The CMM at work
The Cybersecurity Capacity Maturity Model for Nations (CMM) is the flagship assessment tool of the Oceania Cyber Security Capacity Centre (OCSC) based in Melbourne. The CMM is a key contributor to improving cybersecurity maturity globally, with its positive tangible results and impact widely acknowledged.
A recent independent evaluation conducted in 2020 revealed that the participating nations found the CMM to be of the highest value. According to the authors, the CMM was “foundational to their strategy and policy development, contributing to greater collaboration within government and enabling networking and collaboration with business and the wider society.”
Since starting the CMM programme in 2018, the OCSC has conducted six CMM reviews within the Pacific Region with a further nine scheduled in 2020-2022, forming part of OCSC’s outreach plan. It is OCSC’s ambition to work with all countries in the region and welcome the opportunity to work with Australian and New Zealand governments in the future.
Our first review was conducted in the Independent State of Samoa in April 2018 at the invitation of the Ministry of Communications and Information Technology (MCIT), and in collaboration with the International Telecommunication Union (ITU) and the Global Cyber Security Capacity Centre (GCSCC) from the University of Oxford.
As part of this joint mission, ITU and the Asia-Pacific Network Information Centre (APNIC) facilitated a national capacity building workshop for Computer Incident Response Teams (CIRTs) in Samoa to further enhance the nation’s cybersecurity capacity.
The CMM report has now been approved by the government of Samoa for release and is available from the MCIT website.
Our next review saw the same team from OCSC, ITU and GCSCC working together with the Kingdom of Tonga in June 2018, at the invitation of Ministry of Meteorology, Energy, Information, Disaster Management, Environment, Climate Change and Communications (MEIDECC).
As part of this joint mission, ITU conducted a review of Tonga CERT and worked with the Asia-Pacific Network Information Centre (APNIC) to facilitate a national capacity building workshop for Computer Incident Response Teams (CIRTs) to further enhance the nation’s cybersecurity capacity.
At the invitation of the Office of the Government Chief Information Officer (OGCIO) in March 2019 the OCSC team joined the team from the Information Telecommunications Union, United Nations (ITU) to work with the Republic of Vanuatu as part of a joint mission. On this mission the OCSC and the ITU conducted a review of the national CERT of Vanuatu and ran a workshop to further enhance the nation’s cybersecurity capacity.
As a result of this work, the OCSC is currently working on Vanuatu’s cybersecurity capacity building initiative focusing on Vanuatu’s critical national infrastructure and informing the development of a comprehensive national cybersecurity strategy.
Papua New Guinea
In June 2019 OCSC and the team from the ITU again joined forces, this time to work with the Independent State of Papua New Guinea, at the invitation of the National Information and Communications Technology Authority (NICTA).
As part of this joint mission, ITU conducted a review of the national CERT of Papua New Guinea and ran a workshop to further enhance the nation’s cybersecurity capacity.
Federated States of Micronesia
In January 2020, in collaboration with the Asia-Pacific Telecommunity (APT) and at the invitation of the Department of Transportation, Communications & Infrastructure (TC&I), the OCSC team conducted a review of the Federated States of Micronesia (FSM).