Deep geopolitical currents & the recent PNG Finance Department ransomware attack


The recent ransomware attack on the PNG Department of Finance the Department of Finance’s Integrated Financial Management (IFMS)  on October 22, 2020 has hit the newspaper headlines across the world and domestically. It has affected provincial governments and government agencies accessing funds and department scrambled to get the system restored.  Although, the Finance Minister announced that it was restored but finer details of the full restoration are only known to those stakeholders who use the system.  The attack was a critical issue but it was watered down by the November parliament sitting and presentation of the 2022 National Budget paper. This cyber security threats to PNG Government’s big data is far from over and it should be a national agenda. Because we are in  the the Fourth Industrial Revolution era  where  “ range of technologies combine the physical, cyber, and biological worlds” Governments and citizens must get ready for changes imposed by this revolution.

 In order for any PNG citizen to have some understanding on the national cyber security issues in the country, one has to have some basic key Telecommunications industry developments in the country and geopolitics undercurrents behind them.

1. Coral Sea Cable and Kumul Submarine Cable

In today’s digitally connected world, broadband internet is the most valuable infrastructure in any country and that lies in the Telecommunications industry. And the key players in this industry in PNG are the telecommunications companies, Telikom PNG, Digicel, BMobile and PNG Dataco. PNG Dataco was created to invest and  maintain the internet infrastructures in the country and to sell internet at wholesale price to all Internet Service Providers (ISPs-includes the other players) which then retail it to organizations and individuals.

Having saw the need for this critical internet infrastructure in PNG and lack of both financial and technical capacity at PNGDataco to capacity to build it , both Australia and China as bilateral and strategic economic partners of PNG wanted to fund the broadband super highway cable connecting PNG to the rest of the world via Sydney Australia, replacing the old one.  This where the geopolitics for dominance in the Pacific came into play in the Telecommunications sector. PNG government saw the tension and wanted a more neutral position without having to offend any of the two allies so the project was divided between two. The Coral Sea Cable from Port Moresby to Sydney was funded by Australia at a cost of K480 million (AUS$200 million)  while the domestic Kumul Submarine Cable linking Port Moresby to all the costal provinces was funded by loan from Exim Bank of China at a cost of US$270 million (K879 million) The Kumul Submarine Cable Network Project (KSCNP) was contracted to Huawei, the Chinese giant telecommunications company.  Coral Sea Cable was completed and commissioned by the Prime Minister James Marape on the 5th of June 2020  and KSCNP was also completed in June 2020 as well.

According to Australian Department of Foreign Affairs and Trade (DFAT), Australia’s government’s commitment and funding for Coral Sea Cable was is in line with Australia’s  International Cyber Engagement Strategy  and “Step Up” in the Pacific  in its 2017 Foreign Policy White Paper

The Coral Sea Cable included linking PNG and Solomon Islands.

2.Dataco’s Data Centre in Port Moresby

PNG also lacked a national data centre for storing government data from various government departments.. Data centre is basically in laymen’s term a digital warehouse to store critical, high value and big volume data for organizations.  Key government department and statutory  organizations  in PNG keep their data in their own organizations making it costly for maintenance and also hard to share information between key government departments.

So the PNG Dataco’s Port Moresby data centre was funded from a development loan from China’s Exim Bank  and contracted to Huawei at the cost of US$53 million and became operational in 2018 during the PNG APEC meeting.

The Australian Department of Foreign Affairs and Trade (DEFAT) released a report on behalf of The Papua New Guinea’s National Cyber Security Centre that the data centre has outdated equipment and maintenance issues and glaring errors that opened the facility up to spying. PNG Government asked the Australian government for funding assistance to maintain it but the Australian government rejected it and advised the PNG Government to build a new one.

Australia presence in the domestic scene was the joint funding assistance for the PNG National Cyber Security Centre and was still at bay even though they funded the Coral Sea Cable project while the two key infrastructures KSCNP and Data Centre with PNG Data Co has ties with China in terms  funding, construction and technical equipment.

3. Buy out of Digicel Pacific Assets By Telstra.

In early 2020  Irish businessman Denis O’Brien ran into debt and May 2020, he filed for bankruptcy and put Digicel Pacific assets on sale. There various media reports indicated Chinese companies were interested in it.  Australian government was interested and was willing to put in US$1.5 billion and Telstra , Australia’s largest mobile network paying the remaining balance.

Eventually Digicel was sold to Telstra for $1.85 billion. as reported by Irish Times newspaper.  The Australian government’s involvement in the deal was seen as way to contain China in the Pacific.

This deal means that Telstra then becomes biggest player in the telecommunications industry in Papua New Guinea domestically.

Finance Department Ransomware Attack

With these developments in the background, the Department of Finance’s Integrated Financial Management (IFMS) as Ransomware Attack on October 22, 2020.

The Ransomware attack hampered the “government’s access to foreign aid, its ability to pay cheques and carry out other basic functions “

Although the Finance Minister John Pundari announced that the system was restored and no ransom money was paid to the attackers, there is very little information released to the media about the extend and value of damage.  Then the issue was watered down by the Parliament National Budget 22 sitting and it’s related debates.

Then in the Budget Parliament session  the government introduced a new Tax Levy which will heavily tax Digicel and Bank South Pacific and it will be implemented in the later part of next year after the National General Elections.

This will directly affect Telstra’s operation in the country, according to current Digicel PNG’s CEO.

With these developments in the Telecommunications sector, it is crucial for the government of PNG to really look at how it’s going to manage it’s crucial government big data working with reliable technology partners to protect it’s national digital assets. Securing national data is a national issue and not a diplomatic nor corporate business matter dedicated by individual business decisions of corporate organizations. A lot more things of national importance are at stake than doing patch work to prevent another ransomware attack from happening.