The cascading global impact of the COVID-19 Pandemic on PNG has necessitated its transition into a digital economy. The first wave has reached Papua New Guinea (PNG) at the outset of 2020. Its diagnosis has prompted the government to enforce lockdowns. In hindsight, the impact of COVID-19 exerted a tremendous influence on the PNG government’s institutional developments to bring the country forward in the post-pandemic era.
One of the key developments is the digitization of the PNG economy. This case study will unveil the disruptive effects of integrating into a digital economy concentrating on three specific scenarios: i.e. Cyberattack on PNG’s Finance Hub; Bank South Pacific’s Technical Glitch; and Alesco Payroll System’s Technical Glitch. It will also discuss key institutional developments and then look at quantum innovation to avert future crisis-prone scenarios.
Cyberattack on PNG’s Department of Finance
PNG Government has developed its Digital Transformation Policy 2020 through its Department of Information and Communications Technology. This initiative was to transition the entire government machinery into e-governance. Financial Technology developments within the Department of Finance have exposed its financial data to cyberattacks. As DoF replaced its old accounting system with the new Integrated Financial Management System, it became vulnerable to cyberattacks. In 2021, it was reported that IFMS was hacked by anonymous hackers which gave them unauthorized access to PNG’s seven years of classified financial data.
Cybersecurity has four key pillars which are secrecy/confidentiality (C), integrity (I), authenticity (A), and availability (A) of information system resources such as hardware, software, firmware, information/data, and telecommunications. Cyberattacks are aimed at compromising CIA+A while cybersecurity aims to protect and preserve CIA+A. Secrecy/Confidentiality (C) aims to keep sensitive information private; Integrity (I) ensures that data has not been tampered with and can be trusted; Authenticity (A) verifies a user or system’s identity; and Availability (A) ensures that authorized users have timely, trustworthy access to resources when required.
It is quite obvious that the IFMS’s CIA+A within DoF has been compromised already. This connotes weakness in PNG’s cybersecurity against intrusions from anonymous cybercriminals. This is an early warning of cyber risks contingent on migrating into a digital economy.
Bank South Pacific’s Technical Glitch
In retrospect, PNG held its first APEC Summit in 2018. APEC Internet and Digital Economy Roadmap 2022 invoked regional compliance from its member countries. Accordingly, PNG’s National Parliament has enacted its first Digital Government Act 2022 just after its National General Elections. This has triggered institutional restructuring of the economy to embrace digital transformation. The PNG National Payments Council (NPC) has passed a resolution that private sector cheques will be obsolete after December 31, 2023, as vital banking services accommodate digital innovation. Consequently, BSP integrated its core banking services into its new Internet banking system in 2023 but this migration has encountered technical glitches resulting in unauthorized crediting and debiting of its customers’ accounts.
Alesco Payroll System’s Technical Glitch
The Alesco program is the advanced computerized centralization of all government-funded salaries and eases the burden of manual or separate payroll systems processing with the banks. It is an amalgamation of finance and technology to foster efficiency in the PNG Government’s payroll system. On Wednesday, January 10, 2024 government’s payroll system deducted salaries throughout the country due to a technical glitch.
Amid rising inflation compounded with the exorbitant cost of living and escalating level of corruption in the country, the pay cut was very painful economically. Frustrated government employees, especially the state security forces, staged a protest march to the National Parliament in Port Moresby, calling on the government for an immediate explanation. However, opportunists from the city capitalized on it and went on rioting, looting, and incinerating shops. The worth of damage has exceeded more than a billion kina thus has shaken investor confidence.
Quantum Computing Threats
While PNG is struggling to cope with cybersecurity risks associated with shifting into a digital economy, the world grapples to navigate the global economy through the uncharted cyberspace of the quantum economy. Quantum computing gives rise to quantum Internet which will facilitate a quantum economy, a paradigm shift from digital economy.
Many cyber experts alluded that it will take another 30 years into the future before quantum computing’s impact is felt. However, the current trend of quantum technology advancement is negating this predisposition as the industry undergoes exponential growth. The prevailing forecast is that quantum technology will materialize in the next decade, probably around 2035.
There is a higher probability that cybercriminals can intercept and collect vital financial data, e-governance data, e-commerce data, military intelligence, medical records, personal data, etc. which they can later decrypt in the quantum future as Shor’s Quantum Algorithm can break classical public key encryption cryptographic algorithms and Grover’s Quantum Algorithm can break classical symmetric key encryption cryptographic algorithms.
Basically, our emails which depend on transport layer security mechanisms are vulnerable to quantum computing threats. This also includes our WhatsApp communication channels, Internet banking, and FinTech systems like Alesco and IFMS. Furthermore, elliptic curve cryptography which protects blockchain technology for secure cryptocurrency transactions is susceptible to quantum computing technology.
Toward a Post-Quantum Cryptography
Both integer factorization problem and discrete logarithm problem which has been proved to be computationally impossible for classical computing to break can now be broken by quantum computing technology. Hence, a paradigm shift to post-quantum cryptography standards is crucial to circumvent new cybersecurity threats emanating from quantum computing technology. The global ICT industry is quite aware of this new surge of cybersecurity threats. Therefore, the US House of Congress enacted its Quantum Computing Cybersecurity Preparedness Act on December 21, 2022, to migrate its ICT industry into post-quantum cryptography to counter quantum computing threats.
Likewise, it is imperative for PNG and the rest of the Asia Pacific region to emulate the USA by migrating their ICT industries toward post-quantum cryptography as a precautionary cybersecurity measure against the surge of future quantum computing threats.
Written by Songo Nore
References
- Beato, F., Moscheta, G., Avramovic, P., & Markham, C. (2024, January). Quantum Security for the Financial Sector: Informing Global Regulatory Approaches. White Paper. World Economic Forum in collaboration with Financial Conduct Authority.
- Faa, M. (2023, April 11). Bank South Pacific error causes chaos in PNG. ABC Pacific Beat. Retrieved from https://www.abc.net.au/pacific/programs/pacificbeat/png-bank/102207118.
- Jafarbeiki, S. (2023, August). Post-Quantum Cryptography in the Indo-Pacific Program. Monash University Australia’s Information Technology Department and Oceania Cyber Security Center in collaboration with US Department of State.
- Mako, A. Anton. (2024, January 19). January riots in PNG: underlying causes, implications and the future. Dev Policy Blog. Retrieved from https://devpolicy.org/january-riots-in-png-underlying-causes-implications-and-the-future-20240119/.
- Nore, S. (2023). Information and Communications Technology (ICT) Policy for Morobe Province in Papua New Guinea.
- PCADMINPNG. (2021, October 29). Cyber-attack on PNG’s Finance Hub, a wakeup call. Online Post Courier. Retrieved from https://www.postcourier.com.pg/cyber-attack-on-pngs-finance-hub-a-wakeup-call/.
- PNG News. (2024, January 9). PNG Government Payroll System Deducts Thousands of Public Servants’ Pay: Corruption Alleged. Papua New Guinea Today. Retrieved from https://news.pngfacts.com/2024/01/png-government-payroll-system-deducts.html.
- US House of Congress. (2022, December 21). Public Law 117 – 260 – Quantum Computing Cybersecurity Preparedness Act. GovInfo. Retrieved from https://www.govinfo.gov/app/details/PLAW-117publ260.
- Veritasium. (2023, March 20). How Quantum Computers Break The Internet. Youtube. Retrieved from https://www.google.com/search?q=how+quantum+computers+break+the+internet.