3. What is cyber crime ?
The New Zealand Ministry of Justice (2013) seeks to define what is
cybercrime in the New Zealand context by suggesting that
“cybercrimes include criminal activities targeted at, or which utilize,
a computer or computer network” (Richardson & Gilmore, 2015, p.
54).
4. Cyber threats by the numbers
3445 incidents reported in 2018
Cyber crime affects one in five New Zealanders
New Zealand incurred over $14.1m as total financial loss
Most reported incidents were: phishing and credential harvesting
(stealing people’s IDs and passwords)
39% of those incidents linked to state-sponsored actors
$26.9million worth of harm reduced through operation of GCSB
(Government Security and Communications Bureau) cyber threat
defense capabilities.
(New Zealand’s Cyber Security Strategy, 2019, p. 7)
347 incidents
recorded from
1 July 2017 to
30 June 2018
5. Who are the targets ?
Telecommunication and ICT,
Banking and Finance,
Government and the pertinent e-services,
Electricity,
Water Supply,
Health Services i.e. hospitals,
Transportation (especially air, rail and road),
Emergency and Rescue Services,
National Security services i.e. police, armed forces,
Businesses and organizations
Examples of cybercrime include online bank theft, hacking, spying, fraud and denial
of service attacks
6. Types of Cyber Threats
Ransomware: is a form of malicious software which “encrypts a user’s
data until a ransom has been paid”. It can get attached as a link to a
recommended software for download (Wolak, p.4).
Phishing: where the hacker hacks confidential information presenting to
be an authorised individual or company. This malware was used during
Hillary Clinton’s election campaign in 2016 (in form of countless emails)
to hack information.
Whaling: it targets small number of individuals for a larger gain. It may
involve copying a CEO of a company’s signature or language to request
money transfer posing to be on a holiday (Wolak, 2018).
7. Types of Cyber Threats
The Grim Reaper: will not just block the device but several other devices. It
attacks devices like Wi-Fi cameras, DVR’s, routers, Wi-Fi points rendering
them unstable. It can turn the device into a weapon to hack information.
Distributed denial of service (DDoS): it can target several devices on one site
rendering them unstable. Slowing down businesses can lead to revenue loss
and disruption. These attacks are financially or politically motivated. PayPal
was attacked in 2010 disabling the fundraising page. It shut down the site for
over eight hours.
WannaCry: “May 2017 saw 150 countries affected by the “WannaCry”
cyberattack, infecting over 300,000 computers, totaling over 200,000 victims.
This malware was created to block users from their data, charging a ransom
of anywhere between $300 and $600”(Wolak, 2018, p.5).
8. Challenges to maintaining cyber security
Cyber related threats are on the rise and growing in size and
number (New Zealand’s cyber security strategy, 2019).
New Zealand is now a target of malicious actors. It is therefore
becoming necessary to protect sensitive information and data from
hackers.
Some of the challenges to maintaining cyber security includes:
Rapid change in technology, malicious actors becoming more
sophisticated, reporting cyber crimes and lastly diverse range of
threats.
9. Rapid change in technology:
Each cyber incident can vary in context and its consequence. With change
in technology new threats emerge. This requires quick adaption to the
changing environment.
It is very difficult to predict its onset and nature of invasion.
Innovation in mobile technology such as 5G pose new kinds of risks from
the previous versions of mobiles (New Zealand’s cyber security strategy,
2019).
10. Malicious actors becoming more sophisticated:
As business on the internet grows it attracts more cyber criminals that
are more sophisticated than before.
Threat actors may include individuals to nation states that have access to
same gadgets and technology.
“In 2017, the WannaCry outbreak caused major international disruption,
including shutting down computers in the United Kingdom’s National
Health Service. WannaCry was attributed to North Korean actors by a
number of New Zealand’s international partners, highlighting how
nation states can use cybercriminal tools, and vice versa”
(New Zealand’s cyber security strategy, 2019, p.4)..
