Silence over security does not ensure safety

Summary:A report that big businesses in New Zealand have come together in secret to develop security standards raises the question: does secrecy over security actually make you safer?

The bane of many a journalist is getting organisations to comment on what they actually do, something noted in a revelation by Computerworld this week.

Just one large corporate — Genesis Energy — admitted that it was part of a new standards body, which has been developed by a number of corporates working with the New Zealand government's National Cybersecurity Centre.

We were not even told how many organisations were involved in setting up these voluntary standards, or even what these standards actually were.

Little was given as to the type of industries involved, other than they involve critical infrastructure, though a Genesis spokesman did say such standards were "available" to oil, gas, water, transport, and other industries.

Of course, the big fear is that if identified, organisations are creating targets for themselves. That hackers seeing a boastful business or government agency claiming to be safe, will look at that entity as a challenge ripe for exploitation and attack. Hence the secrecy, which is typically the case when reporting on ICT security.

If anything, I am reassured to hear that Genesis is so serious about taking security seriously that it has actually stuck its head above the parapet, as it were, to further highlight an issue that affects organisations large and small.

Its candidness will have added to what is a significant issue, one that still needs attention to from other organisations, even though ICT security has been an issue for decades and is something we should all be aware of.

Just last month, the National Cybersecurity Centre reported a 50 percent increase in cybersecurity breaches in New Zealand, more than half originating from overseas, though the 134 incidents reported in 2012 is believed to be an underestimate.

In 2013, New Zealand had also seen breaches ranging from a major incident affecting Telecom NZ and hundreds of thousands of its YahooXtra account users, to small organisations like the Gulf Harbour Yacht Club, the latter of which was one of many small organisations to be apparently hit by Turkish "script kiddies" last week.

Indeed, it is almost certain that all of these victims will have kept their mouths firmly closed about what they do in an attempt to keep themselves safe. But as we see, "No comment" offered no protection. Indeed, I bet the Australian Reserve Bank, the latest major victim of hackers in our part of the world, has been equally silent.

It will be interesting to see if Genesis Energy will be targeted by hackers in the days and weeks to come, and how the power company copes with any such attacks.

How it fares will probably have much impact on the willingness of organisations' ability to talk about security issues in the future and in turn, the industry's ability to openly discuss this important subject.

I wish Genesis Energy well, and I hope it does not come to regret its brave and seemingly unique decision.

Topics: Security, Government, New Zealand

About

Darren Greenwood has been in journalism, not all of it IT, since the days of typewriters and long before the web spun its way around the world.Coming from Yorkshire, he can be blunt, and though having resided in New Zealand, as well as Australia, for quite some time, he insists he is not one of the 'sheeple!'

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.