From Huawei to Cybersecurity: PNG’s digital dilemma in a contested Pacific

-

By Bernard Yegiora

PNG’s digital transformation is no longer just a development story. It is a strategic one.

In my earlier work on The Yegiora Files, I examined the Huawei debate in PNG at a time when it was framed largely as a telecommunications issue. Yet those discussions were never simply about infrastructure. They were early indicators of a deeper shift: the entry of geopolitics into PNG’s digital space. Today, that shift is unmistakable. Cybersecurity has emerged as a central concern, and the questions raised nearly a decade ago now sit at the core of PNG’s national security agenda.

In 2025, I invited Dr. Mengmeng Ge—now with Monash University—to deliver a Zoom guest lecture to my students, offering practical insights into cybersecurity, with a focus on social engineering and the exploitation of human vulnerabilities in digital systems.

The turning point came with PNG’s engagement with Huawei. In Australian Ignorance and the PNG Huawei Deal, I argued that traditional partners, particularly Australia, misunderstood PNG’s decision-making environment. Their response was reactive and delayed, while PNG prioritised immediate development needs. The issue was not simply the presence of Huawei, but the absence of timely and strategic engagement by external actors. Infrastructure decisions were being shaped in a geopolitical environment, even if they were presented as economic choices.

By 2019, in The Huawei Issue and Its Impact on PNG, the tension between development priorities and emerging security concerns became more apparent. Globally, Huawei had become associated with allegations of cyber espionage and data vulnerabilities. Yet PNG maintained its position, honouring its agreements and resisting external pressure. This revealed a structural gap: strategic infrastructure decisions were being made without a corresponding national security framework.

By 2021, in Huawei Behind PNG’s Digital Rise, the debate had shifted again. Huawei was no longer a contested entrant; it had become embedded in PNG’s digital ecosystem. The question was no longer whether PNG should engage with Huawei, but how it should manage the consequences of that engagement. This marked a transition from decision-making to structural dependency.

More recently, in PNG Must Tread Carefully Between China and, I argued that PNG is now operating in a contested strategic environment shaped by intensifying competition between China and its Western partners. Infrastructure projects—particularly submarine cable networks—are no longer neutral investments. They are instruments of influence. PNG is not simply developing its digital capacity; it is navigating competing strategic interests.

This trajectory now finds formal recognition in PNG’s Medium Term Development Plan IV (2023–2027). MTDP IV places security—including cybersecurity—at the centre of national development, acknowledging that economic growth, governance, and state resilience are increasingly dependent on secure digital systems. It identifies law and justice, defence, and national security as priority sectors, while emphasising the importance of strengthening ICT infrastructure and institutional capability.

Excerpt from PNG’s Medium Term Development Plan IV highlighting cybersecurity as a national security priority, with government commitment to strengthen digital protection systems and reduce exposure to emerging cyber threats.

What MTDP IV does is make explicit what earlier developments had already implied: digital infrastructure is now a national security asset.

Yet the Plan also exposes a critical challenge. While it recognises the importance of cybersecurity, it does not fully resolve the structural constraints identified in earlier analyses and my recent article. PNG continues to face:

  • Fragmented institutional responsibilities in ICT governance
  • Dependence on external partners for critical infrastructure
  • Limited domestic technical and cybersecurity capacity

These constraints create vulnerability. Infrastructure may expand, but without corresponding institutional strength, exposure to cyber threats, surveillance risks, and external influence also increases.

Cybersecurity therefore represents the convergence of multiple pressures. Submarine cable systems, data infrastructure, and telecommunications networks underpin economic and state functions, but they also introduce new risks. Control over infrastructure translates into potential leverage. Weak governance creates entry points for exploitation. External competition amplifies these dynamics.

For PNG, the challenge is structural rather than tactical. It is not a cyber power capable of shaping global norms or projecting influence. Instead, it must operate within a system defined by larger actors. This creates a familiar dilemma for small states: how to engage external partners to drive development while preserving strategic autonomy.

The answer lies in management, not avoidance. PNG must strengthen institutional coordination, particularly between agencies responsible for ICT planning and regulation. Infrastructure agreements must incorporate safeguards, including data protection provisions, technical oversight, and long-term risk assessments. Diversification of partnerships will also be critical to reduce overdependence on any single actor.

At the same time, PNG must recognise that cybersecurity is not a purely technical domain. It is embedded in broader geopolitical competition. The rivalry between China and Western partners is increasingly playing out in digital infrastructure, standards, and data governance. For PNG, this means that infrastructure choices will carry diplomatic and security implications well beyond the technical sphere.

Looking back, the warning signs were always present. The Huawei debate was not an isolated controversy. It was an early manifestation of a deeper transformation. What appeared to be a question of connectivity was, in reality, a question of control.

MTDP IV confirms that PNG now recognises this reality. Development and security can no longer be separated. In the digital domain, infrastructure decisions are security decisions.

The strategic question now is execution. Policy recognition without institutional capability will not be sufficient.

Comments

Post a Comment

Popular posts from this blog

Commercial liberalism and the six norms

-
Image
Liberal internationalism is defined by Griffiths, O'Callaghan and Roach (2008, p.190) as a project to transform international relations so that they conform to models of peace, freedom, and prosperity allegedly enjoyed within constitutional liberal democracies. The same scholars go further by dividing liberalism into three distinct groups. They say these are the three ways to implement the project. The way they present liberal internationalism as a project makes their work interesting. Three distinct groups Firstly, commercial liberalism is about free trade between states. States bilaterally or multilaterally via a platform like APEC pursue the goal of trade liberalization. Griffiths, O'Callagahan and Roach (ibid.) argued that economic interdependence would decrease the likelihood of going to war. Republican liberalism is about democratic peace. The scholars argued that the spread of democracy among states so that governments will be accountable to their citizens makes it di...
Read more

Allison's rational actor model

-
There are 3 common models of foreign policy decision making according to Graham Allison: rational actor model organizational process mode government politics model.  We will discuss the 3 models and compare them with the 3 levels of analysis. However, I challenge you to use your own initiative to learn about the other models of decision making. This will help you as future decision makers or analysts to understand how decisions are made and the processes. When one wakes up from bed he or she decides whether or not to brush their teeth, comb their hair and have a shower. These decisions are paramount, they affect and influence how the individual interacts in a social setting. This highlights the fact that as human beings we make decisions every day. Decision making is defined as the thought process of selecting a logical choice from the available options. In the case of the ‘Kibung peles boy’ analogy; the male student had a choice of approaching the girl to ask he...
Read more

FPA: Organizational Process Model

-
This model centers on the fact that different bureaucracies have different standard operating procedures. These procedures are made in order to allow day to day operations to be carried out. Thus, a foreign policy decision is made based on these standard operating procedures. It is hard for a bureaucracy to make a decision or let alone function out of character or contrary to their standard operating procedure. The reading Chapter 4: Foreign policy shares a straight forward explanation of the OPM: "An alternative to the rational model of decision making is the organizational process model. In this model, foreign policy decision makers generally skip the labor-intensive process of identifying goals and alternative actions, relying instead for most decisions on standardized responses or standard operating procedures. For example, the U.S. State Department everyday receives more than a thousand reports or inquiries from its embassies around the world and sends out more than a ...
Read more