Tuesday, March 15, 2011

Security Analyst: "Serious Gaps" In Tongan Security (Letter to The Editor)


Dear Editor,


As a security expert, it was my job to identify gaps in a defensive system. It could be for an individual, corporation, or nation. I was recently lucky enough to visit the Kingdom of Tonga. Due to my background, though on holiday, I couldn’t help but notice substantial gaps in the security system of the nation.


There are two types of security: Hard security, and Soft security. Hard security is what is normally thought of when security is mentioned –  for example the military. Tonga’s hard security is good. The staff of the Tongan military is exemplary - well trained, dedicated, and loyal. It could be better equipped, but just about every military on the planet will say the same thing.
Tongan military is " exemplary - well trained, dedicated, and loyal"


Soft security, according to one definition, is designed to: “protect the system and its users from harm, in gentle and unobtrusive ways”.
Assuming the system is Tongan governance, and the users are the citizens of Tonga, this is where there are serious gaps in the security of the nation.






First, as a matter of policy, normally nations ensure that personnel in key sensitive positions are citizens of the country.


This helps with background checks, guarantees they will be subject to the laws of the nation, and that there is no confusion about loyalties.


It would be near impossible for foreign nationals to hold official key security roles in most countries. In fact, many nations don’t even allow foot soldiers in their military to be foreigners.


In Tonga, however, there are many foreigners in key security positions, including the Commissioner of Police, the economic policy advisor to the former Prime Minster, and the Chairman of the Board of Tonga Post.


Of course, this is not to say there is anything to be concerned about with the specific individuals involved – just because there is a gap in security, it doesn’t mean it is being taken advantage of -- it is just an extraordinary breach of common practice. And lousy optics.


Imagine the response in New Zealand if a Chinese national, being paid by China, was made Chief of Police in Wellington. Or, indeed, how pleased Wellington would be if a Chinese national were made Commissioner of Police in Tonga.


Of course, it doesn’t help that the current Commissioner of Police wrote that, before coming to Tonga: “I had had little or no experience with Pacific Island people or culture,” and then went on to push for legal Breath Alcohol Levels that were the same as for a New Zealand
teenager but not a New Zealand adult. Coming in from the outside, one has to be even more careful not to look patronizing, which in itself can be an impediment to doing one’s job for the best security of the nation.


(When I spoke to Tongans about this issue, some said that there were no Tongans able to do the job. That is quite unbelievable to me. Some of the most honest, intelligent, and diligent security professionals I have met are Tongans. No one can say the men currently on their way to Afghanistan are good enough to die for their country abroad, but not good enough to keep it secure at home. They are world-class good people. If the issue is training, they can get training. But you can’t buy their kind of loyalty, and that is more important.)


Nor are the security gaps just in high-level postings. In the latest batch of job listings for Australian Youth Ambassadors for Development, the Tonga jobs include many that will give open access to extremely sensitive information. (I have nothing against Australians, or Australia, but we’re talking systematic government policies.)


For example, there are postings for a “Lead Developer” and a “Project Officer” in the Ministry of Justice. Those two Australians will have open access to court records of Tongan citizens.


The Australian who gets the posting for the “Health Information Manager” will have access to private medical records of Tongan citizens.


The two Australians hired as “Project Officer and Analyst”, as well as “Internal Auditor”, in the Ministry of Finance and National Planning will have access to nationally sensitive financial accounts.


The posting for “Hydrological Officer” will put an Australian in the office of possibly the most critical natural resource Tonga has: seabed minerals.


All these jobs will go to 18-30 year old temporary workers from Australia. To make matters worse, it is unclear if the Tongan government will have access to a thorough background check on them.


From a security perspective, it is not ideal, to say the least.


Similarly, much of the IT system at the Ministry of Foreign Affairs is run by someone said to be paid by NZAID. That means someone on a foreign payroll has access to the email system of the Ministry of Foreign Affairs.


The breaches in security are myriad. Most date back to the previous government and policies that do not guarantee the sovereign independence of Tonga.


For example, permission was granted to put a Dutch-language sign on the post office in Nuku’alofa. The sign was to be monitored by constant live feed over the internet as a publicity stunt for a Dutch internet company. To do this, cameras were installed on the building opposite, which just happens to be the Prime Minister’s Office.


The cameras are obscured and so it is difficult to see where they are pointing. However, they are positioned over the entrance to the PMO, and the most security critical office in the state - the Cabinet room.


The publicity stunt was due to end at the start of the new year. But the cameras are still there.


[Editor's note: When the Dutch internet site was checked around midday Tonga time to verify statements made here, it was found that while the site still claimed to be live, with an onscreen date and time stamp verifying that it was early afternoon, the 'live' image showed the Post Office at night, with the onsite clock showing it to be around 9.56pm. When checked 43 minutes later, the onsite clock had advanced by three-quarters of an hour, but was still out of synch with 'actual time'. See image below. This raises questions about how live the feed actually was/is. ]





With a WiFi receiver, standing by the PMO, you will actually get a signal that reads “PMOcamera”. It is understandable if this was part of the PMO’s official security system, but if the Dutch sign was an excuse for the installation of a camera monitoring PMO and Cabinet
activity, that is another issue.


There are encouraging signs that the new government is aware of the gaps and are working hard to close them.


Obviously there will be opposition from those who have benefited from the gaps.


More public understanding about the vulnerabilities can help support the government in its efforts. That is a good thing. The Kingdom of Tonga is special and worthy of being properly defended.


Hoping my perspective was helpful,


Alek Bishop
Security Analyst (retired)

No comments:

Post a Comment