Cybersecurity in the Pacific: how island nations are building their online defences

Cybersecurity in the Pacific: how island nations are building their online defences

Shutterstock

Leaders of several Pacific nations met in Fiji last week to strengthen ties and promote unity in the region.

The Pacific faces numerous challenges, such as the threat of climate change and major powers jostling for influence in the region. Against these adversities, Pacific countries have shown determination to preserve their own (and the region’s) identity and sovereignty.

One less-appreciated aspect of Pacific security is cybersecurity. Some cyber threats are financially motivated, such as ransomware or phishing attacks, but others aim at critical infrastructure. Still other attacks threaten society and democratic processes through spreading misinformation and disinformation.

We are working with Pacific governments to assess their current cybersecurity situations – and make recommendations for a path forward.

An broader idea of security

In 2018, the 18 member states of the Pacific Islands Forum signed the Boe Declaration on Regional Security. After noting climate change as “the single greatest threat”, the declaration lays out an “expanded concept of security” which includes cybersecurity.

The declaration set the scene for cybersecurity as a shared priority for the region. The response to the COVID-19 pandemic has raised the stakes even further, as online services and remote work have rapidly increased.

Cybersecurity will be necessary to enable continued economic development amid natural disasters, changes in the global security situation, and worldwide economic upheavals.

Security and sovereignty

The countries of the Pacific depend on fragile undersea cables for broadband internet access. Bringing government processes online, modernising digital infrastructure, and promoting e-commerce will introduce further security risks.

See also  For schools, accepting student mobile phone use may be a better approach than banning them

At the same time as securing their digital spaces, Pacific nations may wish to maintain sovereign control of their data. Often, digitisation means data is controlled outside the country.


Read more:
Undersea internet cables connect Pacific islands to the world. But geopolitical tension is tugging at the wires

Introducing digital currencies and mobile payments may also reduce a country’s control over money-related policies.

Working with overseas suppliers for cybersecurity may mean the country has to hand over the keys to sensitive data, networks, and systems.

Cybersecurity assessments

At the invitation of Pacific island nations, we and our colleagues at Monash University and the Oceania Cyber Security Centre (OCSC) are working to help countries understand and strengthen their cybersecurity situation.

Using the University of Oxford’s Cybersecurity Capacity Maturity Model for Nations (CMM) and our own research, we help countries assess their current situation, identify their priorities and determine how to strengthen local capacity and sovereign capability.

These assessments are a crucial first step. Each nation is different.
Tailored approaches to cybersecurity that consider the local culture, context and preservation of national sovereignty are needed.

Mapping the way forward

So far, eight of these reviews have been conducted in the Pacific. Seven of these where conducted by the OCSC. Worldwide, more than 87 nations have worked through similar reviews.

In the Federated States of Micronesia, for example, the OCSC completed an assessment in collaboration with the Asia-Pacific Telecommunity in 2020.

After the assessment, we worked with the Federated States of Micronesia in 2021 to co-develop a National Cybersecurity Roadmap. The roadmap sets a path to build local capacity and sovereign capability to protect the country’s national interests and citizens who are most at risk from cyber harms.

See also  Your genetic code has lots of 'words' for the same thing – information theory may help explain the redundancies


Read more:
Fight for control threatens to destabilize and fragment the internet

In 2019 we conducted an assessment in Vanuatu. Since then, Vanuatu has strengthened its cybersecurity in several ways, including:

incident response and advisories through national cybersecurity emergency response teams
development of cybersecurity awareness resources and campaigns
providing cyber risk management and best practice guidance for businesses
establishing the Cybercrime Act 2021
an invitation to accede to the Budapest Convention on Cybercrime.

Frameworks and funding

We and our colleagues are in the process of developing a regional framework for island state cybersecurity. It will help Pacific countries build effective emergency response teams, strengthen cyber resilience, and ensure data sovereignty.

As well as assistance with assessments and planning, Pacific nations will also need funding – including from countries like Australia – to address their own identified priorities.

As the Boe Declaration underlines, we are all on the journey to developing digital resilience. If we work together, the whole Pacific family can strengthen regional security while maintaining sovereignty.


Read more:
What skills does a cybersecurity professional need?

The Conversation

Carsten Rudolph works for Monash University and is the Research Director for the Oceania Cyber Security Centre OCSC.

James Boorman is Head of Research and Capacity Building at the Oceania Cyber Security Centre and an affiliate of Monash University.

Monica Whitty works for Monash University.