INDEPENDENT NEWS

Govt Addressing Cyber-Crime And IT-Based Threats

By: New Zealand Government
Published: Mon 12 Feb 2001 09:52 AM
11 February 2001
Government Addressing Cyber-Crime And IT-Based Threats
State Services Minister Trevor Mallard has ordered a programme of work to improve protection for New Zealand’s critical infrastructure from cyber-crime and other IT-based threats such as computer “hacking” and viruses.
Trevor Mallard said the programme was aimed at anticipating risk, improving protection, and guarding against IT-based risks that could have an impact on New Zealand’s national welfare or New Zealand’s international standing.
Trevor Mallard said the programme included:
* Determining whether New Zealand should have its own unit to monitor IT security and risks on a day to day basis, and to provide advice and training on securing infrastructure from cyber-attacks.
* Advice to the Government on potential improvements to New Zealand law, and New Zealand’s role in international treaties, particularly to outlaw ‘denial of service’ attacks over the Internet. The Ministry of Justice is already considering legislation on this matter.
The Minister said he had received a report – prepared by the State Services Commission’s E-government Unit – that assessed the main cyber-risks to New Zealand’s critical infrastructure.
The report assesses levels of risk due to IT-based threats in finance and banking; transport; electric power; telecommunications and the Internet; oil and gas; water; and critical State services that support national safety, security, and income.
Trevor Mallard said the overall picture painted by the report was encouraging.
"Nonetheless, I have drawn the report to the attention of Ministers responsible for agencies or departments discussed in the report, so that they can seek reassurance as to levels of risk and measures to address that risk, where they see it necessary.
"I anticipate that some Ministers will seek reassurance from agencies for which they are responsible that they are prudently managing these risks.
"The most important thing is that New Zealand takes steps to anticipate risks in this area, and joins the international community in cooperative efforts that will enhance protection of infrastructure and make enforcement easier wherever cyber-crimes are committed."
The Minister said the work that he had already agreed to was part of existing departmental outputs. No extra funding was required.
Trevor Mallard said the report was being made public because the Government believed that citizens should have the maximum amount of information about the management of risks to New Zealand’s critical infrastructure.
The report looked at information-based threats to national welfare.
"The immediate role for the Government is to manage the main national risks, to New Zealand and New Zealanders, that come from cyber-crime or IT-based crime," he said.
Attached: Recommended strategy which the Minister has agreed to.
The report is available on the State Services Commission website: www.ssc.govt.nz
Recommended Strategy
The protection of critical national infrastructure from information related threats is an issue which merits taking notice, and is being taken seriously by other western nations. While owners of critical infrastructure in New Zealand are conscious of the need to protect it, this report has raised some concerns over specific issues. The recommendations below are aimed at providing infrastructure owners with the tools and information they need to protect against information related threats, and to promote cooperation toward a common view of infrastructure protection.
Recommendations
a The E-government Unit should investigate the establishment of a New Zealand-based security monitoring and incident handling organization with the following functions:
* provide timely information to critical infrastructure owners and government departments about threats, actual attacks and recovery techniques
* build local capability in incident handling and security research
* monitor global security issues and gather IT security intelligence
* build relationships with similar organisations, e.g. CERT.
* promote cooperation among clients in respect of IT security
* maintain statistics and incident databases
* promote standards and tools for IT security and risk management
* communicate to raise provider and public awareness of computer security issues
* maintain a model security service level agreement for use in outsourcing arrangements
* encourage production and adoption of relevant standards
* facilitate independent security/protection audit capability,
Rationale: By providing a New Zealand based centre of expertise the IT security skills and awareness of infrastructure providers and government departments can be bolstered.
b Government should consider harmonising computer crime legislation with that of other Western nations and participating in international cybercrime treaties. Furthermore, the Bill on this matter currently before the House should be extended to address denial of service attacks.
Rationale: There is currently little deterrent against casual attack on infrastructure. Improving our computer law will help. Furthermore, other jurisdictions are more likely to help with trans-border crime if New Zealand’s legislation parallels their own.
c The New Zealand Police should consider what is necessary to investigate computer break-ins and related attacks and prosecute perpetrators. This would involve:
* building investigative capability, while maintaining respect for privacy of Internet users; and
* building relationships with law enforcement authorities responsible for pursuing malefactors across national borders and co-operating with other countries who wish to pursue here.
Rationale: There is currently little deterrent against casual attack on infrastructure. Improving our computer law will help. Furthermore, other jurisdictions are more likely to help with trans-border crime if New Zealand’s legislation parallels their own.
d Establish an ongoing cooperation programme between owners of critical infrastructure and Government.
* Invite Responsible Ministers to write to critical infrastructure owners asking them to declare their support or otherwise of relevant security standards.
* Engage critical infrastructure providers at a senior level on the subject of IT threats to ensure that all infrastructure owners undertake and maintain formal risk analysis and management of information-related and physical threats.
* Direct the State Services Commission to review the state of critical infrastructure protection after 12 months.
Rationale: This will seek and maintain the commitment of infrastructure-owning organizations to an adequate level of protection, and will show the government’s commitment, on behalf of New Zealanders to the issue.
e Invite Transpower to lead a power industry infrastructure protection group, possibly as part of the group in recommendation d, to provide knowledge and cooperation in respect of infrastructure protection among power industry players, particularly lines companies.
Rationale: This is a highly competitive and technically complex industry with many players, some of whom have effective monopolies over power distribution in large areas. There is little or no evidence of cooperation in security or infrastructure protection matters. Transpower is uniquely positioned to assist the industry.
f Through the State Services Commission, direct government agencies to adopt specified appropriate IT security standards.
Rationale: As part of the movement toward e-government, the Government needs assurance that its own agencies are taking prudent steps to manage their own IT security. Though many of the large and critical agencies have already adopted relevant IT security standards, there are others who may lack understanding of the issues or technology.

