Leaders of several Pacific nations met in Fiji last week to strengthen ties and promote unity in the region.
The Pacific faces numerous challenges, such as the threat of climate change and major powers jostling for influence in the region. Against these adversities, Pacific countries have shown determination to preserve their own (and the region’s) identity and sovereignty.
One less-appreciated aspect of Pacific security is cybersecurity. Some cyber threats are financially motivated, such as ransomware or phishing attacks, but others aim at critical infrastructure. Still other attacks threaten society and democratic processes through spreading misinformation and disinformation.
We are working with Pacific governments to assess their current cybersecurity situations – and make recommendations for a path forward.
An broader idea of security
In 2018, the 18 member states of the Pacific Islands Forum signed the Boe Declaration on Regional Security. After noting climate change as “the single greatest threat”, the declaration lays out an “expanded concept of security” which includes cybersecurity.
The declaration set the scene for cybersecurity as a shared priority for the region. The response to the COVID-19 pandemic has raised the stakes even further, as online services and remote work have rapidly increased.
Cybersecurity will be necessary to enable continued economic development amid natural disasters, changes in the global security situation, and worldwide economic upheavals.
Security and sovereignty
The countries of the Pacific depend on fragile undersea cables for broadband internet access. Bringing government processes online, modernising digital infrastructure, and promoting e-commerce will introduce further security risks.
At the same time as securing their digital spaces, Pacific nations may wish to maintain sovereign control of their data. Often, digitisation means data is controlled outside the country.
Introducing digital currencies and mobile payments may also reduce a country’s control over money-related policies.
Working with overseas suppliers for cybersecurity may mean the country has to hand over the keys to sensitive data, networks, and systems.
At the invitation of Pacific island nations, we and our colleagues at Monash University and the Oceania Cyber Security Centre (OCSC) are working to help countries understand and strengthen their cybersecurity situation.
Using the University of Oxford’s Cybersecurity Capacity Maturity Model for Nations (CMM) and our own research, we help countries assess their current situation, identify their priorities and determine how to strengthen local capacity and sovereign capability.
These assessments are a crucial first step. Each nation is different. Tailored approaches to cybersecurity that consider the local culture, context and preservation of national sovereignty are needed.
Mapping the way forward
So far, eight of these reviews have been conducted in the Pacific. Seven of these where conducted by the OCSC. Worldwide, more than 87 nations have worked through similar reviews.
In the Federated States of Micronesia, for example, the OCSC completed an assessment in collaboration with the Asia-Pacific Telecommunity in 2020.
After the assessment, we worked with the Federated States of Micronesia in 2021 to co-develop a National Cybersecurity Roadmap. The roadmap sets a path to build local capacity and sovereign capability to protect the country’s national interests and citizens who are most at risk from cyber harms.
In 2019 we conducted an assessment in Vanuatu. Since then, Vanuatu has strengthened its cybersecurity in several ways, including:
- incident response and advisories through national cybersecurity emergency response teams
- development of cybersecurity awareness resources and campaigns
- providing cyber risk management and best practice guidance for businesses
- establishing the Cybercrime Act 2021
- an invitation to accede to the Budapest Convention on Cybercrime.
Frameworks and funding
We and our colleagues are in the process of developing a regional framework for island state cybersecurity. It will help Pacific countries build effective emergency response teams, strengthen cyber resilience, and ensure data sovereignty.
As well as assistance with assessments and planning, Pacific nations will also need funding – including from countries like Australia – to address their own identified priorities.
As the Boe Declaration underlines, we are all on the journey to developing digital resilience. If we work together, the whole Pacific family can strengthen regional security while maintaining sovereignty.
Carsten Rudolph, Associate Professor for Cybersecurity, Monash University; James Boorman, Head of Research and Capacity Building, Oceania Cyber Security Centre, and Affiliate, Monash University, and Monica Whitty, Professor of Software Systems and Cybersecurity, Monash University