DEAL ================================================================================ BY WELCOME DLAMINI on 10/01/2021 09:33:00 MBABANE – AG to the rescue! An advice given by Attorney General Sifiso Khumalo appears to have saved the country from making financial commitments on the cyber security deal between the Ministry of Information Communications and Technology and the Ministry of Defence of the State of Israel. The AG gave legal opinion stating that two particular paragraphs of the Memorandum of Understanding (MoU) between the two parties should be removed. While the MoU was with regard to cooperation on cyber security issues, these paragraphs would have seen the country committing itself to an Implementation Agreement that was attached to the document. Impeccable sources disclosed that it was these clauses that would have bound government to Project Harmonia – a deal that is worth US$72 million (about E1.2 billion) with Israel Aerospace Industries (IAI) - an Israeli government company (parastatal). Despite this, IAI, the sources said, believes it has a binding cyber security agreement with the Ministry of ICT. Manqoba Khumalo, the Acting Minister of ICT, has, however, stood his ground and stopped any cyber security deal with IAI because he says any agreement that may exist with this company was not approved by Cabinet. Acting Prime Minister Themba Masuku also said he did not know about this project. On November 15, 2019, the AG wrote a memorandum to Principal Secretary in the Ministry of ICT Maxwell Masuku expressing his legal opinion on the MoU. He noted that there were paragraphs 5 and 6 of Article IV that made reference to an Implementation Agreement, which gave the impression that the Implementation Agreement formed part of the MoU. He said in his office’s view and opinion, these paragraphs were misplaced because, usually, an MoU is a non-legally binding agreement between two or more parties. common line The AG said an MoU expressed a convergence of will between parties indicating an intended common line of action. “We advise that the Parties through the MoU are merely demonstrating their intention to cooperate on matters of cyber security. As to how this cooperation will be carried out, this will be covered in specific Implementation Agreements. The specific Implementation Agreements that may be concluded by the Parties will also require vetting by the Law Office,” wrote the AG. He advised that the Parties may conclude Implementing Agreements for specific activities under the MoU. He said this was covered in paragraphs 1 to 4 of Article IV. “Please delete paragraphs 5 and 6,” he wrote. The AG added: “Apart from the above, we do not see anything objectionable with the rest of the MoU. After attending to the above correction, the MoU will be in order and may be forwarded for Cabinet approval,” added the AG. With the two paragraphs out of the way, it left the MoU stating that the parties may conclude Implementing Agreements (IAs) for specific activities under the MoU and these would be performed on a Government-to-Government level, as should be agreed separately on case-by-case basis. “The effective implementation may include, inter alia, evaluation, pre-qualification and nomination of suitable private companies or other institutions or experts from their respective countries to implement as well as partner and collaborate together in development projects,” reads paragraph 2 of this Article. Paragraph three is a provision that the parties would collaborate to decide, on a case-by-case basis, how their joint activities would be funded and resourced. “Whenever one party intents to procure specific cyber security and/or services from the other party, it will notify it in an official letter of request that will include at least the following: the identity of the selected prime contractor; the description of the cyber security system, equipment and/or services,” reads the fourth and last paragraph under this Article IV. Masuku said after the AG’s advice, the Ministry prepared a Cabinet paper, which this publication has seen, but there is no proof that it was presented to Cabinet. In this paper, which Masuku said was prepared by him, the Ministry of ICT gave a background, justification, the consultation process undertaken, an analysis, preferred option and request to Cabinet regarding the MoU. In the background, it was stated that the Ministry of ICT sought to enter into an MoU with the Ministry of Defence of the Government on cyber security. The Ministry narrated that it had the mandate of providing an enabling environment for ICTs in the country and this included development of cyber security legislation, policy and institutional frameworks as well as implementation strategies to ensure a safe, secure and resilient cyberspace in Eswatini. In doing so, the ministry said it needed to partner with countries and organisations that were ahead in implementation of cyber security programmes and projects. “To this end the Ministry in line with its Strategic Plan 2019-2023 wishes to establish partnerships with leading countries in areas such as ICT infrastructure development, e-government and cyber security. The Ministry of Defence of the Government of Israel is responsible for all cyber security programmes in Israel and has agreed to enter into a Memorandum of Understanding with the Ministry of ICT in Eswatini as the responsible Ministry for cyber security issues,” reads the Cabinet paper. In justifying the need for the MoU, the ministry said cyberspace was borderless and the country could not fulfill its cyber security agenda alone but needed to partner with