Vanuatu National Cybersecurity Policy

Definitions of Data:

There is no definition of data, however "data security" is defined "Data Security: is the process of protecting your most critical business assets (your data) against unauthorized or unwanted use"

Main Focus of Document:

Provides for the development of measures to curtail cyber attacks

Target Beneficiaries or Sectors:

government sector

Key Elements:

The Policy sets out key goals, policies and objectives to maximise safety and security for Vanuatu. To achieve this, the government intends to develop cyber security minimum standards and to strengthen the legal framework to meet international standards in an effort to ensure a secure digital environment.

Five goals are identified: 2.2.1 Develop the necessary organizational structures with a focus on utilizing existing structures in Vanuatu as well as the region; 2.2.2 Defining mandatory technical cybersecurity minimum standards for operators of critical infrastructure and providing expertise as well as basic tools and services for citizens, businesses and government 2.2.3 Strengthening the legal framework in Vanuatu to meet highest regional and international standards with regard to protection of fundamental rights as well as criminalization, investigation, electronic evidence and international cooperation; 2.2.4 Bringing the level of knowledge about cybersecurity and ways to protect against cyber threats of the citizens and businesses of Vanuatu to highest levels; and 2.2.5 Responding to the global nature of cybersecurity threats through strengthening Vanuatu’s ability to participate in the international cooperation against such threats.

Key Objectives:

• Create a National Cybersecurity Steering Committee (NCSC) chaired by the DG responsible for ICT. The NCSC will take the overall lead in the coordination of the implementation of the Cybersecurity Policy and the process of carrying out the necessary tasks.
• Identify all existing government and non-government institutions that are currently active in the field of cybersecurity and fighting cybercrime. Special attention should be paid to the identification of potential local points of contact in rural areas. Drafting of a report about the mandate, resources and experiences, and analysis of potential areas for synergy, overlapping and gaps.
• Develop a strategy to encourage the reporting of cybersecurity incidents. The increase of information shall feed into concrete warnings about recent trends, regular information about latest trends for press and general public and quarterly reports about the development of incidents for NCSC. Set up of a central website for reporting cybersecurity incidents by businesses and citizens as well as providing information and tools.
• Develop a unit within law enforcement that serves as single point of contact for requests from government institutions as well as citizens and businesses. The creation of a contact point and the installation of the website shall increase the amount of information available.
• Identify operators of national critical infrastructure and determine the use of ICT by those operators and the related risks.
• Develop technical and organizational minimum standards for the operator of critical infrastructure and the related control/evaluation mechanisms to ensure that the risk of cybersecurity related attacks are minimized.
• Under supervision of NCSC, a review of the existing legislation related to cybersecurity and cybercrime should be carried out. This shall include definitions, penal legislation, investigation instruments of law enforcement, admissibility of electronic evidence, liability of Internet Service Providers (ISPs), and specific provision to protect children online and international cooperation. The review shall include the identification of existing provisions that could be utilized in relation to cybersecurity, a comparison with international best practices, a gap analysis, suggestions for amendments and the related drafting instructions. This activity shall be carried out in close cooperation with the State Law Office and built upon existing work carried out in the region (e.g. the assessment of legislation within the ICB4PAC project). A report including the drafting instructions shall be submitted until October 2013.
• To ensure that Vanuatu’s legal framework is fully in line with international best practices. The NCSC will analyse the capacities of Vanuatu to efficiently submit requests for mutual legal assistance as well as timely respond to requests submitted to authorities in the country. NCSC will develop recommendations for the establishment of a single point of contact. Further more the NCSC will analyse if the technology used for sending and receiving requests as well as the availability of the contact point are in line with international best practices.