11. Diverse range of threats:
There is no clear way to explain what the threat involves.
The challenges faced by an individual may be very different to the
challenges faced by a company.
“As all nations improve their cyber security, and where users
respond to one cyber security challenge, malicious actors will seek
new vulnerabilities and opportunities” (New Zealand’s cyber
security strategy, 2019, p.5)..
12. Reporting cyber crimes
Reporting cyber crime can remain another challenge in maintaining cyber
security because of public misconcept of whether to treat this form of
crime as an actual crime. Therefore, they often fail to report such crime.
Secondly, the channels they do report to fail to pass it on to the police
Thirdly, even if the police get a complaint they often fail to categorise it as
cyber crime.
Lastly, due to the anonymous nature of the crime committed, the chances
of the criminal being persecuted is rare.
Lax approach of the judicial system and coordination between agencies can
be an obstacle around developing a robust cyber security system.
13. New Zealand landscape
New Zealand’s remoteness gives it an advantage as it stands isolated
from many security threats. However given the interconnected nature of
the cyber world cyber related threats have become a growing concern.
Cyber connection has allowed New Zealanders to have the benefit to
access information with ease, have access to services and goods online,
have social interactions and entertainment via the internet (National
Cyber Security Centre, 2017/18). As the cyber world evolves it is
important to ensure security measures are taken to protect New
Zealanders from any risks.
“In the eyes of malicious cyber actors, this increasing connectivity and
adoption of digital services increases the available attack surface and
potential accessibility of New Zealand information infrastructures and
networks” (National Cyber Security Centre, 2017/18, p.8).
14. New Zealand landscape
Cyber criminals are always looking for lapses or vulnerabilities in security
measures within businesses, government and even individuals.
New Zealanders can be exposed to both direct and indirect cyber related
threats.
“The interests and activities of a range of actors in cyberspace, both state
and non-state, threaten to degrade the cyber security of New Zealand” (The
National Cyber Security Centre, 2016-17, p.7) .
Cyber security is important to ensuring New Zealanders operate in an
environment where their confidentiality and integrity is maintained.
Government response has been promising so far in trying to develop a
national strategy , a national cyber security centre as much as number of
legislations are underway to enhance cyber security.
15. National Cyber Security Centre
The government has established a cyber security centre and developed a national
cyber security strategy that has been in place since 2015. It is seen as an attempt
to improve cyber security across all sectors and a diverse range of actors
involved in threats like cyber-espionage, cyber-crimes, and cyber-attacks by
terrorist groups (Burton, n.d).
This kind of a national base helps improve security of government
infrastructure, improve facilitation between private and government sectors and
increase awareness amongst the public related to the issue.
16. National Cyber Security Centre
This organization is of national significance as it provides services,
guidance and support in areas related to cyber security. “The NCSC is an
operational branch of the Government Communications Security Bureau
(GCSB) that provides a range of advanced malware detection and disruption
services to consenting nationally significant organizations”(National Cyber
Security Centre, 2017/18, p.4).
It also provides advice in the areas of “cyber threat prevention and
mitigation”. The activities may include encrypting sensitive data or
monitoring any changes to the networks that may be of threat to national
security. It follows “a whole government approach” to security (National
Cyber Security Centre, 2017/18).
17. New Zealand Cyber Security Strategy
CYBER RESILIENCE
New Zealand’s most important information
infrastructures are defended from cyber
threats and the impact of any breaches is
mitigated.
CYBER CAPABILITY
New Zealanders, government agencies and
businesses understand cyber threats and have
the capability to protect themselves online.
ADDRESSING CYBERCRIME
New Zealand improves its ability to prevent,
investigate and respond to cybercrime.
INTERNATIONAL
COOPERATION
New Zealand protects and advances
its interests on cyberspace issues
internationally.
Cyber security
aware and active
citizens
18. Strategy is based on four principles
Partnerships are essential: is based a collaborative effort between the government
and public and private sector and the community to combat cyber security threat.
