Cook Islands Computer Emergency Response Team (CICERT) & Cyber Security Strategy

15 August 2024 Consultation – National Security Directorate, Office of the Prime Minister, Cook Islands Chamber of Commerce, et al.

Subject: Proposed establishment of a Cook Island Computer Emergency Response Team (CICERT), and 2nd consultation for the development of the CI Cyber Security Strategy

Cybercrime Threats to the Private Sector

Cybercrime poses significant risks to the private sector in the Cook Islands, potentially leading to financial losses, reputational damage, and operational disruptions. Businesses may face data breaches that compromise sensitive customer information, resulting in loss of trust and legal liabilities. Increased cyber threats can hinder investment and growth, as companies may need to allocate resources to enhance security measures. Additionally, the prevalence of online scams and fraud can deter consumers from engaging in digital transactions, impacting overall economic activity.

The Cook Islands Cyber Security Strategy 2024 is a draft aimed at enhancing the nation’s resilience against cyber threats affecting individuals, organisations, and government. It emphasises a collective responsibility for cyber security, highlighting the need for improved capacity and response mechanisms.Key objectives include empowering professionals across sectors to protect themselves online and addressing challenges such as limited training opportunities and resource constraints. The strategy proposes actions like establishing international connections for expertise, promoting cyber security education, and developing interventions to retain ICT professionals.

A Computer Emergency Response Team (CERT) is a proposed specialised group that responds to cyber security incidents, providing expertise in incident management, threat analysis, and recovery. The Cook Islands plans to establish a national CERT to enhance cyber resilience by tracking incidents, offering guidance, and fostering collaboration among stakeholders for improved security.

Private sector actions
The private sector in the Cook Islands can take several actions to mitigate cybercrime risks. First, businesses should invest in robust cyber security measures, including firewalls, encryption, and regular software updates. Employee training on cyber awareness and safe online practices is crucial to prevent human errors that can lead to breaches. Establishing incident response plans can help organisations quickly address and recover from cyber incidents. Collaborating with government and international partners for knowledge sharing and resources can enhance overall security. Additionally, adopting cybersecurity frameworks and compliance with relevant regulations will strengthen defences against potential cyber threats.

Chamber comments:
The Chamber has broadly supported this initiative, although a number of details are yet to be worked out. The manning and funding of CICERT are still being discussed.
The Chamber would prefer to see CICERT within an existing body, but including private sector representation, and contracting local qualified IT specialists where appropriate to undertake actual computer-related actions that are required following an incident.
The Chamber also encouraged the Government to ensure best-practice is followed in all their e-Government platforms. Private sector needs to be confident that private information is only accessible by properly authorised personnel, with multi-factor authentication, encryption both in transmission and storage, file permissions and audit records of access.