New Zealand Broadcasting, Communications and Digital Media Minister Clare Curran has announced a refresh to the country’s three-year-old cybersecurity strategy amid concerns of a growing threat landscape.
The New Zealand government will be refreshing its approach to cybersecurity, giving a facelift to its existing Cyber Security Strategy and Action Plan introduced in 2015.
According to Broadcasting, Communications and Digital Media Minister Clare Curran, the increasing number of cyber threats has provided criminals with new avenues to cause harm in New Zealand. She said the widespread use of connected devices and the security challenges of emerging technology are intensifying the problems.
“So it’s timely for us to step up New Zealand’s cybersecurity efforts so that we are not left vulnerable to cyber intrusion and to refresh the 2015 strategy so we can deal with increasingly bold, brazen, and disruptive threats,” Curran said.
“This government has committed to building a connected nation, promoting, and protecting digital rights. We intend to close the digital divides by 2020, and to make ICT the second largest contributor to GDP by 2025. A modern, responsive cybersecurity system is essential to this.”
The refresh plan [PDF], penned by Curran, points to the National Cyber Security Centre’s (NCSC) Cyber Threat Report 2016-17 that revealed the NCSC recorded 396 incidents during the 12-month period and provided “hands-on, intensive incident response” on 31 occasions.
It said the clear trend is “an upward trajectory of cybersecurity threats”.
“Cyber threat actors are increasingly bold, brazen, and disruptive. New Zealand’s geographical location does not exempt us from this threat,” it continued.
The Department of Prime Minister and Cabinet approved New Zealand’s second Cyber Security Strategy, Action Plan, and National Plan to Address Cybercrime in November 2015.
“The strategy has served us well as an overarching framework for cross-government work under four goals: Cyber resilience, cyber capability, addressing cybercrime, and international cooperation,” the plan says.
“The problems are growing, and it’s timely to look at what more can be done to improve New Zealand’s cyber defences,” Curran added.
The plan points to similar efforts made by the United Kingdom and Australia, calling it an appropriate time to examine whether New Zealand is making a suitable contribution to address the cybersecurity challenge alongside its partners.
“A refresh of the Cyber Security Strategy and Action Plan would enable us to test whether we are investing the right resources and structuring our efforts, in the right way, across protective security, civilian, military, law enforcement, and intelligence agencies to make the greatest improvement to the security of our digital infrastructure and communications,” the plan continues.
The refresh will be completed in a “more joined-up”, cross-government approach, and in partnership with the private sector and non-government organisations.
“This refresh of the Cyber Security Strategy and Action Plan provides an opportunity to look at the cybersecurity roles of agencies,” Curran wrote.
“We need to continue assessing whether we have the optimal arrangements and resources for effectively addressing cybersecurity efforts across government.”
Curran said work is also under way to improve the system-wide understanding and mitigation of cybersecurity risks to government agencies.
“A structured approach to ensuring private sector engagement with the government’s work (and vice versa) might be one option for consideration. This could include considering models such as advisory boards or a cybersecurity council. It may help us to get the right level of engagement with the private sector on cybersecurity — a challenge which our international partners also face,” she explained.
The refresh is expected to complement other initiatives already under way by the government, such as the development of a Digital Strategy for New Zealand, the proposed establishment of a chief technology officer, and the priority accorded to digital rights.