Definition of Data

n/a

Main Focus of Document

Sets out the Samoan Government's plans for cyber security through to 2021

Target Beneficiaries or Sector

Government, Citizens

Key Elements

In accordance with the Strategy, the Ministry anticipates within the next five years:
• Individuals become aware of cybersecurity threats and are empowered to exist safely in this digital era;
• Businesses become responsive to cybersecurity issues and establish a working relationship with the government, trade associations and other business partners to tackle cyber threats so the world will see that Samoa is a safe place to do business in cyberspace;
• Government has:
- Sharpened law enforcement's response to cyber crime;
- Secured funding to provide cyber security services;
- Encouraged business to operate securely in cyberspace;
- Bolstered defences in Samoa's critical national infrastructure against cyber attack;
- Strengthened Samoa's capabilities to detect and defeat attacks in cyberspace;
- Enhanced education and skills; and
- Established and strengthened working relationships with other countries, business and organisations around the world to help positively shape an open and vibrant cyberspace that supports strong and better societies in Samoa and across the globe.

Five goals are identified in the Strategy:
i. Develop necessary organizational structures with a focus on utilizing existing structures in Samoa as well as in the region;
ii. Establish relevant technical measures (Entities and Standards) to eliminate cyber threats and attacks, enhance cybersecurity and promote cyber safety.
iii. Strengthen the legal framework to meet the highest regional and international standards with regard to protection of fundamental rights as well as criminalization, investigation, electronic evidence and international cooperation relative to computer and electronic crimes;
iv. Capacity Building – Build digital citizens' capacity, raising awareness and attaining resources to enhance cybersecurity, combat cybercrime activities and promote cyber safety to the highest levels; and
v. Strengthen and establish cooperation to respond to the global nature of cyber threats.

GOAL 1: Develop necessary organizational structures with a focus on utilizing existing structures in Samoa as well as in the region.
Strategy Guidelines:
1. Strengthen and redefine the National ICT Steering Committee (NICT) and its members and prioritize cybersecurity in its mandate. The NICT is to lead the coordination and the implementation of the Cybersecurity Strategy and the process of carrying out the necessary tasks.
2. Establish a Roadmap for governance of cybersecurity in Samoa;
2.1. Identify key stakeholders to develop a culture for cybersecurity;
2.2. Identify needs of national critical information infrastructure protection;
2.3. Foster information sharing within the public sector and between the public private sector;
2.4. Establish process for addressing ICT security breaches and incident handling (reporting, information sharing, alert management, justice and police collaboration);
2.5. Ensure effective implementation of the national policy;
2.6. Ensure cybersecurity program control, evaluation validation and optimization.
3. Implementation of a National Benchmarking Scheme to;
3.1. Ensure cybersecurity is continuously developed in accordance within internationally accepted standards;
3.2. Analyse the effect of cybersecurity breaches on citizen businesses and the government.
4. The Office of the Attorney General (OAG), Samoa Law Reform Commission (SLRC), National Prosecution Office (NPO), Judiciary and other law enforcement agencies must develop a National Crime Prevention Strategy related to cybercrime. This initiative is to be coordinated by NICT to ensure that measures discussed are in line with measures to the implemented.
5. Development of Child Online Protection (COP) strategy to promote the use of ICT and to implement precautionary and protective measures for child users.

GOAL 2: Establish relevant technical measures (Entities and Standards) to eliminate cyber threats and attacks, and enhance and promote cybersecurity.
Strategy Guidelines:
1. Establishment of a National Computer Incident Response Team (CIRT) that is capable of dealing with relevant cybersecurity threats and attacks on citizens, tourists, businesses and the government in Samoa. The CIRT must have the capability to identify combat, respond and manage cyberspace threats or attacks; as well as enhance cyberspace security in Samoa. Furthermore, CIRT must be responsible for the computer forensic component of criminal investigations relative to computer technology or electronic evidence.
The National CIRT must also gather its own intelligence instead of relying on secondary reporting incidents.
2. Development of a unit within Police Services (Ministry of Police) that serves as a single point of contact for cybercrime, with the ancillary purpose of data collection and increasing available information.
3. Establishment of a Child Online Protection Working Group (COPWG) consisting of, but not limited to, the Ministry of Police (MOP), OAG, Ministry of Education Sports and Culture (MESC), Ministry of Women, Community and Social Development (MWCSD), Ministry of Justice and Courts Administrations (MJCA), Ministry of Communications and Information Technology (MCIT), Office of the Regulator (OOTR), Social Welfare Services such as Samoa Victim Support Group (SVSG), and other child protection NGOs, internet service providers (ISP), electronic service providers (ESP), telecommunications, mobile and fixed network providers, other hi-tech companies, owners of internet cafes and other public access providers (e.g. libraries and telecentres).
4. Develop or identify standards to be implemented to ensure that cybersecurity related attacks are minimised.
5. NICT must carry out assessment and identify critical processes and standards for the introduction of different security levels. Furthermore, CIRT and other relevant stakeholders must be responsible for the implementation and control of the developed standards.
6. MCIT, OOTR and the Samoa Qualification Authority (SQA) shall develop a framework for the certification and accreditation of national agencies and public sector professions by internationally recognized cybersecurity standards.

