NATIONAL_CYBERSECURITY_POLICY_2021__Final__-_031121-_PRINT

Papua New Guinea National Cyber Security Policy 2021

Page 1

  • Title: Papua New Guinea National Cyber Security Policy 2021

Page 2: Table of Contents

  • Foreword by the Minister

  1. Introduction

    • 1.1 Purpose

    • 1.2 Background

  2. Policy Alignment and Framework

  3. Vision, Missions & Goals

    • 3.1 Vision

    • 3.2 Mission

    • 3.3 Goals

    • 3.4 Guiding Principles

  4. Policy Focus Areas

    • 4.1 Cyber Security Coordination and Governance Framework

    • 4.2 Risk Management, Preparedness & Resilience

    • 4.3 Critical Infrastructure & Essential Services

    • 4.4 Capability & Capacity Building and Awareness raising

    • 4.5 Strengthening Legal and Regulatory Framework

    • 4.6 International Cooperation

  5. Implementation Plan/Framework

  6. Monitoring & Evaluation

Page 4: Foreword by the Minister

  • Minister's Vision: Protecting PNG's national security and promoting citizens' prosperity is paramount.

  • Importance of Cyber Security: It's essential for the digital economy, emphasizing the need for secure systems as cyber threats increase.

  • Overall Goal: Secure cyberspace for future generations to foster development in government e-services and social interaction.

Page 5

  • The government emphasizes the necessity for collaboration among citizens, educational institutions, private sector, and civil society in enhancing national cyber security.

  • Pressing Issues: Increased ICT reliance brings heightened risks, necessitating a structured approach for effective coordination, capacity building, and legal frameworks.

Page 6: Key Responsibilities

  • Developing laws and structures for incident management.

  • Collaborative efforts across various sectors are essential for establishing cyber security capabilities.

  • Shared responsibility between the government and society for cyber security.

Page 7: Introduction

  • Purpose: Outline PNG's Cyber Security Policy to address evolving cyber risks.

  • Cyber Security Goals: Align with international standards to enhance protection against cyber threats affecting citizens and critical infrastructure.

Page 8: Background

  • Growing digital tech adoption increases cyber risks.

  • Recognition of the need to update existing policies due to escalating cyber threats.

  • Mention of the 2020 Digital Transformation Policy emphasizing cyber security as a top priority.

Page 9: Malicious Activity Overview

  • Global Context: Cyber threats affecting nations, highlighting specific actors like state-sponsored entities.

  • Risks to PNG: The need for public awareness and preparedness against various forms of cyber threats, including sophisticated attacks aimed at critical infrastructure.

Page 10: National Cyber Security Centre (NCSC)

  • Established in 2018 with Australian support to build internal capacity.

  • Functions include incident response coordination, cyber awareness promotion, and management of cyber security initiatives.

Page 11: Policy Alignment and Framework

  • Aligns with various national security policies and strategies, enhancing PNG's cyber governance.

  • Policymaking will focus on the protection of national sovereignty and safety in cyberspace.

Page 12: Vision, Mission & Goals

  • Vision: Safe and trusted cyberspace harnessing digital technology benefits.

  • Mission: Ensure safety in cyberspace to protect sovereignty and promote inclusive digital growth.

  • Goals: Include establishing governance structures, improving national cyber resilience, and increasing awareness.

Page 13: Guiding Principles

  • Emphasize collaboration across all sectors, accountability at all levels of society, and the importance of legal frameworks adapting to digital advancements.

Page 14: Policy Focus Areas

  • Calls for a National Cyber Security Strategy to combat cybercrime and defend critical infrastructure.

  • Mechanisms to enhance information sharing and cyber defense strategies proposed.

Page 15: Cyber Security Coordination Framework

  • Transitioning governance from partial foreign control to total national control.

  • Establishing effective cybersecurity operations with clear roles and responsibilities.

Page 16: National Cyber Security Agency (NCSA)

  • Will coordinate national cyber security initiatives, providing structural guidance and oversight for monitoring and response strategies.

Page 17: National Cyber Security Advisory Committee (NCSAC)

  • Formation of a committee to provide expert guidance and policy direction for national cyber security initiatives.

Page 18: National Cyber Security Centre (NCSC) Functions

  • Central hub providing advisory assistance and promoting cyber awareness and safety across PNG's sectors.

Page 19: Cyber Security Response Team (CERT & CSOC)

  • CERT responsibilities include management of cyber incidents and promoting public awareness.

  • CSOC tasked with monitoring, assessing, and reporting on cyber threats.

Page 20: Government Stake-Holders

  • Various governmental departments tasked with managing cyber security across different sectors—ensuring integrated efforts.

Page 21: Risk Management and Resilience

  • Emphasis on identifying vulnerabilities and implementing robust risk management protocols for cyber incidents.

Page 22: Emergency Readiness

  • Overview of initiatives to enhance preparedness for cyber threats, including developing rapid response capabilities and protocols.

Page 23: Critical Infrastructure Protection

  • Identification and protection of national critical infrastructure through extensive risk assessments and stakeholder partnerships.

Page 24: Awareness Raising Efforts

  • Strategies for increasing public knowledge about cyber hygiene and safety, particularly in the context of recent societal challenges.

Page 25: Legal Framework Enhancements

  • Development of robust legislation setting forth cyber security standards reflective of both national and international best practices.

Page 26: Digital Government Legislation

  • Legislation aimed at establishing effective ICT governance structures across public sectors to ensure secure and efficient service delivery in a digital context.

Page 27: National Cyber Security Legislation

  • Introduction of comprehensive laws to enhance the monitoring and managing of cybersecurity issues, alongside developing a dedicated cyber security authority.

Page 28: Infrastructure and Cyber Security Agency

  • Establishment of an agency to oversee national cyber security efforts, focusing on protecting against and responding to cyber threats.

Page 29: Threats to Critical Infrastructure

  • Discussion on the increasing vulnerability of critical infrastructures to cyber threats and the importance of preventative measures.

Page 30: Cooperative International Cyber Security

  • Emphasis on building international partnerships to bolster PNG’s capacity for responding to cyber threats through shared governance frameworks.

Page 31: Implementation Framework

  • Outline of phased implementation strategy for the national cyber security policy, involving various governmental and institutional stakeholders.

Page 32: Executive Sponsorship and Authority

  • Clarification of responsibilities for leading and coordinating national cybersecurity strategy development and implementation efforts.

Page 33: Monitoring and Evaluation

  • Commitment to ongoing assessments of the policy implementation's effectiveness, ensuring adaptability to evolving cyber threats.