The major attack last month on the Estonian internet domain and government websites has kindled energetic debate among InternetNZ members over whether and how to respond.
Some were at first willing to believe early rumours that the attacks had been traced to processors within Russian government agencies, and to issue strong statements deploring the supposed attack by the government of one country on the domain of another.
Subsequent discussion revolved around the advisability of the “apolitical” InternetNZ making anything that looked like a political response, or if it protested generally against any interference, whether it would be committing itself to expressing an opinion about each and every attack on a commercial organisation.
More cautious views appear to have prevailed, with the original commentor withdrawing a proposed draft statement after a few days.
InternetNZ is now unlikely to make any public statement on the subject, says communications officer Richard Wood.
Discussions also questioned the adequacy of protection for New Zealand against similar attacks and this will be a topic for further exploration, Wood says.
“There was already an intention to explore the possibility of setting up a CERT (Computer Emergency Response Team) for New Zealand,” Wood says.
The Estonian episode has prompted further exploration of the internet infrastructure security question. At present New Zealand relies on reports from the Australian AusCERT and the NZ government’s Centre for Critical Infrastucture Protection.
One party to the discussion suggested New Zealand’s much-criticised skinny international bandwidth might, ironically, strangle a major overseas attack and prevent it affecting local infrastructure, but it was pointed out that only a small message might be required to trigger a botnet of already compromised PCs within New Zealand to launch a large internal denial of service attack.