Financial Crime World

Tonga Takes Steps to Ensure Cybersecurity and Data Protection

The Government of Tonga has announced a series of measures to boost cybersecurity resilience and protect the confidentiality, integrity, and availability of its data resources.

Risk Management: A Key Component

According to the ISO/IEC 27005 standard on information security, risk management is a crucial aspect of ensuring cybersecurity. The government recognizes that cybersecurity incidents can never be completely prevented and therefore focuses on cyber resilience - the control and reduction of damage caused by incidents. To achieve this, the government will:

  • Identify and value ICT assets
  • Conduct continuous monitoring and analysis of security incidents
  • Leverage threat intelligence to stay informed about potential threats
  • Promote risk awareness across all levels of government
  • Develop incident management and recovery plans

Cybersecurity Risks: A Threat to National Security

The government acknowledges that cybersecurity risks involve three components:

  • Threats: Unauthorized access, malware, phishing, and other malicious activities
  • Vulnerabilities: Weak passwords, outdated software, and unpatched systems
  • Impact (consequence): Loss of data, financial losses, reputational damage, and national security breaches

To mitigate these risks, the government will:

  • Conduct regular risk assessments in public institutions and critical private enterprises
  • Record findings in a combined security risk register
  • Prepare risk mitigation plans for MDAs and critical private enterprises

Threat Preparedness and Incident Response

The government has identified the need to improve threat preparedness and incident response. To address this, the country will:

  • Define the incident management process
  • Establish an incident reporting requirement
  • Set up a Cybersecurity Incident Response Team (CSIRT)

Actions to Enhance Cybersecurity Resilience

To ensure interoperability, portability, and better security, the government has outlined several actions, including:

  • Developing and adopting a Cybersecurity Manual for Tongan government agencies
  • Upgrading Civil Registration and National Identity systems
  • Transitioning all MDAs to the Secure Government Network (SGN)
  • Implementing the Data Center Consolidation Program and Tongan Government Cloud Computing Transition
  • Identifying threats and vulnerabilities of public sector information systems and critical IT infrastructure
  • Performing regular risk assessments in public organizations and critical private enterprises
  • Preparing risk mitigation and disaster recovery plans

By taking these measures, the government aims to protect the confidentiality, integrity, and availability of Tonga’s data resources and ensure the country’s cybersecurity resilience.