National Information & Communications Technology Authority of Papua New Guinea

Making Internet a Safer Place for PNG:
Establishing Computer Incident Response Team and Assessing National Cybersecurity Capacity
3-7 June 2019

The past twenty years has been an extraordinary time for the development of information and communication technologies (ICTs) – and with the ‘mobile miracle’, we have brought the benefits of ICTs within reach of virtually all the world’s people. But I believe that the next twenty years will be even more dramatic with 200 billion devices being connected through Internet of Things by 2020 and the benefits of broadband become available to everyone, wherever they live, and whatever their circumstances.

Greater connectivity also brings with it greater risk, not least the risk of losing trust and confidence in the networks we rely on, and the risk of losing trust and confidence in our ability to communicate securely. Security is key to building the trust and confidence in the use of ICT for e-transactions. Cybersecurity continues to be a big challenge as we embark on the Internet of Things, 5G, Smart Cities and Artificial Intelligence that will affect each and every aspect of our lives! In such an interconnected world a loophole anywhere in the global ICT network represents a challenge anywhere in the network. This includes emergency services; water supplies and power networks; food distribution chains; aircraft and shipping; navigation systems; industrial processes and supply chains; healthcare; public transportation; government services; and even our children’s education.

Pacific Islands Countries are considerably aware of the issues and cyber threats. Some countries have made efforts in building a National CIRT. The International Telecommunication Union (ITU) (United Nations Specialised Agency for Telecommunications and ICT has assisted countries in the Pacific with regard to cybersecurity. For examples, ITU conducted a Readiness Assessment on National CIRT Establishment in Fiji, Samoa, Tonga, Vanuatu. Despite efforts from the Pacific Islands Countries and international community, a number of challenges are yet to be addressed either partially or fully in respect of cybersecurity in general and CIRTs in particular. These are such as:

  • Assessment, establishment and strengthening of national cybersecurity framework (policy, legislation and strategy), where there are still gaps;
  • The need of national CIRTs and CIRT-to-CIRT collaboration;
  • Investments and sustainable model of national CIRTs;
  • Human and institutional capacity;
  • Regional / International coordination and collaboration.
  • Awareness in government, public and private sectors, and among citizens and other members of society
  • Child Protection Online

Mr Sameer Sharma, Senior Advisor, ITU said “As a specialized agency of United Nations on ICT, ITU provides a global forum for discussing cybersecurity, and has been entrusted by world leaders to facilitate international dialogue and cooperation through its Global Cybersecurity Agenda to develop a comprehensive and inclusive international framework for cooperation with the international community aimed at building a common understanding on ways of ensuring peace and stability in cyberspace. With the support from the Department of Communications and Arts, Government of Australia, ITU carried out assessments of CIRTs for Samoa, Tonga, Vanuatu and this week in PNG with focus on building human and institutional capacity of PNG CERT imparting relevant technical skills , tools as well as suggesting organisational structure ensuring effective operations.

Recognising the significance and further enhance socio and economic development, National Information & Communications Technology Authority of Papua New Guinea (NICTA) under the technical collaboration of the ITU carried out a CIRT assessment and builds capacity of the stakeholders between 3-7 June 2019. The major stakeholders, including ministries, ICT service providers, specialized institutions for ICTs, academia and relevant non-government agencies, have been invited to participate in the weeklong sessions. There will be latest information sharing presentations from by ITU and OCSC. The outcome would cover the following:

  • Stronger coordination, collaboration and information sharing between CIRTs and other relevant players;
  • Readiness assessments for national CIRT establishment for PNGa;
  • Design and implementation plan for each national CIRT;
  • Stocktaking of activities being undertaken in the selected countries by national, regional, and international organisations, and in the region in general; and
  • Awareness and hands-on training workshops aimed at building and strengthening human capacity in cybersecurity related matters in general and CIRTs in particular.

Additionally, ITU is partnering with the Oceania Cyber Security Centre (OCSC) Australia, to conduct an assessment of the national cybersecurity capacity based on the Cybersecurity Capacity Maturity Model for Nations (CMM) developed by the Global Cyber Security Capacity Centre (GCSCC) at the University of Oxford. The systematic and holistic model reviews a country’s cybersecurity capacity maturity in terms of five dimensions: Cybersecurity Policy and Strategy; Cyber Culture and Society; Cybersecurity Education, Training and Skills; Legal and Regulatory Frameworks; and Standards, Organisations and Technologies. The review report will enable the governments to benchmark national cybersecurity capacity and set priorities for strategic investment and capacity development. Support for the CMM review comes from the Government of Victoria.

Chief Executive Officer Charles Punaha, National Information & Communications Technology Authority of Papua New Guinea (NICTA) said that the government has given high priority for cybersecurity especially establishment of PNG CERT and enhance its capabilities to react, respond in coordinated manner to ensure safe and secure ICT access for people of Papua New Guinea.

UN Resident Coordinator, Mr. Gianluca Rampolla at Papua New Guinea: “United Nations throughout specialised agency on ICT is pleased to assist Papua New Guinea for ensuring secure and safe cyber culture for citizens by delivering specialised technical skills, simulation and tools engaging the government agencies, private sector, academia and other stakeholders because cybersecurity is responsibility of everyone.”

OCSC Project Lead – CMM in the Pacific, Dr. James Boorman: “The CMM review is an excellent opportunity for the Government of Papua New Guinea to benchmark its national cybersecurity capacity. The review results will enable the decision-makers to better plan investments in cybersecurity, set priorities for capacity-building initiatives, and support its ambition to enhance coordination and cooperation regarding cybersecurity in the region.”