Cybersecurity in Pacific Island Nations

The Oceania region is at a crossroads, with physical security challenges headlined by a changing climate providing an existential threat to many of the Pacific Island nations that call the region home. Furthermore, the region has become a geopolitical battleground with major actors including Australia, China, the European Union, New Zealand, and the U.S. all working to gain influence.

During the Pacific Islands Forum in late 2018, Pacific Island leaders outlined their security concerns through the Boe Declaration—a pronouncement that looked to establish an expanded concept of security.^a One such security issue that has begun to emerge and will only accelerate without individual and collective action is the threat of cyberattacks and cybercrime in the region. Most of the Pacific Island nations have either recently or are in the process of drastically increasing the access to international connectivity through submarine cables that enable the potential transformation to digital economy and digital society of such nations. However, the rapid expansion of fast access to the globally connected Internet has also increased the risks of Pacific Island nations becoming victims of cyberattacks and cybercrime.

The rapid expansion of fast access to the globally connected Internet has also increased the risks of Pacific Island nations becoming victims of cyberattacks and cybercrime.

A good deal of ad hoc support does exist. Examples of such activities include international organizations offering hands on capacity building cybersecurity workshops for government representatives or specialized training for police forces. A truly global initiative that began in April 2018 is now supporting Pacific Island nations in developing and strengthening their cyber-security capacity. The not-for-profit Oceania Cyber Security Centre (OCSC) in Melbourne, Australia, has become the first regional partner of the Global Cyber Security Capacity Centre (GCSCC), at the University of Oxford in the U.K. and has teamed up with United Nations International Telecommunication Union (ITU) to complete cybersecurity capacity maturity assessments of countries in Polynesia, Micronesia, and Melanesia. This work targets 15 countries for cybersecurity capacity reviews based on the Cybersecurity Capacity Maturity Model for Nations (CMM).^b While five reviews have been completed, the first comprehensive report has now been approved for released by the Samoan government and has been published by the Ministry of Communications and IT.^c

The process, the choice of stakeholders involved, the resulting report, and all subsequent policy decisions and projects are owned by the individual countries. However, researchers from the University of Oxford and the eight OCSC member universities in Victoria, Australia, accompany the project with research exploring the various themes and evolving cybersecurity context of the region.

While the detailed reports are confidential (as long as they are not published by the particular country), there are general learnings and themes emerging from the work completed in Samoa, Tonga, Vanuatu, Papua New Guinea, and Kiribati. It shows that cybersecurity is seen in a very wide sense. In addition to the core areas, particularly important topics are malicious use of social media, fake news, deception, and fake accounts. One main issue is the lack of qualified people to support governments, companies, education, and the public in general. Further, there is a high probability for people with higher qualification to emigrate to other more developed countries. The accompanying research and future CMM reviews will reflect on what it means for Pacific Island nations to expose themselves to the advantages and risks of the Internet community and what pathways can be developed toward higher maturity.

Figure. The Boe Declaration on Regional Security expounds on the need for and methods to obtain greater “human” security, including the handling of cyberthreats to safety. Pacific Island leaders signed the pronouncement by handprint.

CMM reports contain many recommendations and constitute a first step toward building capacity and developing cyber-security strategies and policies. They clearly show that particular characteristics of island countries in the Pacific require individual approaches to cybersecurity and digital transformation in general. Therefore, reviews are now followed by projects for capacity building, for example, to establish technical capabilities for incident response, to create awareness programs satisfying individual requirements of the countries, or critical infrastructure protection.

CMM reports contain many recommendations and constitute a first step toward building capacity and developing cybersecurity strategies and policies.

The joint projects in the Pacific are part of a global initiative on cybersecurity capacity building for nations and represent a model for other regions, with a long-term vision of a network of regional centers, for which the OCSC is the reference model.