Critical Review of the National Cyber Security Policy 2021

 

 

Critical Review of the National Cyber Security Policy 2021

 

Written by: Jonathan Kunai

Introduction

The National Cyber Security Policy (NCSP) 2021 for Papua New Guinea (PNG) is a crucial document aimed at addressing the rapidly evolving cyber threats that the nation faces in the digital world we are in today. This policy outlines the government strategic approach to enhance the country’s cyber security’s capabilities, ensuring the protection of the citizen of PNG, critical infrastructures and the overall national security. This critical review will essentially present a mixed evaluation, recognition the strengthen of the paper while on the other hand highlighting areas that needs further improvement to adopt to emerging challenges.

Summary

The NCSP outlines several key objectives and strategies. It sets forth a clear vision for a secure cyber environment in PNG, stressing the need for stronger technical and intelligence capabilities to combat cyber threats and align with international standards. The policy acknowledges the ever-changing nature of cyber security and the risks involve while on the contrary, promoting a flexible approach to governance and strategy development essential for responding to new threats. It also stresses on the need for coordination among various stakeholders and government agencies both private and public for effective implementation, stressing the importance of sustainable resourcing and commitment from both government and industry. It advocates for the development of laws and regulations to support cyber security initiatives, ensuring PNG has the necessary legal structure to manage cyber threats effectively. Additionally, the policy establishes a framework for tracking the progress of implementations, which is vital for assessing the effectiveness of the strategies employed.

 

Critical Evaluation 

Strengths

The policy offers a well-rounded framework that addresses various aspects of cyber security, including governance, legislation, and implementation strategies. This comprehensive approach is paramount for building a more secured and strong cyber security position. As Snider et al., (2021, p.1) observes, as civilians face more cyberattacks, there has been a growing demand for governments to implement compressive cybersecurity policies.

The policy also stresses on cooperation, emphasizing that cyber security is a collective responsibility and not alone the government’s and encourages active participation form all sectors of society, fostering a culture of cyber awareness and vigilance.

Weaknesses

 While the policy highlights the need for sustainable resourcing, it lacks specific details on resources allocation and management, which could pose significant challenges to its implementation. Additional, although the policy acknowledges the dynamic nature of cyber security, it does not provide vigorous mechanism for regularly updating its strategies to respond to new developments, potentially to outdate practices that fail to address current risk.

 

             

The Policy is also closely linked to the to the broader National Security Policy (NSP) 2013, emphasizing the protection of national sovereignty and security in the digital space. This policy aligns with the National Constitution, ensuring cyber security is integrated into the national security strategy. It compliments with the existing policies of the Papua New Guinea that point towards a safer and secured cyberspace apart from the NSP 2013, to enhance the management and operational system that protects the overall security of PNG and its citizens.

Recognizing the ever evolving nature of cyber threats, the policy advocates for a proactive approach, emphasizing the development of technical and intelligence capabilities that meet international standards, which is crucial for safeguarding citizens and critical infrastructures from potential cyber incidents that could impact the country. Additionally, it stresses the importance of collaboration among government, private sectors, education institutions and civil society to enhance national cybersecurity capabilities and foster a culture of awareness and preparedness. As emphasized by Dutton et al., (2019, p.281), a develop technical and intelligence capabilities, and collaboration among stakeholders enhances a nations cyber security and reliance against evolving threats.

In summary, the policy outlines a clear vision and objectives to address cyber security challenges, proposing the establishment of the National Cyber Advisory Committee (NCSAC) to provide technical advisory support. The NCSP 2021 aims to create a secure cyberspace, protecting PNG's sovereignty and citizens' well-being through alignment with existing policies, addressing evolving threats, and fostering collaboration across sectors.

To enhance the NCSP, I would recommend that the policy establish dedicated cyber security fund for training, technology, acquisition, and treat response, supported by both government and private sector contributions. Secondly, investing in educational campaign and international partnerships to boost cyber security awareness, safe online behaviors, and collaborative knowledge sharing for PNG’s improves cyber security capabilities.

 

Conclusion

To conclude, the NCSP 2021 represents a significant step towards enhancing the country's cyber security framework. While it establishes a solid foundation for addressing cyber threats, there are areas that require further development, particularly in resource allocation and adaptability to emerging challenges. By implementing the recommended improvements, PNG can strengthen its cyber security posture and better protect its citizens and critical infrastructure from the evolving landscape of cyber threats.

 

 

 

 

 

 Reference

Dutton, William H., Sadie Creese, Ruth Shillair, and Maria Bada. "Cybersecurity Capacity: Does It Matter?" Journal of Information Policy 9 (2019): 280-306.

