By Paul McBeth
July 2 (BusinessDesk) - New Zealand's government will buddy up with like-minded countries to build a rules-based order supporting a peaceful and stable online environment at a time when state-sponsored cyber attacks are on the rise.
Broadcasting, Communications and Digital Minister Kris Faafoi today unveiled an updated cyber-security strategy with five priority areas for the next five years. That includes New Zealand advancing its interests internationally, championing a "free, open, secure internet".
"New Zealand considers that existing international law applies online as it does offline and supports the development and implementation of norms for responsible state behaviour to maintain a peaceful and stable online environment," the strategy said.
"We will respond to unacceptable behaviour in cyberspace and we will cooperate with others to prevent and deter malicious activity that threatens peace and security."
That international engagement will include building clearly prioritised international partnerships and cooperating at policy and operational levels, and lobbying for a rules-based international order and a free, open multi-stakeholder internet. The government will also seek to bolster the region's cyber-security with greater cooperation, including through law enforcement.
The government set aside $2 million a year for the next four years in this year's budget to support the roll-out of the strategy refresh, which was kicked off by Faafoi's predecessor, Clare Curran. She was mulling the introduction of ‘naming and shaming’ foreign actors supporting major cyber-attacks.
The strategy notes cyber risks are rising in an increasingly contested international order, which has undermined rules-based systems. That's been accompanied by more state-sponsored cyber operations, with tools developed to steal sensitive commercial information, disrupt critical systems, and interfere with democratic processes.
"We must be internationally active as the government works locally to create a cyber-secure nation," Faafoi said at a briefing in Wellington.
"We must also work and talk with international partners, given the global nature of threats. We will work with like-minded countries to advance our vision of a free open and secure internet."
New Zealand joined the international condemnation of the Russian-backed NotPetya cyber-attack in 2017, which initially targeted Ukrainian entities - including the country's power grid - and ended up disrupting computer systems around the world. That same year, the Government Communications Security Bureau raised concerns about reported links between North Korea and the WannaCry cyber-attack. The GCSB took the unusual step late last year of "naming" China as the source of attempted hacks on New Zealand websites.
The strategy's other priority areas include ensuring New Zealand can resist cyber threats, protecting the most important information infrastructures, supporting private and community organisations, and furthering the nation's interests, including national security and law enforcement.
Andrew Little, the minister responsible for the GCSB and Security Intelligence Service, was also at today's launch. Last year, he announced the government was considering how to best expand the Cortex cyber-security services beyond the 66 nationally significant public and private sector organisations currently receiving them.
GCSB ran a pilot with Vodafone New Zealand rolling out the Cortex system, which uses top-of-the-line technology, to a small number of the internet service providers' commercial customers. The intelligence agency's report on the trial to Cabinet showed the system could significantly dent malicious software incursions.
Faafoi today said Cabinet last year approved the roll-out of free network cyber defence capability to a broad cross-section of nationally significant organisations, and that should be done by June next year.
The strategy's priority to proactively tackle cyber-crime will include seeking Cabinet approval to accede to the Budapest convention on cyber-crime, increasing support for victims of cyber-crime, and increasing investment in international efforts to deter organised cyber-crime.
That will also see greater information-sharing between law enforcement and the financial sector to reduce victimisation, rewriting legislation to enable agencies to better manage and respond to cyber-crime, and lifting the government's ability to respond to objectionable material and terrorist activity online.
Last weekend, Australian Prime Minister Scott Morrison led a G20 leaders' initiative to lean on social media companies over the publication of violent content by terrorists in the wake of the Christchurch mass shooting on March 15. Morrison said he worked closely with New Zealand Prime Minister Jacinda Ardern in developing the statement.
The strategy's other priorities are to build a culture where people are security conscious through awareness campaigns and educating vulnerable users, and also to strengthen the cyber-security workforce by offering incentives to grow the local industry and support academic and industry-led research in the field.