Minister for Information, Communication and Technology (ICT), Timothy Masiu says the Digital Government Bill 2021 is vital to help strengthen PNG’s cyber security measures and capabilities.
He said once enacted, the Bill will give powers and enforcement mechanisms for the Department, as it contains the governance framework required to establish ICT governance across all public bodies.
“As Minister responsible, I will continue to push for the Digital Government Bill 2021 to be enacted in the November Parliament Seating,” Minister Masiu said.
He raised this after the Government’s Integrated Management Financial System (IMFS) was hit by a ransomware cyber attack last week.
“The cyber attack that occurred was bound to happen because we don’t have appropriate mechanisms for enforcement of cyber security standards and a governance framework for ICT functions in the public service.
“It has been happening and it is bound to keep happening if we don’t complete the reform process.
“I will also be pushing for a further upgrade of the Department of ICT immediately after enactment of the Digital Government Bill 2021. To the ICT Community, we need your support and voice to help us escalate the ICT Sector by getting this Bill through,” he said.
In 2018, through the initiative of various agencies including the Department of Prime Minister and NEC and the NICTA (ICT Regulator) and the support of the Australian Government, a National Cyber Security Centre Project was initiated.
Under the National Cyber Security Centre Project, a Cyber Emergency Response Team (CERT) and a Cyber Security Operations Centre. Under the National Cyber Security Centre (NCSC), the Cyber Security Services are offered as ICT Shared services.
In addition to this, the NCSC offers training to government agencies for level one training for cyber analysts.
In 2020, the Department of ICT took operational oversight of the Cyber Security Operations Centre while the CERT continued to be maintained under NICTA.
Minister Masiu stated: “It is certainly regrettable that the Department of Finance (DoF) did not take up the offer for endpoint protection services from the NCSC nor used the CERT despite multiple Circulars distributed to all public bodies on the NCSC.”
However, he said only thorough an ICT Audit can pinpoint where the vulnerabilities and oversights if any are and what preventative measures need to be taken moving forward.
On that note, Minister Masiu commended the Department of Finance for actions taken to recover from the cyber attack.
With respect to the National Cyber Security Centre services, he said they remain optional until such time that the Digital Government Bill 2021 is enacted.
In parallel to this is the work of the National Cyber Security Policy. The Cyber Security Policy was initially worked on by NICTA. But currently all Policy work to be transferred to the Department of ICT.
“It is now essential that the Policy is completed to give a clear National vision and implementation framework for cyber security.
“There have been many questions asked about what the Department of ICT is doing to address Cyber Security and for that matter ICT governance within the public sector.”
Minister Masiu has informed stakeholders that the Drafting Instructions of the Digital Government Bill 2021 was cleared by the Office of the State Solicitor on the 6th of September, 2021 (issued a Certificate of Necessity) and was further endorsed by Cabinet on 6th of October, 2021.
Meantime, the Department is concluding work on the National Cyber Security Policy and will be taken to Cabinet immediately.
“My call specifically for the ICT community is to please support us. We are on the right track to having ICT being legally recognized.”