ADDRESS BY THE ACTING PS FOR COMMUNICATIONS TUPOU’TUAH BARAVILALA AT THE ANNUAL PILON CYBERCRIME WORKSHOP

Bula vinaka and good morning.

It is my pleasure to welcome you to Fiji and to the 4th Annual PILON Cybercrime Workshop where the theme is Combatting Cybercrime: Trends and Tools in a Changing world. As the Ministry of Communications, I believe we have a bird’s eye view of how the whole cyber ecosystem comes together – from guaranteeing an enabling environment to ubiquitous access to connectivity to -- digital transformation shifts while at the same time ensuring cybersecurity safeguards are in place and measures to combat cybercrime. We also coordinate areas of collaboration amongst the various stakeholders in our fight against cybercrime. In short, to ensure that our people have access to meaningful connectivity in a secure cyberspace and, to utilise the vast opportunities that the internet provides. 
 
This knowledge has affirmed my belief that all of us have a significant role to play in cybersecurity, and that it is crucial to work together to better defend our cyberspace. And I am confident that we can all rise to that challenge. 
 
Before we unpack that, I’d like to share the work that the Fijian Government through the Ministry of Communications is doing in expanding meaningful connectivity and providing the foundational ICT components for an inclusive and sustainable socio-economic development. 
 
Today, we see the increase in connected devices -- where digital technology has embodied every aspect of our lives and the pace at which this has taken place has also been further quickened by the COVID-19 pandemic. That being said, recent ITU statistics have shown that 2.7 billion people worldwide are not connected to the online world and the opportunities that it presents. 
 
In Fiji, we have 95% mobile internet connectivity through 3G, 4G and 4G+ networks and are already working on connecting the final 5% of our people who live in remote and maritime areas. And we have exciting projects in this regard utilising the infrastructure sharing model and the universal service access model. 
 
Our access to the Southern Cross Cable fiber optic network provides fast, direct, resilient and secure connectivity and we’ve made investments to improve its speed, through the Southern Cross NEXT cable network. As part of our cyber resilience efforts, we are in the process of carrying out a feasibility study for a second fibre cable landing station to provide diversity and redundancy not just for Fiji but for the region.

Satellite services are a godsend for remote areas, connecting our most isolated communities to the world through television and internet services, in addition to radio services through through FM and AM transmission. Currently, Fiji has 100 per cent Digital Television coverage through terrestrial and satellite communications. Data prices have plummeted by as much as 98%. These have effectively brought government services closer to our people through various digitalisation efforts under the digitalFIJI flagship programme.
 
A Microsoft study has shown that by 2025, the global workforce is on the brink to add 149 million new technology-oriented jobs with emerging fields such as cloud and data roles, privacy and trust, software development, cybersecurity, and data analysis, machine learning and AI -- anticipated to groundswell.

Therefore, there is a need to ensure that we have a pipeline of people with the right skillset. This also means specialised legal skillset for these emerging technology areas including cyber insurance and data protection. 
 
The shift to online spaces has presented a challenge -- the attack surface area has increased. Digital technologies continue to accelerate, and with it, cybersecurity risks continue to become more evident. We have seen emerging and evolving threats which are transboundary in nature and which have an impact on international peace and security and thereby, placing cybersecurity as a priority. 
 
The focus now is to assertively bolster cybersecurity resilience in an evolving threat landscape.  To sustain our digital transformation journey and with the critical role of ICTs, it has become even more important to protect our digital infrastructure from the threat of cybercrime and to boost our collective cybersecurity efforts.

We all deal with different but interlinked challenges in our respective roles. To bridge potential silos, even closer multistakeholder collaboration is imperative. And the Fijian Government is certainly committed to working with all of you to ensure a safe and secure cyberspace. 
 