countries like Israel to facilitate knowledge transfer, up skilling, deployment of technology tools and setting up of cyber security institutional frameworks. “It is on this basis that the Ministry is requesting the approval of Cabinet in entering into an MoU on cyber security with the Ministry of Defence of the Government of Israel. “Furthermore, since the country won the bid and has signed an Agreement to host the Africa e-Trade it is requisite to establish a safe, robust and resilient cyberspace in the kingdom that will protect and safeguard the implementation of the e-Trade platform,” the Cabinet paper further states. The ministry said it had made all necessary consultations with its stakeholders involved in cyber security and has also consulted with the AG’s office in the drafting of the MoU. In its analysis, the ministry said the Ministry of Defence of the Government of Israel was responsible for all cyber security programmes and initiatives in Israel and had agreed to enter into an MoU with the Ministry of ICT in Eswatini as the ministry responsible for cyber security issues. “The MoU will benefit the country largely in the area of cyber security and will provide opportunities for skills transfer, deployment of cyber security solutions, mutual legal assistance and cooperation on Cyber Incident Response,” the ministry told Cabinet.According to the Cabinet paper, the cost of the cyber security deal was yet to be determined and Masuku pointed out to this publication that, to this end, no financial commitment had been made. financial implications “The financial implications will be detailed in the implementation agreements with particular Israeli companies proposing to implement a cyber security programme with Eswatini,” it is stated in the paper. The paper then adds: “Cabinet is humbly requested to consider and approve the request by the Ministry of ICT to enter into a Memorandum of Agreement herewith attached with the Ministry of Defence of the Government of Israel on cyber security.” The paper shows that besides the MoU, other documents attached were a ‘Contract Agreement – Harmony’, ‘Implementation Agreement between ELTA (Israel) and MICT (Eswatini) – Harmony’ and a PDF of the MoU. It has been stated that while the cyber project was supposed to be included in the 2020/2021 financial year, it was left out because there was no budget for it. “We realised that the budget for the ministry might not cover all its aspirations and it’s a common practice in any ministry to apply a reallocation that has to go through the Ministry of Finance for approval. We had budgeted for e-government and cyber security forms part and parcel of e-government, so we had said we would take part of the budget for e-government to implement cyber, which is a subset of e-government. STOPPED So it’s neither here nor there that the project was stopped because there was no budget. There is a budget for e-government under the ministry,” PS Masuku said. The PS has now come out to state that what Inkhosatana Sikhanyiso signed was not a contract with any Israeli company, but an MoU with the Government of Israel stating that the company the ministry would engage on the cyber security project would be one that had their approval. “They (Israelis) were so amenable with the fact that we were signing an instrument that said once all government protocols had been fulfilled we would then be willing to sign an agreement. What we signed therefore was not an agreement, but an indication that we would be willing to sign once government had approved the process,” the PS said. Before the MoU was arrived at, the late Prime Minister, Ambrose Mandvulo Dlamini, approved a travelling minute submitted to him by Inkhosatana Sikhanyiso, seeking to travel to, among other countries, Israel for purposes of the cyber security deal. The minute, dated May 20, 2019 and addressed to the PM, stated that the Inkhosatana and her delegation had been invited to consultative meetings on ICTs in three different countries; namely, Estonia, Sweden and Israel. However, the Inkhosatana informed the PM that due to difficulties encountered in the acquisitions of visas for entry to Estonia and Sweden, she would only be travelling to Israel and would leave Eswatini on May 21, 2019 to return on May 29, 2019. In the minute it was stated that in Israel, there would be ‘meetings with ELTA/IAI Systems Ltd (Israel Aerospace Industries), Ministry of Economy and the Israel National Cyber Authority’. The meetings were scheduled for May 23 to May 26, 2019. It is shown in the minute that the PM approved the trip on May 21, 2019. Accompanying Accompanying the Inkhosatana was Director of Communications in the Ministry of ICT Andreas Dlamini and Dr. Rejoice Bethusile Maseko, the Director – Research, Science, Technology and Innovation. “It is very crucial that Mr. Andreas Dlamini (Director – Communications) and Dr. Rejoice Bethusile Maseko (Director – Research, Science, Technology and Innovation) are part of the delegation so as to provide well informed advice to the Honourable Minister on the ministry policy direction on the issues to be discussed,” reads part of the minute. Also part of the delegation was Dudu Sihlongonyane, the Manager for Special Economic Zones at the Royal Science and Technology Park, since her parastatal ‘will be required to implement all the Science, Technology and Innovation initiatives agreed on at these meetings’. Masuku told the Times SUNDAY that upon return from this trip, the proposed MoU between the Ministry of ICT and the Ministry of Defence of the State of Israel was then presented to the attorney general for his input.