4. The enablers: Confidence

4.5 Security actions

Table of Contents Chapter Table of Contents << Previous Section

The government is responding to the security challenges by:

Action Contributes to priority Lead agency Timing Budget
Reviewing New Zealand's cyber security response capability with a focus on government and industry. Ensuring a level of internet and telecommunictions security that is consistent with the promotion of the social and economic wellbeing of New Zealanders and an effective network infrastructure State Services Commission 2008 Baseline
Establishing a National Cyber Crime Centre. As above New Zealand Police 2008 Baseline
Reviewing the alignment of New Zealand's laws with the European Convention on Cyber Crime and progressing New Zealand becoming a party to the Convention. As above Ministry of Justice and New Zealand Police 2009 Baseline
Supporting the Internet Safety Group. Support the provision of comprehensive ICT security and safety education awareness raising, including schools, businesses and households, and research into online social networking issues. As above Ministry of Education Ongoing

Baseline $750,000

4 Responses to "4.5 Security actions"
POST A NEW COMMENT
Enhance technical security (and therefore confidence) by implementing .nz domain SSL certificates, for machine-to-machine authentication. If we use open source PKI, then project should be less than $1m.
mike(p)
Thursday, May 15, 2008 2:57 PM
It appears the Government's draft response to security challenges under this section could be modified to meet the requirements of the majority of internet users in New Zealand i.e. New Zealand businesses and households.

From what is currently proposed:
- Existing Government departments addressing cyber security have no mandate to support non-Government or non critical infrastructure, and this doesn't appear to change under the initiatives proposed.
-The Police National Cyber Crime Centre would only be funded to investigate cases involving a criminal offence.
- The Internet Safety Group is not funded or equipped to respond to day to day security threats and alerts, or undertake the indepth research needed to support such a service.
-And SCC is only charged with 'reviewing' cyber security response focusing on Government and industry. i.e no cyber security support for the average New Zealander, and no funding to establish anything more concrete than a review.

The logical solution appears to be to fund (maybe partly if a user-based funding model was adopted) a New Zealand Computer Emergency Response Team NZCERT, similiar to how Australia operates with AusCERT, align this with a University (to provide the cyber research component, and encourage academic research in this area), and at the same time ensure it has access to resources to ensure 24hr 7 day a week support . This CERT would work alongside or be possibly be part of an existing Government department.

SCC's responsibility for 'reviewing' cyber security should be expanded to ensure this New Zealand Computer Emergency Response Team is structured, funded and equipped to respond to and mitigate cyber threats and incidents for all New Zealanders, particularly New Zealand businesses and households.

Computerworld ran an article recently about NZ computer users ranking second in world for being hacked. Broadband initiatives will only increase this hacking threat.
pearso
Friday, May 23, 2008 4:56 PM
Include education for digital immigrants - we focus on children, but we need to educate older people learning to use a computer for the first time, about managing their safety on the Internet. How about an adults-version of Hectors World?
mike(p)
Friday, May 23, 2008 9:09 PM
It appears there are already moves to establish NZCERT. I just found their website nzcert.org.nz !
AndyJ
Friday, June 06, 2008 9:35 AM