Cyber threats are increasingly becoming more cutting-edge, multi-faceted, targeted, and frequent in nature. We have seen cyber-attacks crippling critical infrastructure such as the Colonial Pipeline ransomware attack last year which lasted for several days and led to fuel shortages across the US East Coast and was the result of a compromised password of a VPN account. In July 2021, Kaseya, an IT software provider for enterprises which has a presence in 10 countries, became a victim of a supply chain ransomware attack whereby a malicious update was sent to its clients.

This attack had a far-reaching impact as one of its clients, Coop—a Swedish supermarket chain was forced to close 800 stores for a full week. Last December, a vulnerability to the Log4j was made public. Log4j is an open-source component which is found worldwide in countless applications and products, including in supply chain. In essence, the vulnerability allowed hackers to potentially take full control of affected systems which used Log4j.

Cyber threat actors jumped on this as there were millions of malicious attempts to exploit the Log4j vulnerability immediately following the public announcement of the vulnerability and the number ballooned to 10 million attempts every hour. Earlier this year, after a large-scale ransomware attack, Costa Rica declared a state of national emergency as it affected critical government services. Recently, Optus had a data breach which resulted in up to 9.8 million customers’ details stolen and placed on the darkweb. Medibank, a large private health insurance company had a data breach whereby 9.7 million customers’ data were exposed. 
 
These demonstrate the need to ensure that our cybersecurity measures are robust and agile, stronger protection tools are in place, and recovery is swift and business operation disruption is minimised, should an attack succeed. 
 
At a national level, we are in the process of reviewing our National Cybersecurity Strategy, establishing our national Computer Emergency Response Team and to formalise the current capabilities that exist.
 
The Fijian Parliament enacted the Cybercrime Act which is aligned to the Budapest Convention on Cybercrime. The Budapest Convention is the gold standard and is the only international instrument that deals with cybercrime and electronic evidence.

On 8 December 2021, we received an invitation to be a party to the Budapest Convention are taking steps to progress this. We are also partnering with the Council of Europe through the GLACY+ project where we have rolled out dedicated workshops for relevant stakeholders including the judiciary, law enforcement, prosecution, and the ICT sector. We are also developing tailored capacity building programmes for stakeholders for example, last week, we organised a workshop with stakeholders to gain a better understanding of the role of the 24/7 focal point. 
 
On the global stage, there is the UN Cybercrime Ad Hoc Committee which is looking into a new UN instrument on cybercrime and the UN Open-Ended Working Group on security of and in the use of information and communication technologies.

Both of which, we are a part of. The OEWG is looking at voluntary norms of responsible state behaviour in cyberspace together with the modalities on the application of international law in cyberspace. It is essential that we are part of those conversations to ensure that our priorities and interests are accounted for.  
 
Our regional cybersecurity mandate is undergirded by the 2018 Boe Declaration and our recently launched 2050 Strategy for the Blue Pacific Continent which focuses on fostering cooperation, collaboration and, to share cyber security threat information, tools, techniques, and ideas.

To improve cyber security capabilities and readiness across the Pacific, we need to make the most of existing regional networks such as this Pacific Islands Law Officers Network (PILON), the Pacific Cybersecurity Operational Network(PACSON), and the Pacific Transnational Crime Network.  Collaboration and information-sharing between these networks, where appropriate and collaboration with other regional counterparts can be further explored. For effective collaboration, there needs to be an up-to-date list of focal points for each country. 
 
As a collective, we need to create a culture of cyber hygiene practices amongst our people, ensuring that company boards view cybersecurity as an investment and not a cost, having in place laws that criminalise conduct against and by means of computer data and systems, having in place procedural law tools for efficient and effective investigations and prosecutions, sharing of threat intelligence, and continuing to having meetings like this one so that we can share experiences and learnings, workshop challenges and leverage opportunities for closer and more effective collaboration. It requires all of us, proactively synergising our efforts, implementing cyber security safeguards and measures.

Only then, can we turn the tide on these cyber threat actors which are a threat to peace, security, prosperity and the well-being of our people. 
 
I wish you well in your deliberations over the next few days.
 
Thank you.