When it comes to cyber security uplift, the Pacific could match, if not outpace Australia in relative terms by 2030.
Pacific Island countries are at a critical juncture. Having grappled with a significant digital divide, digitally enabling infrastructure and cyber security frameworks to protect them has lagged behind the rest of the world, however, there is change on the horizon.
The tyranny of distance and unique geography has made it difficult to create a resilient digital ecosystem in the Pacific, despite economic growth and considerable foreign investment into digital infrastructure. By resilient, I mean an ecosystem that can adapt and rapidly bounce back if it is attacked or impacted by a natural disaster. One that is diverse and not contingent on any one technology or supplier. One that unifies and connects Pacific Island nations with each other and the rest of the world for greater access to technology, ideas and support.
The world recognizes that the Pacific is lagging, and not all actors have good intentions. In PNG, cybercriminals successfully targeted government financial systems in a ransomware attack in October 2021, siphoning off hundreds of millions of dollars, including funds from Australian aid, while in Vanuatu, a November 2022 cyber attack strategically coincided with a newly elected government, resulting in all government systems being offline for over a month. More recently, Tonga’s state-owned telecommunications company was hit by ransomware in February 2023.
With the increasing threat, Australian Assistant Foreign Minister Tim Watts said recently that cyberattacks were the “fastest growing threat” to the Pacific’s national security.
“As Pacific Island nations realise their economic ambitions and develop their connectivity, their exposure to that threat grows,” Watts said.
The recently unveiled Cyber Security Strategy places a crucial emphasis on enhancing collective cyber resilience at scale through Shield 6 - Resilient region and global leadership, and could be a catalyst for change. The strategy aims to strike a delicate balance between fostering digital development and ensuring robust security and Australian leadership in the region, and if executed effectively, holds the promise of ushering in significant capability uplift in the Pacific region, potentially surpassing Australia’s own rate of advancement by 2030.
But don’t just take my word for it, here are three key reasons why we’ll see significant progress in the Pacific over the coming years.
1. Funding for Cyber Resilience
Though not substantial, Australia is investing in regional cybersecurity, earmarking funds for resilience projects. The allocation of $26.2 million to establish ‘Cyber Rapid Assistance for Pacific Incidents and Disasters (RAPID)’ teams, led by the Department of Foreign Affairs and Trade (DFAT), will enhance the Pacific’s ability to respond to cyber crises, fostering international norms and transparency. An additional $16.7 million will be directed toward bolstering long-term resilience by proactively identifying vulnerabilities, including end-of-life hardware and software, and implementing secure-by-design solutions, reducing supply chain vulnerabilities and their cascading impacts.
2. Private Sector Engagement
Due to complexities in the Pacific’s business landscape, limited market size, and geographical distance, businesses, especially major tech players, have been hesitant to establish a presence. The strategy aims to stimulate innovation by encouraging government-private sector collaboration to enhance investment and scale protection efforts. Pioneering this initiative, SoftIron is actively contributing by aiming to provide the region with secure sovereign cloud capabilities. We will likely see more private setor engagement flow into the Pacific with government support and as systems become more secure and resilient.
3. Internal Alignment of Pacific Partners
Decisions from Fiji’s Peoples’ Coalition Cabinet meeting in November 2023 highlight Fiji’s proactive stance in safeguarding critical infrastructure from cyber threats. This involves establishing the Critical Infrastructure Computer Emergency Response Team (CICERT) and the Critical Infrastructure Computer Security Incident Response Team (CICSIRT), which could potentially work in conjunction with DFAT’s new RAPID team. Fiji’s commitment to cybersecurity could significantly influence capability uplift, inspiring other Pacific Island nations to follow suit.
Change doesn’t need to be expensive but to be effective, funding needs to be allocated with clarity and transparency.
The success of the strategy hinges on well-defined plans, particularly for the private sector, with support for Australian capabilities. The internal alignment of Pacific Island countries, exemplified by Fiji, is crucial for achieving cybersecurity resilience and fostering greater international cooperation by 2030. The strategy’s implementation, coupled with the collective efforts of Pacific nations, signifies the the ramping up of efforts toward a more secure and interconnected future in the Pacific.