Communications minister Simon Bridges has launched a new cyber security unit saying it will help New Zealanders respond to online threats.
The new unit, CERT NZ was foreshadowed in the 2016 Budget, which allocated it funding of $22.2m over four years. It will serve as the first place for New Zealanders to report a cyber incident and will provided five services: threat identification; vulnerability identification; incident reporting; response coordination and readiness support.
InternetNZ welcomed the move but said it represented a critical piece of Internet security infrastructure for New Zealand that was long overdue. “InternetNZ has been advocating for a New Zealand CERT since 2005 and we're really delighted to see it up and running,” CEO Jordan Carter said.
Bridges said CERT NZ would make it easier for people at work and at home to understand, prevent and recover from cyber security incidents. “We want to build a confident, secure and engaged online New Zealand as the ever-evolving digital world increasingly impacts on almost all aspects of our lives,” he said.
“New Zealand joins a large and sophisticated global network of CERTs, in which it will play an important role developing and executing best practice processes and systems to prevent and respond to cyber security incidents.”
Bridges said access to international best practice and threat information would increase New Zealand’s ability to protect its information and systems against cyber threats. “It will also enhance New Zealand’s reputation as a trusted business and security partner, which has benefits to our economy and our many businesses that rely on international trade,” he added.
However, Dr Ryan Ko, head of Cyber Security Lab at the University of Waikato, said more capabilities, in terms of tools and awareness, were needed for all public and private stakeholders – big and small. “This will allow them to be able to respond and get back to business quickly.”
He said the inability to respond quickly and effectively to attacks on the critical infrastructure in New Zealand represented one of the biggest cyber threats.
The new unit will work in partnership with:
-The Department of Internal Affairs (DIA), which investigates complaints about spam in New Zealand and which is responsible for enforcing the Unsolicited Electronic Messages Act 2007;
- The National Cyber Policy Office (NCPO) within the Department of the Prime Minister and Cabinet, which leads the development of cyber security policy advice for the New Zealand Government;
- The National Cyber Security Centre whose role is to protect New Zealand’s most significant organisations from cyber security threats.
- NetSafe, the independent, non-profit New Zealand organisation focused on online safety;
- The New Zealand Police.