Broadcasting, communications and digital media minister Clare Curran has announced a refresh of New Zealand’s approach to cyber security.
Papers released in association with the announcement say there has been "good progress" to improve New Zealand’s cyber security under the previous government's Cyber Security Strategy and Action Plan, approved by Cabinet in 2015.
This includes the establishment of CERT NZ, the delivery of CORTEX malware detection and disruption services, cyber security awareness campaigns, protective security requirements for government agencies, work to improve the cyber security of small businesses and developing NZ Police skills to respond to cyber-crime among other efforts.
However, cyber security threats are on an upwards trajectory, with the widespread use of connected devices and emerging technologies expanding the attack surface for malicious threat actors.
"Globally, it is clear that cyber threat actors are increasingly bold, brazen and disruptive," one paper says. "Our international partners have intensified their efforts in response to this problem."
The refresh of will propose new actions to improve New Zealand’s cyber security, including possible recommendations in the following areas of institutional cyber security arrangements; government information security; addressing cyber crime; cyber diplomacy, deterrence and [redacted]; opportunities in cyber industry, research and skills and the security challenges of emerging technology.
“It’s timely for us to step up New Zealand’s cyber security efforts so that we are not left vulnerable to cyber intrusion and to refresh the 2015 strategy so we can deal with increasingly bold, brazen and disruptive threats, Curran said.
“We must protect the information and network systems that are vital to our economic growth, ensure the integrity and security of our increasingly digitalised government services and make sure Kiwis can interact online without suffering harm."
The refresh will involve collaboration with the private sector and citizens, Curran said, with workshops to be held at an early stage of the process.
Meanwhile, CERT NZ has selected Orange Business Services to help it enhance New Zealand's cyber defence.
CERT NZ can aggregate and analyse threat and vulnerability data from Orange along with other complementary feeds.
In turn, CERT NZ will advise Orange of threats and vulnerabilities that it encounters in the cyber security landscape so Orange can integrate these into its threat intelligence feeds and analysis tools.