Commonwealth Island States Collaborate to Strengthen Cybersecurity

Tonga received training and mentorship support (from the Commonwealth Cybersecurity Program) in developing its National Cybersecurity Incident Response Strategy. Moreover, this small state has also established relationships with other Commonwealth countries and shares and learns in a mutually beneficial way.

Tonga is a Polynesian archipelago in the southern Pacific Ocean, made up of 169 islands, 36 of which are inhabited. Despite its small population of just over 100,000 people, the country is not immune to cybersecurity threats.

“Just recently we received a ‘Business Email Compromise’ in which a small business in Tonga was instructed to redirect a payment – at the last minute – to another bank account during a transaction at abroad,” said Siosaia Vaipuna, director of the country’s national office. Computer Security Incident Response Team (nCSIRT).

Other threats Tonga faces include botnet attacks and, more recently, the use of the coronavirus pandemic as a pretext to persuade less-informed citizens to deviate from well-established banking processes.

The Commonwealth 18–20 Fund has helped Tonga, along with 40 other Commonwealth countries, develop their nCSIRTs. nCSIRTs provide a crucial first line of defense against cybersecurity attacks, establishing dedicated teams that can respond quickly to any threat to the national digital infrastructure. However, for small counties like Tonga, developing the capacity and specialized expertise to build an effective nCSIRT can be challenging.

The Commonwealth Cybersecurity Program has helped address this issue by building relationships between member states. This encourages peer learning and collaboration as a tool to overcome their resource and capacity constraints.

Network to solve problems

“Networking [between nations] has been a very important part of this initiative for smaller Commonwealth countries like Tonga in the Pacific, Antigua and St. Kitts in the Caribbean,” Siosaia said.

Although the project focuses on developing a response to cybersecurity incidents, smaller countries have also benefited from the networking opportunities provided by the project’s capacity building events.

“We lack the skills to develop approaches in the same way as large countries,” said Siosaia, “My division is under one ministry, the Ministry of Meteorology, Energy, Information, disaster management, environment, climate change and communications – and all those big issues are difficult because we have limited resources.

Siosaia participated in two workshops organized by the project in Singapore and London. The workshop facilitators, specialists in cybersecurity approaches, presented the SIM3 self-assessment framework to Siosaia. It is a tool that helps countries understand their cybersecurity gaps.

The workshops also gave Siosaia and other delegates the opportunity to meet and discuss common issues.

During an event, Siosaia was approached by another project delegate, Gordina Hector-Murrell, director of cybersecurity for the Ministry of Information, Broadcasting, Telecommunications and Information Technology. Antigua and Barbuda. First, Gordina asked Siosaia if Tonga would be willing to share their draft cybercrime legislation. “She then asked for information to help with job descriptions,” Siosaia said. “Today we are happy to help Antigua knowing that at some point Antigua will help Tonga.”

Learn by example

Good cybersecurity relies on having strong systems and processes in place and hiring people with the right knowledge and skills. Small Commonwealth countries in the Pacific and Caribbean such as Tonga, Antigua and Barbuda, and St. Kitts and Nevis need to persuade their governments to prioritize cybersecurity and open up new civil service positions. “Although we have people with the right skills and knowledge in the country, they usually don’t have degrees. We could guide them through this process, but first we have to persuade our government to open positions and then relax the recruitment rules,” Siosaia said.

Diplomas are mandatory at key levels. This issue of recruitment and qualifications was also raised by Ophélie Blanchard, e-government coordinator in the information technology department of the Ministry of Justice, Legal Affairs and Communications in Saint Kitts and -Nevis, at the nCSIRT Final Capacity Building Workshop, London in December 2019. “Governments may need to change their recruitment requirements. If we can tell them that the rules have been relaxed in another country, that helps. » Networking and regular communications ensure that delegates can use examples of progress in other countries to advance their own strategies.

Howie Nichol, Program Manager at Torchlight Group (the project’s implementing partner) agrees, but noted: “When it comes to networking, small nations like Tonga have made real progress and collaborative work is often a necessity. Larger Commonwealth countries may be more responsive to sharing cybersecurity information. Even if the nations are part of the Commonwealth, that does not mean that they will always agree. Howie, continued, “At all of our capacity building events, we tell delegates that huge gains can be made by building trust, working together and sharing information. »

While Tonga has lent a hand in Antigua and Barbuda, Tonga has turned to Brunei to inform the development of the country’s cybersecurity policy and strategy. Mr. Vaipuna has been in regular contact with another project delegate, the Director of the Brunei National Computer Emergency Response Team (BruCERT).

BruCERT was established in conjunction with the Brunei Information and Communications Technology Industry Authority to become the single point of reference agency for handling computer and internet security incidents. “In Tonga, we are very interested in Brunei as they are ahead of us…this company is a hybrid combining private sector and government perspectives. Tonga wants a similar centralized system to manage cybersecurity both in government and in the private sector,” Siosaia said.

CHOGM Theme: A Safer Future

Project Title: The Cybersecurity Program

Country: Tonga

Implementation Partners: Torchlight, Protection Group International (PGI)

Lynn A. Saleh

Orchid Island Capital (ORC) set to report quarterly earnings on Thursday

Nevada’s ‘Reid Machine’ Passes Tough Mid-Run Test

From its “party island” to its opening date and new renders, here’s what you need to know

Cardinal calls on young people to fight for justice – The Island

Namibia’s South African connection poses a challenge to Sri Lanka – The Island

NC Legislative Races: Sharp divisions on abortion, economy