Big on promises, short on detail: NZ releases latest cyber strategy


The New Zealand Government has unveiled its latest cybersecurity strategy, offering a grand vision to protect citizens and quell rising financial losses stemming from online activities. Yet, whilst bold in outlook, it offers scant detail on concrete action.

The Government has pledged NZ$8 million to implement its revised cybersecurity strategy, alongside an extra NZ$9.3 million allocation to support the country’s national cybersecurity response centre, CERT NZ.

“Our cyber security system is maturing. New institutions like CERT NZ have been established and all our government agencies with cyber security responsibilities are building significant connections across the system, both domestically and internationally,” the report said.

The 2019 cyberstrategy will serve to protect the 90 per cent of Kiwis who are active online, the strategy document said, with the hope of rebuilding trust and confidence in the face of mounting cyber threats.

Last year, New Zealand reported 3,445 cyber incidents, resulting in more than $14.1 million in financial loss, according to a CERT NZ (Computer Emergency Response Team) report.

While scant on detail, the strategy overall seeks to shift responsibility for cybersecurity from the Government to all New Zealanders, fostering a cyber-safe culture that improves citizens’ online vigilance. The Government will also seek better coordination between public and private sectors to enforce a more cyber-secure culture.

The strategy sets out five key priorities from 2019 to 2023: increasing cybersecurity awareness for citizens, building a strong and capable cybersecurity workforce and ecosystem, to become internationally active within the cybersecurity field, to become more resilient and responsive to threats, and to proactively tackle cybercrime.

This is hardly the first comprehensive security strategy released by an NZ Government. In 2011, the Key Government’s cyber strategy made a number of important contributions to the country’s digital security landscape, including the creation of the national National Cyber Security Centre (NCSC) and National Cyber Security Office (NCSO). Its follow-up report, released in 2015, outlined a decisive vision but paid little heed to how it would be achieved.

Across the Tasman, the Federal Government touched on similar priority areas in its own 2017 cyber strategy report, highlighting citizen education, better infrastructure, and deeper corporate-level partnerships as key focus areas.

Turnbull Government-commissioned report, now two years old, proffered a number of cybersecurity goals, including the broadening the AFP’s investigative powers, cyber research sponsorship, security vulnerability analysis for the corporate sector, and a more detailed ‘Essential Eight‘ best practice guidelines by the Australian Signals Directorate – providing baseline cybersecurity standards for organisations with a digital presence.