CERT efforts accelerate in Tonga
Earlier in May, the USS Spruance could be seen docked in Nuku’alofa, Tonga, as part of its regional maritime security operations. At the same time, just down the road, APNIC was doing its own part for regional security.
At the invitation of Tonga’s Ministry of Information and Communication, I joined APNIC’s security specialist, Adli Wahid, to conduct a two-day Computer Emergency Response Team (CERT) workshop.
Cybersecurity has been a constant discussion point among those in telecommunications circles in the Pacific. As connectivity has increased, so have concerns over cybercrime, security, and safety issues. Tonga’s own boost in connectivity came in 2013 when the Tonga-Fiji Cable went online, connecting the economy to the trans-Pacific Southern Cross Cable Network. The arrival of the cable has seen available bandwidth increase dramatically, the launch of 3G+ broadband services, household mobile phone usage hit 90%, and individual Internet usage hit 40%.
Shortly thereafter, in December 2013, the government approved the formation of its Cyber Challenge Task Force charged with tackling issues of cybersecurity, cyber safety, and cybercrime.
This balanced approach – matching its ambitious e-government strategy, strategic development framework, and domestic cable extension with new cybercrime legislation and cybersecurity capacity development – has been a hallmark in Tonga’s approach to this challenge. The development of a national CERT is seen as an important next step moving forward.
Why CERTs are important
In today’s environment where cybersecurity breaches are mentioned in the media almost every day, CERTs and CSIRTs help manage security incidents when they occur. In addition and most importantly, lessons learned from the incidents help drive security awareness.
In his welcome message the Hon. Siaosi Sovaleni, Tonga’s Deputy Prime Minister and Minister for Meteorology, Energy, Information, Disaster Management, Environment, Climate Change and Communications, highlighted that cybersecurity is a multistakeholder and multifaceted issue. This is precisely why the effort in Tonga is particularly heartening.
The workshop brought together high-level officials from across government and included representatives from the major telcos on the island to provide their input and discuss the road ahead. More notable even, is that while Tonga has reached out to many external organizations for advice and expertise, the effort is a domestic initiative driven by local support and investment.
Of course plans on paper are nothing if not backed by local know-how. For that reason the high-level meetings were complemented by two half-day training sessions by APNIC, which brought together systems and security administrators from numerous government ministries and local telco Members TCL, TCC, and Digicel Tonga. The APNIC team covered topics ranging from security controls and the threat landscape, to security response and incident analysis. During the sessions the participants shared their own organization’s approach to cybersecurity and took part in several incident response desktop exercise to familiarize themselves with the work of a CERT.
This CERT workshop and high-level meetings demonstrate that Tonga is ready to move beyond talking and get down to the real work of starting up a national CERT. As the Deputy Prime Minster put it, ‘it’s about time that we do something because we believe that cybersecurity is essential for Tonga’