From Connectivity to Vulnerability: Why Cyber Security Is Now a National Security Priority for PNG

-

By Bernard Yegiora

PNG is entering a decisive phase in its digital transformation. Increased internet penetration, mobile connectivity, and digital service delivery are accelerating economic and social participation. However, this expansion is simultaneously widening the national attack surface. The central argument of Seminar 6—drawing explicitly on the work of Ige and Watson—is clear: cyber security in PNG has moved beyond an ICT management issue and now sits firmly within the national security domain.

For those who want to engage directly with the seminar discussion, you can watch the full session here: Seminar 6 Video on YouTube

Seminar 6 in action: unpacking Ige’s critique of “analog-era” cybercrime laws and interrogating the effectiveness of PNG’s Cybercrime Code Act 2016, with a sharp focus on enforcement gaps and their implications for state credibility and public trust in the digital age.

1. Cybercrime as a National Security Threat

Building on empirical observations by Ige on cybercrime trends in PNG, the sharp increase in cybercrime victimisation between 2016 and 2021 is not incidental—it reflects structural exposure. Ige’s analysis demonstrates that as internet penetration grows incrementally, cybercrime scales proportionately.

This transforms cybercrime into a national security issue because it undermines economic systems, weakens institutional credibility, and exposes citizens to persistent harm. High-risk sectors include banking and financial services, telecommunications, government databases, and digitally active SMEs. The implication is strategic: the state’s capacity to guarantee security is now contested in cyberspace.

2. Cybersecurity and the Boe Declaration

Watson situates cybersecurity within the broader framework of the Boe Declaration on Regional Security, which redefines Pacific security to include non-traditional threats. This represents a doctrinal shift from state-centric defence to comprehensive security.

Watson argues that Pacific Island countries must prioritise cybersecurity through institutional strengthening, regional cooperation, and capacity development. This aligns cybersecurity with collective regional security objectives—where resilience is built through shared frameworks rather than isolated national policies.

3. Legal Frameworks: Adequate or Obsolete?

Ige’s critique of “analog-era laws” is particularly relevant to PNG’s Cybercrime Code Act 2016. While the Act criminalises offences such as hacking, identity theft, and cyber extortion, Ige argues that legal provisions alone are insufficient without enforcement capability.

The operational gap—limited digital forensic capacity, lack of specialised personnel, and weak inter-agency coordination—undermines deterrence. This creates a governance deficit where the law exists formally but lacks practical enforcement, thereby eroding public trust in state institutions.

4. Content-Based Offences and Social Stability

Ige’s findings indicate that most cybercrime cases in PNG are content-related offences—including defamation, harassment, and online threats. This diverges from global patterns where financial cybercrime dominates.

From a theoretical standpoint, this aligns with human security frameworks (as developed by scholars such as UNDP 1994 and later expanded by Buzan, Wæver, and de Wilde in their securitisation theory). These offences directly affect individual safety, dignity, and societal cohesion. In PNG’s context—where social fragmentation can quickly escalate—misinformation and online hostility pose real risks to political stability and community relations.

5. Adapting Security Strategies to Digital Realities

Watson identifies urbanisation and cyber threats as converging drivers of insecurity in the Pacific. This reinforces broader security scholarship that emphasises the changing nature of threats in developing states.

PNG’s national and regional strategies must therefore integrate cyber risk into mainstream security planning. This includes embedding cybersecurity into infrastructure development, enhancing digital literacy, and aligning national strategies with regional frameworks. Traditional security paradigms—focused on territorial defence—are no longer sufficient in a digitally interconnected environment.

6. The Coordination Imperative

Ige strongly advocates for a coordinated national cybersecurity architecture, aligning institutions such as PNGCERT, the National Cyber Security Centre, and the RPNGC Cybercrime Unit.

This reflects a broader governance principle in security studies: fragmentation undermines effectiveness. Institutional barriers—capacity constraints, overlapping mandates, funding limitations, and inconsistent political will—create systemic inefficiencies. Without a unified approach, PNG’s cyber defence posture remains reactive rather than strategic.

7. Feasibility of Advanced Cyber Policing Models

Ige proposes forward-leaning mechanisms such as cyberspace policing and a PNG Cyberspace Asset Recovery Team, drawing on international models like the FBI’s IC3 and Australia’s cyber frameworks.

However, feasibility must be assessed within PNG’s resource constraints. The strategic pathway is not replication but adaptation. PNG should prioritise partnerships—with Australia, regional organisations, financial institutions, and telecommunications providers. This reflects insights from global cybersecurity governance literature, which emphasises public-private partnerships as critical to disrupting cybercrime networks and enabling asset recovery.

Strategic Takeaway

The synthesis of Ige’s empirical work and Watson’s regional security analysis leads to a clear conclusion: cyber security must be elevated to the highest levels of national policy—specifically the National Security Council and National Executive Council.

Cyber threats in PNG are no longer peripheral. They intersect with governance, economic stability, and social cohesion. As the country deepens its digital transformation, the policy imperative is to transition from fragmented, reactive measures to a coordinated, strategic, and forward-looking national cybersecurity framework.

The risk is not theoretical. Without decisive action, PNG will face structural vulnerabilities that compromise both state authority and societal resilience in the digital age.

Comments

Post a Comment

Popular posts from this blog

Commercial liberalism and the six norms

-
Image
Liberal internationalism is defined by Griffiths, O'Callaghan and Roach (2008, p.190) as a project to transform international relations so that they conform to models of peace, freedom, and prosperity allegedly enjoyed within constitutional liberal democracies. The same scholars go further by dividing liberalism into three distinct groups. They say these are the three ways to implement the project. The way they present liberal internationalism as a project makes their work interesting. Three distinct groups Firstly, commercial liberalism is about free trade between states. States bilaterally or multilaterally via a platform like APEC pursue the goal of trade liberalization. Griffiths, O'Callagahan and Roach (ibid.) argued that economic interdependence would decrease the likelihood of going to war. Republican liberalism is about democratic peace. The scholars argued that the spread of democracy among states so that governments will be accountable to their citizens makes it di...
Read more

FPA: Organizational Process Model

-
This model centers on the fact that different bureaucracies have different standard operating procedures. These procedures are made in order to allow day to day operations to be carried out. Thus, a foreign policy decision is made based on these standard operating procedures. It is hard for a bureaucracy to make a decision or let alone function out of character or contrary to their standard operating procedure. The reading Chapter 4: Foreign policy shares a straight forward explanation of the OPM: "An alternative to the rational model of decision making is the organizational process model. In this model, foreign policy decision makers generally skip the labor-intensive process of identifying goals and alternative actions, relying instead for most decisions on standardized responses or standard operating procedures. For example, the U.S. State Department everyday receives more than a thousand reports or inquiries from its embassies around the world and sends out more than a ...
Read more

Allison's rational actor model

-
There are 3 common models of foreign policy decision making according to Graham Allison: rational actor model organizational process mode government politics model.  We will discuss the 3 models and compare them with the 3 levels of analysis. However, I challenge you to use your own initiative to learn about the other models of decision making. This will help you as future decision makers or analysts to understand how decisions are made and the processes. When one wakes up from bed he or she decides whether or not to brush their teeth, comb their hair and have a shower. These decisions are paramount, they affect and influence how the individual interacts in a social setting. This highlights the fact that as human beings we make decisions every day. Decision making is defined as the thought process of selecting a logical choice from the available options. In the case of the ‘Kibung peles boy’ analogy; the male student had a choice of approaching the girl to ask he...
Read more