Menu
Reserve Bank: Key cyber security projects delayed due to pandemic

Reserve Bank: Key cyber security projects delayed due to pandemic

Projects delays did not affect the system that was breached in December, bank says

Credit: Marguerite Hill

The Reserve Bank of New Zealand has told Parliament that the COVID-19 pandemic led to delays to key cyber security projects, but did not have a role in December's malicious hack. 

In its annual review, the bank said it had approved one of its largest investment programmes, the digital services delivery programme, to uplift technology capability and improve resilience of existing IT platforms in June 2019. 

"At that time, a programme plan was established which included a number of technology and organisational capability streams to be implemented over two years," the bank told Parliament's finance and expenditure committee.

This included moving the on-premises datacentre to a private cloud and implementing cyber security improvements through a managed security operations centre. 

However, during the first 18 months of the programme, changes to timelines and sequencing were made.

For example, a data management and encryption project was delayed due to the COVID-19 pandemic and "minor technical issues". This project aimed to improve the level of security protection of the bank by ensuring only authorised users could access systems and data.

The project is due to restart in February 2021.

Similarly delayed due to the pandemic was a device endpoint protection project. This aimed  to ensure cyber security protections were in place for bank equipment located in Datacom managed datacentres and for devices used by staff.

This restarted in December.

A project to ensure appropriate cyber security protections were in place to reduce the risk of events such virus or malware was also delayed and is recommencing this month.

Another to automatically capture alerts from internal IT networks when the service becomes unavailable or in the case of significant network infrastructure events was also delayed and restarted in November last year.

"The changes in the programme did not affect the scope or expected benefits which are on track to be delivered within the timeframe and budget," the bank told MPs.

"They also did not affect the security of the stand-alone third party application that was subject to the recent malicious data breach." 

No other bank systems had been compromised in the breach due to the stand-alone nature of that file transfer application, a legacy application from US software vendor Accellion used to share documents with businesses and other entities the bank regulates.

Accellion and the bank are at odds over how the known vulnerability and a patch to fix it was notified. This week the bank said it was not notified of the breach of the Accellion file transfer application for five days.

Regulatory initiatives were also delayed, including the development of cyber resilience guidelines for all of the bank's regulated entities.


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags hackinghackDatacombankingReserve BankAccellionsecurity

Featured

Slideshows

The Kiwi channel gathers for the 2020 Reseller News Women in ICT Awards

The Kiwi channel gathers for the 2020 Reseller News Women in ICT Awards

Hundreds of leaders from the New Zealand IT industry gathered at the Hilton in Auckland on 17 November to celebrate the finest female talent in the Kiwi channel and recognise the winners of the Reseller News Women in ICT Awards (WIICTA) 2020.

The Kiwi channel gathers for the 2020 Reseller News Women in ICT Awards
Leading female front runners honoured at the 2020 Reseller News Women in ICT Awards

Leading female front runners honoured at the 2020 Reseller News Women in ICT Awards

The leading female front runners of the New Zealand ICT industry joined together for the annual Reseller News Women in ICT Awards event at the Hilton in Auckland, during which hundreds of guests celebrated 13 outstanding individuals who won awards, chosen from more than 50 finalists representing over 30 organisations.

Leading female front runners honoured at the 2020 Reseller News Women in ICT Awards
Channel gathers to celebrate the Reseller News Innovation Awards 2020 winners

Channel gathers to celebrate the Reseller News Innovation Awards 2020 winners

More than 500 channel leaders gathered in Auckland on 21 October at the ​Reseller News Innovation Awards ​2020 to celebrate the achievements of the New Zealand technology industry's top partners, start-ups, vendors, distributors and individuals.

Channel gathers to celebrate the Reseller News Innovation Awards 2020 winners
Show Comments