Broadcasting, Communications and Digital Media Minister Clare Curran has initiated a comprehensive refresh of New Zealand’s approach to cyber security, releasing two cabinet papers detailing her proposed approach.
She announced the move in a speech at the Wellington launch of Auckland University’s Cyber Security Foundry, saying she wanted to “test whether the government has the right resources and the right arrangements to address the increasing cyber threats facing New Zealand.”
She said the review would involve close collaboration with the private sector and citizens.
“The refresh of the current strategy will be led by the National Cyber Policy Office (NCPO) within the Department of Prime Minister and Cabinet (DPMC) and involve a wide range of government agencies,” Curran said. “Workshops will be held at an early stage of the process.”
The review team is expected to submit its recommendations for a revised Cyber Security Strategy and Action Plan to Curran at the beginning of July to enable here to report back to the Cabinet External Relations and Security Committee by 31 July.
She listed the areas that “might be covered by the refresh,” as including:
- testing whether institutional arrangements are optimal;
- thinking about more structured engagement with the private sector;
- considering what more needs to be done to address cybercrime;
- expanding international efforts and looking at deterrence mechanisms;
- focusing on the scope to build New Zealand’s cyber security industry and research capability, and to grow a skilled cyber security workforce; and
- ensuring that new technologies are approached with security in mind.
In the cabinet paper Curran said she would like the refresh to “explore whether NZ Police’s existing international links are sufficient to deliver a comprehensive response to cybercrime … [including] exploring opportunities to build closer links with key international cybercrime units such as the European Cybercrime Centre within Europol and the International Cybercrime Coordination Cell with the Federal Bureau of Investigation,”
And also she said it should “consider the mechanisms available to us to dissuade or deter malicious cyber activities, particularly where it is state-sponsored or state-condoned … [including] the option of publicly attributing malicious cyber activity as a way of holding states to account.”