In a bid to help Pacific island states become more resilient to cyber attacks such as the one Vanuatu suffered in 2022, Australia outlined a vision to become the partner of choice for cyber security in the region in the Australian Cyber Security Strategy released last November, as part of a renewed focus on enhancing cybersecurity cooperation and capacity-building.
This marks a notable step forward in Australia’s relationship with its neighbours, but it lacks a focus on local investment, which the region wants most.
The crippling ransomware attack on the Vanuatu government’s Broadband Network underscored small island nations’ vulnerability to cyber threats and highlighted the urgent need to improve cybersecurity regionally. The impact of the attack was devastating, with ministries and administrative functions paralysed. Hospitals turned to pen and paper to register patients, the prime minister’s office resorted to typewriters, and essential services, including schools and police, halted.
The island states need to upgrade their systems to shield themselves from attacks such as these, but it’s a tricky task.
At the inaugural Pacific Cyber Capacity Building and Coordination Conference in 2023, Pacific Islands Forum Secretary-General Henry Puna said that while the digital revolution offered many opportunities, island states face challenges requiring a specialised approach. Limited budgets, legacy technology and societal vulnerabilities including prevalent online disinformation, make digital transitions complex.
With China pursuing deals in the Pacific, Australia has responded by announcing a suite of aid and defence packages to become the partner of choice and increase its influence. The step-up in cyber support, articulated in the sixth shield of the Australian Cyber Security Strategy, includes Cyber RAPID teams, technical vulnerability reviews, end-of-life hardware assessments and hardened digital standards and trade rules. The government has committed $26.2 million towards Cyber RAPID teams along with $16.7 million for hardware modernisation and ‘secure-by-design’ development.
But being partner of choice requires not only alignment with shared goals and values, but also a willingness to listen, understand and address unique needs and challenges over the long-term. Shield Six does not adequately cover this, lacking a focus on true local investment that Pacific countries have consistently said they want most.
First, Australia should help the region build sustainable resilience and capacity. The World Economic Forum’s latest global cybersecurity report identifies affordability as a critical determinant of cyber-resilience, but in the Pacific, small budgets and limited technical capacity leave many nations ill-equipped to defend themselves against cyberattacks.
Take Fiji. Its legacy Chinese-made technology and lack of cyber hygiene made it vulnerable to a surge in Chinese state-sponsored cyberattacks following rapid political changes in 2022.
Now the Fijian government wants more local skills to build cyber resilience, knowing this would also contribute to economic growth. Australia has been addressing its own cyber security skills gap in recent years, recognising the importance of a thriving cyber workforce to national prosperity. Australia can adapt this experience to support Pacific states through targeted training programs, scholarships, secondments and internships.
In doing this however, Australia must help ensure that the expanded pool of cybersecurity professionals remain in their own countries to safeguard local communities, and not perpetuate the existing gap in regional defences. There is a common gripe that local professionals are lured away by opportunities abroad and not incentivised to stay. Australia can help prevent brain drain by supporting the creation of robust local cyber communities and jobs that offer meaningful work and competitive salaries.
We know this can be done. In 2013, not a single South Pacific nation had its own computer emergency response team. Today, Vanuatu has a skilled and committed CERT: half-a-dozen cyber warriors who have stayed in Vanuatu to alert the government to threats, respond to incidents and educate the community on cyber security. Australia could help expand Pacific-grown teams like the Vanuatu CERT through increased funding, technical assistance and knowledge-sharing initiatives.
Specifically, a cyber-skills version of the Pacific Australia Labour Mobility scheme would allow Pacific-islanders to work in Australia and eventually transfer knowledge back to their home country. There is potential in the region: the Business Process Outsourcing (BPO) sector in Fiji is set to become a $300 million industry employing more than 5000 people by 2025.
Australia can also help the region bridge the gap between awareness and action. There is a shortage of sensors and experts monitoring the cyber threat landscape because few companies are willing to invest in cyber threat intelligence in the South Pacific and governments are unable to afford the latest services. For example, cybercrime increased during the pandemic as more Pacific Islanders ventured online, but we don’t know by how much. The entire region needs to be uplifted to meet the latest security standards and have access to OSINT monitoring of social media, online forums and dark web marketplaces in order to understand who is behind the attacks.
The Australian government should help negotiate with trusted cybersecurity technology companies that can provide endpoint security, threat intelligence and cyberattack training to stop breaches before they happen. Under this model, everybody wins: Australia gets enhanced regional security, influence and a more effective use of aid dollars; cyber companies gain access to a fertile source of intelligence, corporate good-will and potential long-term partnerships; and Pacific countries receive the persistent cybersecurity infrastructure and expertise they need to pre-emptively safeguard their digital environments.
Finally, Australia should continue to help local communities in the region understand cyber threats, building on its PaCSON and Cyber Safety Pacifika initiatives that promote online security attuned to cultural norms through hyper-local education programs.
The key to Pacific resilience lies in investing in local capacity, fostering collaboration and promoting home-grown education initiatives tailored to the Pacific way of life. By making these investments, Australia can help empower its neighbours, prepare them for the next crisis and show that it is truly the partner of choice.