Tag Archive for: capacity building

The Pacific needs greater cyber resilience as malicious actors break into networks

Samoa and Papua New Guinea’s recent experiences with cyber intrusions are the latest reminders of the urgent need for enhanced cybersecurity resilience in the Pacific. What’s needed is capacity building and coordinated response initiatives.

On 11 February Samoa’s Computer Emergency Response Team (SamCERT) issued an advisory warning about APT40, a Chinese state-backed hacking group operating in the region. Days later, reports emerged that Papua New Guinea had suffered an unattributed cyberattack on its tax office, the Internal Revenue Commission, in late January.

SamCERT’s advisory marks the first time a Pacific island country has formally attributed a cyberattack to a China-linked group. While the advisory does not directly name China, it identifies APT40 as the perpetrator behind the cyber intrusion and provides a link to the Australian Signal Directorate’s website that details APT40’s connection with the Ministry of State Security, China’s foreign intelligence agency.

The advisory also warns that the hacking group conducts ‘operations directed at sensitive networks administered by Pacific Island nations’. While this reflects a growing awareness of foreign cyber influence in the Pacific, it also shows the caution that smaller nations exercise when publicly attributing cyber threats to state actors.

APT40, classified as an advanced persistent threat, conducts cyber operations by infiltrating networks and maintaining access. By loitering, it can monitor activity, collect data and carry out more sophisticated attacks targeting high-value accounts, including those of government officials.

This group and this method of operation are not new. Australia, the United States and New Zealand have all previously attributed cyberattacks to APT40. In the Pacific, Palau is the only country that has openly accused China of targeting its digital infrastructure, but didn’t issue technical attribution. Samoa’s willingness to publicly acknowledge this threat is a step towards greater cyber transparency in the Pacific and encourages more open discussions among regional leaders and cybersecurity experts.

Beyond the immediate implications of cyber espionage, these incidents highlight the broader hybrid threats Pacific nations face. Malicious actors often exploit weaknesses in cyber hygiene, including in server exploitation, phishing campaigns and web compromises, to gain initial access to networks. The intersection of cyber operations, economic dependencies and diplomatic sensitivities creates a complex security environment for the Pacific. While raising awareness of cyber threats is crucial, strategic communication must be handled in a way that fosters regional cooperation and builds cyber resilience without unnecessarily escalating geopolitical tensions.

Australia has worked with Pacific nations to enhance their incident response capabilities, provide technical assistance and facilitate information sharing. It has supported initiatives such as the Pacific Cyber Security Operational Network and the Cyber Rapid Assistance to Pacific Incidents and Disasters team. Samoa’s ability to issue a public advisory is, in part, a testament to such capacity-building efforts.

In contrast, Papua New Guinea communicated poorly following a cyberattack on its Internal Revenue Commission that paralysed tax administration functions and potentially exposed sensitive financial data. The commission first characterised the 29 January attack as a ‘system outage’, reflecting deeper structural challenges in the region’s cyber resilience framework, such as infrastructure gaps and bureaucratic red tape.

While it’s ideal for organisations to be transparent about being victims of a cyberattack, this requires a level of cyber maturity. Doing so effectively would require a level of technical capability and strategic communications preparedness to manage public awareness and response that many of these institutions in the Pacific have not yet built.

Governments in the Pacific recognise the importance of cybersecurity. PNG launched its National Cyber Security Strategy in 2024 joining several other countries who have published or are drafting their own. But many still face limitations in resources, technical expertise and infrastructure.

Pacific nations and international partners need to prioritise strengthening national computer emergency response teams and fostering regional cooperation. Enhancing incident detection and response capability, as well as promoting intelligence sharing across borders will help mitigate future cyber threats.

Arguably, Australia’s strategic investments in the region’s digital infrastructure, including high-capacity subsea cables, are important to digital transformation in the region. But transformation is outpacing cybersecurity preparedness, creating a widening gap that exposes critical institutions to cyber threats. Support must be matched with comprehensive and sustained cybersecurity capacity-building programs that raise Pacific nations’ agency—not just token efforts.

Although Australia has committed to building cyber capacity across the region, its support should extend beyond government networks to include businesses, critical infrastructure operators and civil society. Long-term resilience will come from increasing public awareness, developing a skilled cybersecurity workforce and integrating cyber resilience into national security strategies.