Economic growth is enabled: to ensure that New Zealanders operate in an
environment conducive to their growth and well being. Such an environment can
help boost New Zealand’s economic growth.
National security is upheld: to be able to protect national security is the key
purpose of the strategy. It requires adaptability, resilience, preparation against any
adversity (New Zealand’s cyber security strategy, 2019).
Human rights are protected online: to ensure New Zealanders operate in an
environment where they feel safe and their human rights are protected. They are
able to operate in a space where there is no fear of anyone causing them any harm
and their privacy is protected.
19. Shortcomings of the cyber crime strategy
The strategy suffers from several shortcomings:
Firstly, although the strategy is based on best practice it is highly likely that
New Zealand is not investing on the right resources in terms of intelligence,
law enforcement, military and other agencies that can bring positive changes
around tackling the issue.
Secondly the definition of cyber crime within this strategy remains obscure
making it difficult to classify this form of crime.
Thirdly, the framework is broad and spreads across several organizations.
Lastly, "it does not fit into the category of a comprehensive strategic
document” (Rothery, n.d, p.9).
20. CONCLUSION
To conclude, cyber security is turning into a serous concern for New Zealand
government with internet users on the rise that is giving way to a new kind of
security threat.
New Zealand government has been finding it hard to mitigate the effects of
cyber crime that are on the rise as the landscape is changing rapidly in the era
of globalization.
To ensure stability, growth and security of this country does not come under
threat, New Zealand government has developed cyber security strategy and
has had a national security centre in operation, to deal with the day to day
problems related to cyber security.
21. CONCLUSION
Although the cyber security strategy has been operational since 2015,
there are other challenges that renders such strategy weak and hard to
implement.
These challenges range from rapid change in technology to, the actors
getting more sophisticated with time and the types of threat becoming
more diverse.
These complexities can have serious implications for the government,
businesses and community at large. As the security realm evolves New
Zealand government needs to find quick solutions that can match up
with the pace.
22. REFERENCES
Ash, P. (2017). Briefing to Incoming Minister responsible for cyber security policy. Retrieved from
https://www.beehive.govt.nz/sites/default/files/2017-12/Cyber%20Security.PDF
Burton, J. (n.d.). Cyber security: the strategic challenge and New Zealand*s response. Retrieved from
https://www.academia.edu/15114337/Cyber_Security_The_Strategic_Challenge_and_New_Zealands_Respons
e
Department of the Preime Minister and Cabinet. (2019). New Zealand’s cyber security strategy 2019 Enabling
New Zealand to thrive online. Retrieved from https://dpmc.govt.nz/sites/default/files/2019-
07/Cyber%20Security%20Strategy.pdf
Fong, L. (2017). Cyber Threat Report National Cyber Security Centre: Cyber Threat Report 2017/18.
Retrieved from https://www.ncsc.govt.nz/assets/NCSC-Documents/NCSC-Cyber-Security-Resilience-
Assessment-F-WEB.pdf
Richardson, S., & Gilmour, N. (2015). Cyber Crime and National Security: A New Zealand Perspective. The
European Review of Organised Crime, 2(2), 51-70. Retrieved from
https://www.academia.edu/16517453/Cyber_Crime_and_National_Security_A_New_Zealand_Perspective
Rothery, C. (2019.). TIME FOR A NATIONAL SECURITY STRATE. Retrieved from
http://nationalsecurityjournal.nz/files/2019/09/NSJ-2019-October-Rothery.pdf
23. REFERENCES
Shafqat, N., & Masood, A. (2016). Comparative Analysis of Various National Cyber Security Strategies.
