InternetNZ is keen to see how it can help with the government’s recently released Cyber Security Strategy, particularly by working on measures to identify and combat malware and infected computers, says CEO Vikram Kumar.
He can understand those who were disappointed with the lack of detail in the government’s strategy document, released earlier this month, and who demand more immediate action; but the document is “just a start; just the beginning of a strategy”.
Government should not be expected to provide all the knowledge and implementation resources itself, Kumar says; the ICT industry must play its part. The document itself emphasises “a partnership approach” early in the section on “New Zealand’s Response”. In particular, NetSafe, rather than a government agency is an appropriate body to invoke for an exercise in “raising awareness”, says Kumar; they have the necessary knowledge, skills and existing assets. ISPs will also be a valuable partner, he says.
Critics, some from within InternetNZ's membership, point to the lack of specifics about the cost of the exercise and the source of the funding.
Funding for the implementation of the strategy will be “within existing baselines”, says a spokesperson in ICT Minister Steven Joyce’s office; that is there will be no new funds, at least in the current financial year. This includes the formation of a National Cyber Security Centre, in the very near term.
The Security Centre will take over the functions of the existing Centre for Critical Infrastructure Protection (CCIP) but “will be larger than the CCIP due to its wider remit,” says Joyce’s representative. “The National Cyber Security Centre will be focussed on protecting high-risk government agencies,” while the CCIP provides services to help protect critical national infrastructure.
The strategy represents a material change in government policy in this area, says Kumar. Cybersecurity has hitherto been the domain of the intelligence agencies. Giving it into the charge of the Ministry of Economic Development signals a broader appreciation of the economic and social effects of a security breach, he says.
However, while the MED has been designated the lead agency responsible for coordinating cyber security policy, the day-to-day operation of the planned Cyber Security Centre will still reside within the GCSB.