The Government has decided to overhaul New Zealand's cyber security oversight.
This is in response to growth in cyber attacks causing financial losses to individuals and businesses. In addition, state-sponsored hackers have attacked New Zealand computer systems.
As it strives to bolster protection against this, the Government has decided to bring the Computer Emergency Response Team (CERT NZ) under control of the National Cyber Security Centre (NCSC). This amalgamation was proposed by a review of cyber security last year.
“The cyber security threats New Zealand faces are growing in scale and sophistication," says the Minister for the Public Service, Andrew Little.
"We’re committed to staying ahead of the hackers, to protect communities, businesses and our public services."
“Having a single agency to provide authoritative advice and respond to incidents across every threat level is international best practice," says Little.
Little says the Government has invested $94 million in improved cyber security capability since 2018, but there is more work to do, with $5.8 million of direct financial losses from cyber incidents reported to CERT NZ in the first quarter of the year. In addition, the NCSC says it prevented $33 million of harm to the economy over the whole of last year.
The integration of CERT NZ into the NCSC will begin at the end of next month and will take several years. It will bring a body dealing mainly with the private sector under control of a major state agency connected to the GCSB.
In its most recent threat assessment, the NCSC reported 350 cyber attacks on nationally significant institutions, of which 118 were done by state -sponsored hackers. Both Russia and China were publicly named.
In July 2021 state-sponsored actors from China targeted ProxyLogon vulnerabilities in Microsoft Exchange, which enabled them to steal intellectual property and personal information from about 400,000 vulnerable global servers.
The NCSC was also alert in case cyber attacks by Russia on Ukraine spilled over into other countries including New Zealand. It said Russia had tried not to let its anti-Ukrainian cyber attacks spill over into other countries but this could change.
Cert NZ reported over 2000 incidents per quarter, with financial losses with losses of $5.8 million in the most recent quarter.
Many of these came from phishing scams.
We welcome your comments below. If you are not already registered, please register to comment.
Remember we welcome robust, respectful and insightful debate. We don't welcome abusive or defamatory comments and will de-register those repeatedly making such comments. Our current comment policy is here.