Despite agreements reached between stakeholders in regard to the sharing of information on risk or threat reports, there exists an element of mistrust between them and the Government.
The Policing Ministry’s cybersecurity manager, Savenaca Siwatibau, told the Pacific Fiber Conference and Training in Nadi the issue of concern was whether the Government could give an assurance that it won’t share information with competitor organisations.
He said the issue had been highlighted during consultations.
The ministry’s framework, which is with the Solicitor-General’s office, has yet to be implemented and is aimed at targeting these issues.
“Inside the framework, we have inbuilt a communication plan and an incident response plan, and I would like to focus solely on threat intelligence setting,” he said.
“The importance of sharing risk or threat reports with other stakeholders.”
Mr Siwatibau said the ministry was to build trust within the critical infrastructure sector to enable it to share or be part of this important role in cyber security.
“Even if we are able to combat with the very latest technological equipment, without pre-empting or being able to forecast the threat vectors that are around us, we won’t be able to fully protect ourselves.
“So, the goal of the communication plan is to provide timely, trusted, and coordinated communication, which is the backbone of each critical infrastructure resilience, ensuring no sector stands alone against self-defense.”
Mr Siwatibau said most cyber attacks went through the supply chain.
“Even if you build your infrastructure within your organisation as secure as you can be, there is usually a risk of getting attacked through the supply chain.
“So, we’re hoping that with a robust communication plan we have formulated, we’ll be able to ensure timely sharing of this information for the purpose of protecting our critical infrastructure.”
Following the launch of national security strategies, Mr Siwatibau said the ministry hoped it would receive its framework by the beginning of next week for submission to Cabinet for approval.
“While we were working on the framework, a few organisations that haven’t got any cyber security policies or strategies have been able to formulate their own cyber security policies and they have shared with us their policies, their incident response plan, and their communication plan.”
Mr Siwatibau hopes the standards of cyber security policies and strategies for every organisation will be uplifted through the implementation of the framework.
“We are also reviewing the definition of critical infrastructure to provide and align them to sector definitions.”