The National Cyber Security Policy 2021 of Papua New Guinea

The National Cyber Security Policy 2021 of Papua New Guinea outlines a comprehensive framework aimed at enhancing the nation’s cybersecurity posture in response to growing cyber threats that could impact national security, the economy, and the well-being of its citizens. This policy serves as a blueprint for not only protecting the digital infrastructure but also for fostering a resilient digital economy that can safeguard the interests of its stakeholders against emerging cyber risks.

This National Cyber Security Policy sets out the government’s approach toward addressing every changing and dynamic cybersecurity risk and challenge. The Policy defines the Government’s vision, goals, objectives, evolving governance and principles to guide the development of relevant strategies and action plans for minimising cybersecurity risks. Considering the current landscape, this Policy sets a direction for the government to:

• partner and collaborate across all stakeholder groups, including private sector and civil society, academia and technical community to promote best practices and develop strategies to overcome market barriers to the adoption of secure technologies;
• improve awareness and transparency of cybersecurity risks and practices to build market demand for more secure products and services;
• partner and collaborate with international partners to promote open,industry-driven standards and risk-based approaches to address cybersecurity challenges, including cloud security platform;
• collaborate with the private sector, civil society and the cybersecurity community to promote awareness on cyber hygiene and cyber safety;
• Work with all ministries, including the Ministry of Education and the Ministry of Higher Education, to include cybersecurity and cyber safety in future curricula that can equip students with relevant cyber knowledge and etiquette and further generate interest in pursuing cybersecurity professional careers in PNG.
• Government to create in its strategy an inclusive partnership approach with clear short-term and long-term on professional capacity and capability plans, with a focus on the development of a national expert workforce in both the public and private sectors, including attractive remuneration and retainer packages to retain these developed national human capacity in the public sector. 

Vision and goals

• Vision: Safer and trusted cyberspace for all citizens.
• Goals: Include governance, risk management, resilience, protecting critical infrastructure, enhancing cyber capacity and awareness, legal reforms, and international cooperation.

Policy focus areas

• Cybersecurity coordination and governance framework: Establishes structures like the National Cyber Security Agency (NCSA) and related committees.
• Risk management, preparedness & resilience: Focuses on creating incident response capabilities and developing standards.
• Critical infrastructure & essential services: Aims to protect essential services through risk management approaches.
• Capability & capacity development and awareness: Enhances national capabilities and raises awareness about cybersecurity.
• Strengthening legal and regulatory framework: Develops laws to support the secure expansion of digital services.
• International cooperation: Enhances global partnerships to manage cross-border cyber threats.