Papua New Guinea’s Internal Revenue Commission (IRC) has experienced a significant cyber attack that has disrupted its operations and raised concerns over the potential exposure of sensitive information belonging to numerous individuals and businesses, including those in Australia.
The issue began on January 29, when the IRC reported a “system outage” across its network. Despite ongoing efforts to resolve the situation, many of its services remained offline two weeks later. Confirmations from sources within PNG and Australia indicated that the problems stemmed from a cyber attack, though the IRC has yet to publicly acknowledge this event or offer detailed explanations.
The impacts of the hack appear to be severe, affecting critical IRC functions including its core tax system, SIGTAS, along with email and phone communications. This has led to considerable disruptions for taxpayers, according to a local tax agent who noted that clients were struggling to obtain necessary approvals and clearances, significantly impeding their business operations.
Despite offers of assistance from the Australian government, which has a cybersecurity team equipped to handle such crises in the Pacific, the IRC has not accepted help. Mihai Sora from the Lowy Institute expressed surprise at this decision, especially given the urgency and severity of the situation.
The IRC has engaged a private cybersecurity firm to aid in recovering from the attack. Cybersecurity expert Robert Potter cautioned that this recovery process could expose the IRC to additional scrutiny regarding its internal systems and practices, potentially revealing further vulnerabilities. He highlighted that Papua New Guinea’s limited budgets for IT infrastructure exacerbate the fallout from such attacks, increasing both the immediate and long-term impacts.
The exact source of the attack and the extent of data compromised remains uncertain. However, experts have warned that the incident may undermine trust among foreign investors and hinder potential economic growth in the region. This attack is part of a broader trend, as recent reports indicate an increase in cyber threats targeting Pacific nations, highlighting the need for robust cybersecurity measures in an increasingly digitized environment.
In a hopeful note, the ongoing discussions about enhancing local cybersecurity capabilities and fostering regional collaboration can help build resilience against future cyber threats. As nations work to improve their cybersecurity frameworks, there is potential for a more secure digital landscape in the Pacific region.
Summary: Papua New Guinea’s IRC has faced a major cyber attack, leading to widespread outages and concerns over sensitive data exposure. Despite offers for external help, the IRC is managing the crisis independently with a private cybersecurity company. This situation underscores the increasing cyber vulnerabilities in the Pacific, while presenting an opportunity for countries in the region to strengthen their cybersecurity measures and improve resilience against future attacks.
Leave a comment