At least, Australia needs to gather like-minded partners, such as Japan, France and India, to coordinate investment in Pacific cybersecurity, ensuring that the region is equipped with the necessary tools and expertise to counter the growing sophistication of cyber adversaries.

Reviewing the ADF’s role in domestic counterterrorism responses

Responses to the federal government’s announcement two weeks ago that it’s expanding the ADF’s role in domestic counterterrorism (CT) responses were quickly subsumed by public discussion about the new Home Affairs portfolio. But with public discourse now moving on, it’s worth taking a closer look at how the announcement came about and what it might mean for the ADF into the future.

The review into the ADF’s role in domestic CT matters was commissioned in early 2015 following the rapid rise of Islamic State in 2014 and the early findings on the Sydney Lindt Café siege. The review involved the Department of Defence and various policing agencies and took nearly two years to complete.

Over that time, the importance of the review only increased. Driven by protracted unrest in the Middle East and Central Asia, the influence of Salafist-inspired extremism has spread from the ungoverned regions of conflict to the ungoverned digital domains of the internet. The threat from returning foreign fighters, and the increasing efforts by the Islamic State to inspire attacks in Western countries following its impending military defeat in Iraq and Syria, further cemented the government’s commitment to redefining the ADF’s role in support of law enforcement agencies.

The protracted time taken to finalise the review was due in part to the timing of the NSW Coroner’s inquest into the Lindt Café siege and in part to the complexity associated with making changes to the Defence Act.

Achieving a balance between effective military responses and the primacy of civil authority is a vexed issue in any democracy. Identifying the appropriate policy effects without overtasking the ADF or undercutting the constitutional rights of the states is the central premise of the reforms. To that end, the changes are designed to:

  • improve the CT capabilities of state and territory police through the transfer of relevant skills and technology from the military
  • increase the capacity of domestic police and security agencies to tap into niche military capabilities that will remain under ADF control
  • develop a greater capacity to rapidly scale up domestic CT responses should a situation require a response that’s beyond the capacity of state and territory agencies.

While some of the initiatives announced were already in place to some extent, they haven’t been consistently supported. Interagency training and liaison efforts, for example, have historically taken a back seat to competing operational priorities. A stronger focus on joint training activities, particularly if they’re expanded beyond the purview of special forces and police tactical units, has considerable merit. The experience that both regular military units and general-duty police gain through joint training is highly valued, but the organisation of such activities has relied on the initiative and interest of those at a working tactical level. Increasing the frequency of those activities and their importance at an enterprise level is significant and will improve the potential CT responses of both the police and the ADF.

The placement of more dedicated liaison staff within state and territory policing agencies with defined roles to bridge capability gaps will be another positive development. Those liaison staff may assist in undertaking planning support functions, filling technical intelligence gaps or supporting logistical capacity. Greater attention to effective liaison between the ADF and law enforcement agencies will increase access to a wider range of ADF capabilities through greater awareness of and confidence in their employment.

The most substantive component of the reform agenda concerns the responsiveness and scalability of ADF capabilities. Those changes will require an amendment to Part IIIAAA of the Defence Act. By removing the clause that limits state and territory authorities from asking for ADF support until their capability has been exceeded, the government will effectively be allowing the ADF to respond at an earlier juncture when circumstances warrant a more proactive approach.

Given the scale of the attacks in Mumbai, Paris and London, this is a prudent step, but it’s one that will need close management by state and federal authorities. When it amends the Defence Act, the government should also consider revising the provisions associated with the ADF’s use of force and powers of search and arrest in support of the civil authorities. The existing legislation is vague on those issues and the language of the provisions has previously been cited as an area of the Defence Act that needs strengthening.

Increasing the scalability of ADF response options will also require close attention to further contingency planning by the ADF and individual policing agencies. The recent attacks in Manchester and London demonstrated the utility of large-scale ‘callouts’ in support of the civil authorities. While such contingency plans do already exist in Australia, their utility relies heavily on effective execution in time-compressed and ambiguous circumstances. Rehearsing such contingencies regularly and with public awareness will ensure increasing confidence by all parties and, most importantly, by the general community.

The key to the success or otherwise of the government’s proposed changes will not necessarily be what difference they make to domestic CT capabilities through people and training, but how effectively they bridge the cultural divide between the law and order and Defence communities. The ADF is an important component of Australia’s domestic and international CT response capabilities, but its involvement alone will never be a guarantee of ultimate success.