New Zealand responds to cybercrime, joins global CERT club

It's been a long time coming, but New Zealand is finally forming its onw national CERT, or Computer Emergency Response Team, to defend business and infrastructure against cyber crime,

ZDNet reported plans to form an NZCERT in 2006 and the concept has since then been promoted by Internet NZ and the NZITF among others.

Over 100 countries already have CERTs or their equivalent and they often cooperate to identify and respond to threats. Australia's AusCERT was founded in 1993.

Launching the Government's new Cyber Security Strategy last night in Auckland, communications minister Amy Adams also announced the formation of a CERT as the cyber security "front door" for New Zealanders.

"It will be the place where everyone can report cyber incidents, including small and medium size businesses," she said.

"As a result we will be able to build a better picture of the cyber security threat facing New Zealand.

"The CERT will also provide trusted advice about current cyber threats so that people and organisations can take action to avert incidents."

This week New Zealand's lead national security agency, the GCSB, revealed that there were 190 significant cyber security incidents the 12 months to June 2015. Of these, 114 targeted government networks and systems and 56 targeted the private sector.
Adams said a threat analysis tool will gather information about threat patterns and techniques to help New Zealanders and organisations handle cyber threats.
"The national CERT will be solely dedicated to cyber security - it will be the central component of New Zealand's cyber security architecture."

Adams emphasises the government's approach was a public private partnership.

"Cyber security is about partnerships and so over the coming months we want to work with you to determine how best to structure the CERT to ensure the right blend of public and private collaboration," she said.

"Guided by four principles, the new Cyber Security Strategy sets out a clear high level framework for the government and private sector to work hand-in-hand to improve New Zealand's cyber security.

"It's accompanied by an Action Plan which details the specific steps to be taken and pulls together existing and new initiatives. It will provide a means to measure progress."

The strategy looks beyond critical infrastructure to build cyber capability generally among citizens and small businesses.

In addition to the existing Connect Smart SME toolkit, a new online questionnaire has been launched to assist businesses understand basic steps that could make a difference to the security of their information.

Adams said this is a first step towards the development of a "cyber credentials" scheme to provide a "cyber security tick" to businesses with good cyber security practices.

A new plan to address cybercrime was also launched and a Cyber Security Summit will be held next year.

"Addressing cybercrime involves lifting the government's capability, particularly that of the Police, to deal with cybercrime," Adams said.

"Our new inter-agency plan focuses on prevention through building awareness and helping Kiwis and businesses to protect themselves, while also building the capability of Police and other agencies to deal with crimes committed online."