In collaboration with the ITU, the GCSCC and its regional partner the Oceania Cyber Security Centre (OCSC) undertook a review of the maturity of cybersecurity capacity in the Independent State of Samoa at the invitation of the Ministry of Communications and Information Technology (MCIT) in April 2018. This mission to Samoa was the first CMM review conducted in partnership with the OCSC, marking the beginning of strengthening cybersecurity capacity in the Oceania region.
Key observations from the review:
- Samoa has published a national cybersecurity strategy in cooperation with the MCIT and the ITU, to include a series of consultations across all levels of government, the private sector, academia and community representatives. The MCIT has been given a mandate to consult across public and private sectors, as well as with civil society.
- Samoa is currently in the process of developing a national incident-response capability. Most focus-group participants identified ways in which incidents within their organisations could constitute national-level issues but, as yet, it appears there is no register or catalogue of incidents that is centrally maintained.
- Focus groups suggested that Samoa, consistent with findings from other Pacific Island countries, has a very low level of awareness of cybersecurity.
- It was noted that people are less interested because cybersecurity is fairly new to the country and not widely used, and there is a general lack of knowledge about any national cyber-attacks or personal bad experiences with cyber-incidents.
- Cybersecurity awareness among the general public is low. Under the leadership of the MCIT and in partnership with the Ministry of Police, new provisions have been made for the government to re-introduce the Cyber Safety Pasifika awareness campaign.
- Samoa currently lacks any cybersecurity-specific legislation, although several legal instruments touch upon cybersecurity-related activities. The government is aware of this issue and is currently working towards ratifying the Budapest Convention on Cybercrime, as well as thoroughly examining and re-evaluating domestic legislation.
- As part of the implementation of the national strategy, the MCIT and the Office of the Regulator are leading the assessment and development of suitable cybersecurity standards.
Samoa report can be found here.