Keren L G Snider, Ryan Shandler, Shay Zandani, Daphna Canetti, Cyberattacks, cyber threats, and attitudes toward cybersecurity policies, Journal of Cybersecurity, Volume 7, Issue 1, 2021, tyab019, https://doi.org/10.1093/cybsec/tyab019

 

 

 

Comments

  1. Anonymous21 March 2025 at 02:05

    Since it's inception in 2021, have there been any developments or amendments to this policy? Furthermore, are there any tangible evidence of this policy being implemented? If so please provide it as it would be most appropriate. Having that in mind, who is the relevant stakeholder(s) that implements this policy?

    ReplyDelete
    Replies
    1. Jonathan Kunai22 March 2025 at 00:10

      Yes, since its inception in 2021 the National Cyber Security has undergone several amendments to address the emerging cyber threats and enhance the resilience of national digital infrastructure

      On the same token, yes their are tangible evidence of the policy's implementations. Such as, the National Cyber Center (NCSC) and the PNG Computer Emergency Team (CERT) as mentioned by the policy. These institutions play a crucial role when it comes to monitoring and implementation, thereby enhancing the country's cybersecurity posture.

      Relevant stakeholders that would be responsible for implementing this policy include;

      Department of Information and Communication Technology (DICT)
      PNG Defense Force (PNGDF)
      National Intelligence Organization (NIO)
      Royal PNG Constabulary ( RPNGC)
      Department of Justice and Attorney General (DJAG)
      Office of the Censorship (OOC)

      These stakeholder work together to ensure that the National Cyber Security Policy is effectively implemented and enforced. If you have any questions or need further details, feel free to ask!

      Delete
  2. Anonymous21 March 2025 at 13:42

    Best ever brother.

    ReplyDelete
  3. Anonymous21 March 2025 at 15:25

    A well researched and written article, I really enjoyed reading it. You can also consider checking the MTDP 4 and the Department of Information and Communications Technology website in regards to additional information to support your discussion. For example, what does the MTDV 4 say about National Cyber Security and what is DICT also doing in that space. I am aware that there’s other policies that cross cut into this space so you might want to look at them to help you understand the broader context to your discussion.

    ReplyDelete
    Replies
    1. Jonathan Kunai21 March 2025 at 23:25

      Thank you so much for your thoughtful comment! 😊

      I'm glad you enjoyed the article. Your suggestions are incredibly valuable, and I'll definitely look into the MTDP 4 and the Department of Information and Communication Technology;s website for more insights on National Cyber Security.

      What specific aspect of National Cyber Security are you most interested in?

      In my post, I discussed the importance of robust cybersecurity measures to protect our digital infrastructure and internet users form evolving threats. The MTDP 4 stress on policy and legislative reforms to enhance national security, while the DICT's National Cyber Security Plan 2023 - 2028 outlines strategies to strengthen the resilience for our cyberspace.

      Thanks again for your feedback. Your engagement and insight are truly appreciated. 🌟


      Delete
  4. Anonymous21 March 2025 at 23:16

    Well written and perfectly structured article.

    ReplyDelete

Post a Comment

Popular posts from this blog

A Review of the National Cyber Security Policy 2021

By Raphaella Gegeyo Introduction The National Cyber Security Policy (NCSP) 2021 was formulated following the National Information and Communication Technology (ICT) Policy 2009-2014, highlighting the government's role and approaches towards cyber security threats in Papua New Guinea. The NCSP mainly focuses on the different roles that the government play when dealing with cyber security within Papua New Guinea (PNG). The NCSP was a combined effort of both the Department of Communications and Information Technology (DCIT) and the National Information and Communications Technology Authority (NICTA). This review provides both positive and negative insights into the NCSP Summary Upon reading the document, three key three points were identified. The first key point was the importance of having a national cyber security policy and how vital it was to ensure protection of PNG’s national cyber space. The document highlights that it is important to have a safe and secured cyber spac...
Read more

Review of National Cybersecurity Policy 2021

By Lamonai. Kenny Introduction: In today's digital era, Papua New Guinea (PNG) finds itself at a crossroads where information and communication technology (ICT) offers tremendous opportunities alongside a surge in cyber-related threats. In response, the National Information and Communication Technology Authority (NICTA) enacted the National Cybersecurity Policy in 2021. The Department of ICT Minister Honourable Timothy Masiu has emphasized that the purpose of this policy is to safeguard the cybersecurity of Papua New Guineans, ensuring that it aligns with international standards in this digital age. Throughout this policy review, I will summarize the policy clearly outlining how the policy relates to the National Security Policy, as well as share my mixed perspectives on the effectiveness and implications of the policy, exploring both the strengths and areas of improvement to take into consideration. Summary: PNG has experienced the rapid increase of ICT, and with the commissionin...
Read more