Next in New Zealand politics

Maori Authority Warns Government On Fast Track Legislation
By: National Maori Authority
The Chair of the National Maori Authority, Matthew Tukaki, has warned a Parliamentary Select Committee that fast-tracking legislation is a perilous practice that undermines the core tenets of democracy, transparency, and accountability.
Comprehensive Partnership The Goal For NZ And The Philippines
By: New Zealand Government
A key outcome of the meeting was the agreement that New Zealand and the Philippines will upgrade their relationship to a Comprehensive Partnership by 2026.
Canterbury Spotted Skink In Serious Trouble
By: Department of Conservation
This discovery means the Canterbury spotted skink’s overall population is considerably smaller than our previous estimates.
Oranga Tamariki Cuts Commit Tamariki To State Abuse
By: Te Pati Maori
Te Pāti Māori is disgusted at the confirmation that hundreds are set to lose their jobs at Oranga Tamariki, and the disestablishment of the Treaty Response Unit. “This act of absolute carelessness and out of touch decision making is committing tamariki ...
Inflation Data Shows Need For A Plan On Climate And Population
By: New Zealand Council of Trade Unions
Data today shows headline CPI inflation at 4%, continuing the fall begun in March 2023. Rises are concentrated in particular sectors – especially services. This data also shows that that the minimum wage increase will be half the rate of inflation ...
Annual Inflation At 4.0 Percent
By: Statistics New Zealand
New Zealand's consumers price index increased 4.0 percent in the 12 months to the March 2024 quarter, according to figures released by Stats NZ today. The 4.0 percent increase follows a 4.7 percent increase in the 12 months to the December 2023 quarter. ...
View as: DESKTOP | MOBILE
Scoop Contact About Services Newsagent Login
Connect Submit News Social Media Scoop Network
Ethical Paywall Accredited Orgs. Licensing Terms of Use
© Scoop Media