CYBER RESPONSE TEAM HIGHLIGHTS THREATS AND OPPORTUNITIES

Cyber Security
 A new unit established to combat cybercrime in New Zealand highlights the urgent need for home grown cyber security experts.The Prime Minister’s recent announcement of $22m in funding for a new Computer Emergency Response Team (CERT) is a welcome addition in an area of growing concern.

The CERT is as important as the creation of the Ultra-Fast Broadband. It will help keep UFB secure and therefore maximise the benefits of this great initiative. It will also link New Zealand much more closely with the international community and allow for more international collaborations.

Here in New Zealand we may be protected from some of the world’s ructions by our relative isolation, but we cannot rely on our geographic distance for protection when it comes to cybercrime.

Cybercrime transcends borders and on the internet we’re not isolated.

In fact, because Kiwis are known as early adopters of new technologies and have a reputation for being trustworthy and trusting, there’s a danger that without adequate protection we could be seen as an easy target for hackers.

What we know from the Cyber Security Research Centre at Unitec is that attacks are attempted against New Zealand many, many times a day. Real money is being lost as businesses, especially small businesses, fall victim to online crime. And as the New Zealand Herald reported recently, there are seven potentially significant cyber intrusions aimed at New Zealand organisations detected by the Government Communications Security Bureau every month.

But while the threat of hacks and other online scams is growing, there’s also the opportunity for New Zealanders to forge important careers in cyber security.

The creation of the CERT highlights the need for people to work in this field. Where will the people to run these operations come from? And where will the products needed to counter cybercrime be developed? There is a skills shortage in ICT already so we must do more to raise the profile of cyber security as both a threat – and as an opportunity.

The tertiary education and research sectors have an important role to play in this and in equipping New Zealand with the people who can do this work. With our willingness to adopt new technologies and our trusted brand we are well placed to make a difference.

Tertiaries can train future and existing staff in advanced, state-of-the-art technologies in cyber security, including system and network forensics, threat intelligence, penetration testing and counter-intelligence operations.We can also contribute by building new technologies for the CERT which are not available ‘off the shelf’. This could include improving data correlation with big data.

Sourcing these technologies locally means not disclosing our national security requirements to any foreign powers or corporations, and also builds a capability pathway for the CERT.

A stakeholder’s group from within the CERT and relevant agencies could be formed to determine requirements and resource research and development projects as required.

With the right collaboration between government, industry and education these things are all possible. For example Unitec, which offers undergraduate and postgraduate programmes in cyber security, last year launched the Red Alert system which is designed to alert companies and organisations to a cyber hack as soon as it happens. According to Mandiant’s 2013 MTrends report the number of days a cyber threat was present in a victims’ system before being detected was 299, by which time significant harm can be caused.

Looking ahead to a time when Ultra-Fast Broadband is commonplace in New Zealand we will need to increase the investment in cybersecurity. In April, Australia announced a new AU$230m cyber security package and an overhaul of policy to bring it in line with the approach from many other developed countries.

This is an indication of where cyber security is heading globally and New Zealand will need to ramp up our efforts.

 

Professor Hossein Sarrafzadeh is the director of the Cyber Security Research Centre at Unitec