GOAL 3: Strengthen the legal framework to meet highest regional and international standards with regard to protection of fundamental rights as well as criminalization, investigation, electronic evidence and international cooperation.
Strategy Guideline
1. The MCIT and OOTR will coordinate a diagnostic of convention and other international instruments appropriate for government endorsement, ratification and accession.
2. MCIT and the OOTR will coordinate a legislative compliance review in collaboration with cybersecurity stakeholders to determine all necessary powers exist including:
2.1. enabling law enforcement and other relevant agencies to protect digital citizens' material and intellectual aspects as well vital infrastructure;
2.2. establish or improve definitions, penal legislation, investigation instruments of law enforcement, admissibility of electronic evidence, liability of ISPs, and specific provisions for children online and international cooperation.
The review shall include that identification of existing provisions that could be utilised in relation to cybersecurity, a comparison with international best practices, a gap analysisto inform suggestions for amendments and related drafting instructions. This activity shall be carried out in close collaboration with the OAG and built upon existing work carried out in the region (e.g. the assessment of legislation within the ICB4PAC Project).

GOAL 4: Build digital citizens' capacity, raising awarenes and attaining resources to enhance cybersecurity, combat cybercrime activities and promote cyber safety to the highest levels.
Strategy Guidelines
1. The Ministry and NICT to inform all stakeholders involved of the functions and roles of NICT and other proposed working groups.
2. Identify cybersecurity stakeholders to coordinate training and awareness on cyber-related issues, which may include the:
2.1. establishment and fostering of links with village councils about recent ICT developments;
2.2. distribution of cybersecurity information to communities through the MWCSD and the usage of Feso’ota’i Centre Outlets;
2.3. use of government media outlets to publicize cybersecurity information;
2.4. creation of internet safety messages and material which reflect cultural norms and laws for postage online and to air on television;
2.5. development of tertiary level computer science curriculum to include cybersecurity measures;
2.6. development of school curriculums concerning computer studies at primary and secondary levels, to include a module on cybersecurity and cyber safety.
3. Development of a sustainable training program for law enforcement officers (police, customs), finance, prosecutors, service providers, OOTR and the Judiciary.
4. Development of sustainable training programs for communication and IT engineers to support and assist the management of cybersecurity programs.
5. MCIT and OOTR shall provide a list of capacity building programs related to cybersecurity from which Samoa should benefit. To avoid any overlapping, both entities shall develop a roadmap that lists the different capacity activities that Samoa requires.
6. MCIT, OOTR and SQA shall develop for the certification and accreditation of national agencies and public sector professions by internationally recognised cybersecurity standards.

GOAL 5: Cooperation - Responding to the global nature of cybersecurity threats and attacks through a multi-stakeholder approach and strengthing local and global partnerships.
Strategy Guidelines
Intra-State Cooperation:
1. MCIT to coordinate data collection on intra-state cooperation and recommend further required partnership stakeholders.
2. MCIT and OOTR will make recommendations with regard to a potential access to international or regional agreements, current processes for developing binding standards in which Samoa should participate, as well as 24/7 networks (such as the G8 or Interpol Network).
Intra-Agency Cooperation:
3. National cybersecurity stakeholders are encouraged to enter into partnerships and programs for sharing Cybersecurity assets (people, processes, tools) within the public sector (i.e. official partnerships for the cooperation or exchange of information, expertise technology and/or resources between departments, ministries and agencies)
Public and Private Partnerships:
4. Promote public-private partnerships to share cybersecurity assets (people, processes, tools) between the public sectors (i.e. official partnerships for the cooperation or exchange of information, expertise, technology and resources)
5. Identify cooperation partners (such as Matai and Fa’afeagaiga) in rural areas that can support the capacity building initiatives by providing information about security within their daily work and provide them with the necessary background information and training materials for the community.
International Cooperation:
6. MCIT and OOTR to conduct an appraisal and make recommendations with regards to potential international or regional agreements, current processes for developing binding standards in which Samoa should participate, as well as 24/7 networks (such as the G8 or Interpol Network).

Policy/Regulation Mirrors

n/a