Reseller News

Auckland Council's security operations centre on high alert after DDoS attacks

Council taps Datacom to help it manage the DDoS threat
  • Rob O'Neill (New Zealand Reseller News)
  • 15 September, 2020 05:30

NZ's biggest local authority is on high alert after massive denial of service attacks on the New Zealand Stock Exchange and MetService among others.

While the attack is being referred to as a cyber-attack, a council meeting agenda said it was more accurately described as a data network attack involving an outside party flooding the networks with more data than it could handle.

"The council has significant resilience built into its networks, however the scale of this attack is impacting all of New Zealand’s internet traffic," the agenda for a meeting of the council's audit and risk committee said.

"The impact to the council has been minimal to date but we aware that telecommunications providers are being impacted and some internet services are being degraded. 

"If this attack continues to increase, then the council may be directly impacted, however it is considered that our systems and controls are adequate to mitigate the potential risks at this time."

The council was closely monitoring this situation with strategic security partner Datacom, which received $4.1 million in payments from the council in the year to the end of June.

Services provided focused on security, including overseeing the security of the multi-cloud architecture Spark-owned Revera was delivering, a security incident and event management project and business continuity support during the height of the COVID-19 pandemic and lockdown.

Actions taken include refreshing and distributing the council DDoS response plan, engagement and daily contact with Datacom, contact with the council's internet service providers and raised readiness levels.

"Our 24/7 security operations centre is on high alert for any indications of attack from this or any other attacker," the agenda said.

"Our security monitoring systems on every laptop, desktop and [our] server team continue to monitor and block any unwanted activity."

Increased user awareness and training was being provided through e-learning modules for all staff.

"There is a potential for our remote workforce to be impacted should the network be significantly compromised," the document said.

Information has been communicated to all staff and management to raise awareness and advise what to do individually to prepare.

"In the longer term, our best mitigation is to achieve and then maintain a level of technical and security sophistication to ensure our defences are as resilient and robust as possible," the document said.

A addendum to the agenda said further cybersecurity investment was required to identify, mitigate and manage cyber threats. 

The council's long-running shift to a multi-cloud model would also deliver backups that would help mitigate the threat of ransomware attacks of the kind recently seen in both New Zealand and Australian organisations such as logistics company Toll and brewery giant Lion.

"The ICT security improvement programme continues which includes enhancements to email security, multi-factor authentication and secure network perimeter enhancements," the document said.

"The cyber security top risk rating is not materially impacted by these data network attack events and remains at high."