In this cross-posting from The Conversation, Carsten Rudolph, James Boorman and Monica Whitty at Monash University discuss the key challenges the Pacific is currently facing, including combating the threat of cyber crime and bolstering cyber security defences.
Leaders of several Pacific nations met in Fiji last week to strengthen ties and promote unity in the region.
The Pacific faces numerous challenges, such as the threat of climate change and major powers jostling for influence in the region. Against these adversities, Pacific countries have shown determination to preserve their own (and the region’s) identity and sovereignty.
One less-appreciated aspect of Pacific security is cyber security. Some cyber threats are financially motivated, such as ransomware or phishing attacks, but others aim at critical infrastructure. Still other attacks threaten society and democratic processes through spreading misinformation and disinformation.
We are working with Pacific governments to assess their current cyber security situations – and make recommendations for a path forward.
A broader idea of security
In 2018, the 18 member states of the Pacific Islands Forum signed the Boe Declaration on Regional Security. After noting climate change as “the single greatest threat”, the declaration lays out an “expanded concept of security” which includes cyber security.
The declaration set the scene for cyber security as a shared priority for the region. The response to the COVID-19 pandemic has raised the stakes even further, as online services and remote work have rapidly increased.
Cyber security will be necessary to enable continued economic development amid natural disasters, changes in the global security situation, and worldwide economic upheavals.
Security and sovereignty
The countries of the Pacific depend on fragile undersea cables for broadband internet access. Bringing government processes online, modernising digital infrastructure, and promoting e-commerce will introduce further security risks.
At the same time as securing their digital spaces, Pacific nations may wish to maintain sovereign control of their data. Often, digitisation means data is controlled outside the country.
Introducing digital currencies and mobile payments may also reduce a country’s control over money-related policies.
Working with overseas suppliers for cyber security may mean the country has to hand over the keys to sensitive data, networks, and systems.
Cyber security assessments
At the invitation of Pacific island nations, we and our colleagues at Monash University and the Oceania Cyber Security Centre (OCSC) are working to help countries understand and strengthen their cyber security situation.
Using the University of Oxford’s cyber security Capacity Maturity Model for Nations (CMM) and our own research, we help countries assess their current situation, identify their priorities and determine how to strengthen local capacity and sovereign capability.
These assessments are a crucial first step. Each nation is different. Tailored approaches to cyber security that consider the local culture, context and preservation of national sovereignty are needed.
Mapping the way forward
So far, eight of these reviews have been conducted in the Pacific. Seven of these were conducted by the OCSC. Worldwide, more than 87 nations have worked through similar reviews.
In the Federated States of Micronesia, for example, the OCSC completed an assessment in collaboration with the Asia-Pacific Telecommunity in 2020.
After the assessment, we worked with the Federated States of Micronesia in 2021 to co-develop a national cyber security roadmap. The roadmap sets a path to build local capacity and sovereign capability to protect the country’s national interests and citizens who are most at risk from cyber harms.
In 2019 we conducted an assessment in Vanuatu. Since then, Vanuatu has strengthened its cyber security in several ways, including:
- incident response and advisories through national cyber security emergency response teams;
- development of cyber security awareness resources and campaigns;
- providing cyber risk management and best practice guidance for businesses;
- establishing the Cybercrime Act 2021; and
- an invitation to accede to the Budapest Convention on Cybercrime.
Frameworks and funding
We and our colleagues are in the process of developing a regional framework for island state cyber security. It will help Pacific countries build effective emergency response teams, strengthen cyber resilience, and ensure data sovereignty.
As well as assistance with assessments and planning, Pacific nations will also need funding – including from countries like Australia – to address their own identified priorities.
As the Boe Declaration underlines, we are all on the journey to developing digital resilience. If we work together, the whole Pacific family can strengthen regional security while maintaining sovereignty.
Carsten Rudolph is an associate Professor for cyber security at Monash University; James Boorman is the head of research and capacity building, Oceania Cyber Security Centre, and affiliate at Monash University, Monica Whitty, is a Professor of software systems and cyber security at Monash University.