While the most immediate threat to organisations is posed by disillusioned insiders, terrorist groups are embracing the internet and could one day strike at New Zealand, attendees at the CIO Conference 2002 heard last week.
Hill is director of the Domestic and External Security Secretariat, which exists within the Department of the Prime Minister and Cabinet. Its role is to coordinate the government’s response to any domestic or external security situation, and to coordinate New Zealand’s security and intelligence community.
The secretariat carried out a stocktake of New Zealand’s counter-terrorism capabilities after September 11, which Hill says resulted in additional legislative powers plus increased funding for counter-terrorism efforts and protective security measures.
Hill says as more New Zealand businesses move online, this increases their risks to hacking and related cyber-attacks. “Geography doesn’t matter. It is not a protection. With the internet, it does not matter where you are.”
Cyber-threats could come from criminal groups, terrorists, foreign intelligence services or just hackers doing it for mischief.
An emerging trend was terrorist groups embracing the internet, mirroring what has happened in the business world.
Groups who have done this include Hamas, Palestinian Islamic Jihad, Hizbollah, Algeria’s Armed Islamic Group, Egypt’s Islamic Group and Al Qaeda. However, to date such groups have only committed acts of cyber-terrorism a few times, Hill says.
The Tamil Tigers made denial of service attacks against the Sri Lankan government in 1997 and there is an ongoing “cyber-jihad” in the Palestinian Al Aqsa intifadah, with Palestinian and Israeli groups attacking each other’s websites.
While New Zealand faces no immediate terrorist threats, Hill says the Government is acting against their potential with measures like the (as yet unpassed) Crimes Amendment Bill No 6 and the Electronic Transactions Bill and the NZ Police Electronic Crime Lab.
He also notes the Centre for Critical Infrastructure Protection was launched last August to advise organisations on information-borne attacks.