Why refresh NZ’s Cyber Security Strategy? • Cyber security is an essential element of a connected, digital nation. • Cyber threat actors are increasingly bold, brazen and disruptive. New Zealand’s geographical location does not exempt us from this threat. • The risks and opportunities are not static and we need to be adapt. • New Zealand’s international partners are intensifying their cyber security and there is a cost to being left behind. • The government is committed to a number of digital initiatives – cyber security underpins digital innovation and services. • We want a framework for intensified government initiatives to improve New Zealand’s cyber security.
How are we refreshing NZ’s Cyber Security Strategy? • We’re taking a collaborative approach to refreshing the Strategy. • We’ve a cross-government team that’s engaged with a wide range of stakeholders to develop a ‘strawman’ Strategy, which we are testing with you today. • Once there is an agreed Strategy, a plan for further actions across the cyber security landscape will be finalised. • We want xxxx New Zealand’s cyber security.
Your views are important ….. • We want the refreshed Cyber Security Strategy to be well-informed and well-supported. • we will be inviting contributions from as diverse a range of stakeholders as possible (the private sector, non-government organisations, civil society, and public sector entities). • we want to hear what stakeholders think we could be doing to improve New Zealand’s cyber-security.
“We must protect the information and network systems that are vital to our economic growth, ensure the integrity and security of our increasingly digitalised government services and make sure Kiwis can interact online without suffering harm.” Minister Clare Curran
“It’s timely for us to step up New Zealand’s cyber security efforts so that we are not left vulnerable to cyber intrusion and to refresh the 2015 strategy so we can deal with increasingly bold, brazen and disruptive threats” Minister Clare Curran
Draft refreshed strategy (overview diagram) Vision and priority areas Values Guiding principles – we will work together in a way that:
Vision and values: what we want to achieve and why • Partnerships are essential – Government must work with the private sector and community • People are secure online – users need to have confidence to engage online without suffering harm, be able to pursue redress when things go wrong and their human rights must be protected. • Economic growth is enabled – cyber security underpins the digital economy and creates many opportunities • National security is upheld – threats from cyberspace are continuing to intensify Our last round of engagement suggested the previous Strategy’s principles were on the right track but we need to take a more people-centric approach
Cyber security aware and active citizens • What we want to achieve: • We have a culture in which people are secure online, and know what to do if something goes wrong. • Our planning and work will focus on: • practical, targeted, and regular awareness campaigns with actionable messages • making it easier to report cybercrime • increasing availability of educative tools so people can be secure online • sharing research so people can understand the threat and vulnerability landscape for New Zealand • This is a new priority for the strategy. Feedback has been clear about the need for people to be more aware of cyber security. People also need to be taking the right steps to keep themselves secure online. What else?
Strong and capable cyber security workforce • What we want to achieve: • New Zealand can rely on a strong cyber security workforce capable of preventing, adapting to, and responding to threats. • Our planning and work will focus on: • incentivising the growth of the cyber security industry in New Zealand • incentivising and increasing the supply of skilled cyber security workers • supporting the expansion of roles and opportunities for cyber security workers • supporting industry and professional organisations to promote responsible management of cyber security across their organisations and workplaces • This priority is a development of the need to build New Zealand’s cyber capability. Stakeholders have been clear that skills are a growing constraint. What else?
Resilient and responsive NZ • What we want to achieve: • New Zealand can resist cyber threats, and we have the tools and know-how to protect ourselves • Our planning and work will focus on: • vigorously protecting New Zealand’s most important information infrastructures • supporting businesses, NGOs, and community organisations to be protected and ready to respond and responding to major incidents • using cyber tools and partnerships to further New Zealand’s interests including national security and law enforcement activities • ensuring critical national infrastructure organisations take responsibility for the cyber security of their systems • improving the information security capabilities and resilience of the public sector • We’re expanding the focus beyond simply building resilience in significant infrastructure to being able to respond to incidents across the system What else?
Internationally active • What we want to achieve: • New Zealand’s cyber interests are advanced and protected through our international activity. • Our planning and work will focus on: • prioritising and building international partnerships and cooperation at both policy and operational levels • influencing to support the rules-based international order • preventing, deterring, and responding to malicious behaviour • strengthening regional capacity-building, confidence, and operational cooperation including for law enforcement activities • enabling New Zealand’s economic prosperity. • Across many areas of international relations New Zealand is intensifying its efforts to be seen and heard in international fora and supporting a well-functioning rules-based international system. What else?
Proactively tackle cybercrime • What we want to achieve: • New Zealand is secure because we proactively and collaboratively prevent, investigate, deter, and respond to cybercrime. • Our planning and work will focus on: • encouraging reporting of cybercrime and improve sharing of information about cybercrimes • making the law fit for purpose • investing more to act internationally to increase access to information, and contribute to global deterrence of cybercrime especially organised cybercrime • increasing support for victims of cybercrime • investing more in skilled people and resources to combat cybercrime • As criminal activity online continues to adapt and increase in severity and sophistication, our response must meet this challenge. What else?
Adapt and challenge • What we want to achieve: • New Zealand has a strong foundation for well-informed action, and innovation. • Our planning and work will focus on: • building and implementing a collaborative model for working together across all sectors • investing in research to better understand the threat and vulnerability landscape for New Zealand • supporting and incentivising researchers to produce high quality cyber security research • incentivising the cyber security industry to realise research findings • understanding, exploring, and responding to cyber security opportunities and risks arising from emergent technology • actively building cooperation between government, private sector, NGOs, and community organisations to achieve better cyber security outcomes • The cyber security landscape continues to change new technologies, risks and opportunities, we must continue to develop our capability to meet these challenges. What else?
Guiding principles • We will work together across the public, private, education, research, and community sectors in a way that: • builds and maintains trust • is people-centric, respectful, and inclusive • balances risk with being agile and adaptive • uses our collective strengths to deliver better results and outcomes • is open and accountable • enhances cyber security and New Zealand’s reputation. • Stakeholder’s have been clear in their expectations that government needs to focus more on collaboration and be clear about its intentions.
How and when • We’re still working on ideas for how to give effect to the strategy but know no-one has all the answers – we want your ideas. • For example, each priority may have its own plan of action, including links with the other priorities to improve cohesion across the system and priorities. • The pace of change in the digital space means that while year 1 is in focus and we can foresee what we need to do in year 2, years 3-5 are fuzzy and we need to be able to adapt as priorities and the cyber security eco-system changes. • The plan will be updated every year to reflect progress and changes.
Have your say • Tell us what you think of the Vision, Values, Priorities and Guiding Principles. • If there’s more you want to tell us after this session you can email us (email@example.com) • All today’s information can be found at www.connectsmart.govt.nz