InternetNZ moves to build Internet trust and security

InternetNZ has released its 2017 State of the Internet report, with a focus on trust, pledging to do more to build trust and security and calling on others to step up to the plate.

The organisation says understanding trust, and what all need to do to protect it, is vital if New Zealand as a society is going to realise the potential of the Internet.

The report says InternetNZ will: “seek to build a coherent framework for measuring and understanding trust online which looks at correctness, reliability, security, privacy and safety,” and will “work to drive up New Zealanders use of multifactor authentication.”

To achieve this it plans to promote multi-factor authentication directly to New Zealanders and to work with the New Zealand Internet Task Force (NZITF) — a non-profit organisation with the mission of improving the cyber security posture of New Zealand — and with any other willing collaborators to provide useful guidance for NZ organisations on how to start implementing MFA for their own workforces, and their customers.

According to there report, 36 percent of New Zealanders use two factor authentication on some accounts, 50 percent run regular backups, 74 percent regularly update their devices, to ensure they have the latest security fixes and 80 percent use PINs or passwords on their devices.

InternetNZ says it wants to see at least 95 percent of New Zealanders doing all these basic security behaviours.

It is also taking steps to boost the use of transport layer security (TLS) — the successor to secure socket layer (SSL) security for web sites that use https instead of http — and says that, for the 2018 report, it hopes to get collaboration from ISPs to obtain a figure for the percentage of Internet traffic in New Zealand that is encrypted and for how many New Zealand organisations turn on traffic encryption for their web and mail services.

“We are in a position to start examining how many encryption certificates are in use for .nz domains and .nz mail servers,” the report says. “While this does not represent the amount of encrypted traffic moving across New Zealand networks it is a useful indicator, or proxy.”

InternetNZ has also taken to scanning the .nz domain space every two months to detect whether it has traffic encryption enabled, what encryption protocol version is being used, and which certificate authorities the .nz domain holders are using. It has been doing this for only a short time but says the results are showing some very encouraging signs.

“That almost 50 percent of .nz has https support is an excellent place to start from,” the report says, with the caveat: “There are a number of versions of https protocols. Some are modern and secure  … TLS v1.0 and SSL v2 and v3 should no longer be used.”

The organisation is also lobbying for greater use of DNSSEC, a system for creating robust validation of DNS information.

InternetNZ has also called for publicly aggregated reporting on the percentage of traffic across New Zealand networks that is encrypted and for more resources to help new Zealanders improve their Internet security.

“We are going to make some resources for New Zealanders to get them to use multi-factor authentication,” it says. “We would love to see others building resources and advising New Zealanders on these things ASAP.”