International Journal of Computer Science and Information Security, 14(1). Retrieved from
https://www.academia.edu/21451805/Comparative_Analysis_of_Various_National_Cyber_Security_Strate
gies
Wolak, M. (2018). The evolution of cyber threats:Embracing Cyber Risk Management. Retrieved from
https://deltainsurance.co.nz/wp-content/uploads/2018/02/Delta-Insurance-Cyber-White-Paper.pdf
Hinweis der Redaktion
Hello, I am Smita and today’s presentation is about cyber security in New Zealand. World Economic Forum presents a grim picture about cyber attacks as being one of the biggest threats in the coming decades after food shortage, natural disasters, water shortage, failed government and social instability. (Wolak, 2018).
What is cyber crime? The New Zealand Ministry of Justice (2013) seeks to define what is cybercrime in the New Zealand context by suggesting that “cybercrimes include criminal activities targeted at, or which utilize, a computer or computer network” (Richardson & Gilmore, 2015, p. 54).
According to New Zealand cyber security strategy 2019
3445 incidents were reported in 2018
New Zealand incurred over $14.1m as total financial loss
Most reported incidents were: phishing and credential harvesting (stealing people’s IDs and passwords)
39% of those incidents were linked to state-sponsored actors
347 incidents were recorded from 1 July 2017 to 30 June 2018
$26.9million worth of harm reduced through operation of GCSB (Government Security and Communications Bureau) cyber threat defense capabilities.
Cyber crime affects one in five New Zealanders. It is quite evident that cyber crime poses a serious threat to New Zealand. Wolak argues, that New Zealand’s negligent approach to cybersecurity in comparison to other developed countries makes it one of the most vulnerable countries amongst the Asian economies and is nine times more likely to be exposed to cybercrimes (Wolak, 2018). These statistics present a grim picture for the New Zealand security landscape. This means New Zealanders and their businesses are losing money every day and their personal information is being compromised.
Some of the sectors that are considered critical targets are:
Telecommunication and ICT,
Banking and Finance,
Government and the pertinent e-services,
Electricity,
Water Supply,
Health Services i.e. hospitals,
Transportation (especially air, rail and road),
Emergency and Rescue Services,
National Security services i.e. police, armed forces,
Businesses and organizations
Examples of cybercrime include online bank theft, hacking, spying, fraud and denial of service attacks.
Cyber crimes are not new kinds of crimes but are alternative ways to commit crimes such as theft, fraud, identity theft, extortion or even indulging in terrorist activities (Richardson & Gilmour, 2015). These threats can appear in many forms as they continuously change and adapt to new technologies and security measures.
The motives can range from economic, commercial, espionage to political motives. The different types of cyber threats include.
Ransomware: is a form of malicious software which “encrypts a user’s data until a ransom has been paid”. It can get attached as a link to a recommended software for download (Wolak, 2018, p.4).
Phishing: where the hacker hacks confidential information presenting to be an authorised individual or company. This malware was used during Hillary Clinton’s election campaign in 2016 (in form of countless emails) to hack information.
Whaling: it targets small number of individuals for a larger gain. It may involve copying a CEO of a company’s signature or language to request money transfer posing to be on a holiday (Wolak, 2018).
Further, cyber threats include
The Grim Reaper: will not just block the device but several other devices. It attacks devices like Wi-Fi cameras, DVR’s, routers, Wi-Fi points rendering them unstable. It can turn the device into a weapon to hack information.
Distributed denial of service (DDoS): it can target several devices on one site rendering them unstable. Slowing down businesses can lead to revenue loss and disruption. These attacks are financially or politically motivated. PayPal was attacked in 2010 disabling the fundraising page. It shut down the site for over eight hours.
WannaCry: “May 2017 saw 150 countries affected by the “WannaCry” cyberattack, infecting over 300,000 computers, totaling over 200,000 victims. This malware was created to block users from their data, charging a ransom of anywhere between $300 and $600”(Wolak, 2018, p.5).
Challenges to maintaining cyber security
Cyber related threats are on the rise and growing in size and number (New Zealand’s cyber security strategy, 2019).
New Zealand is now a target of malicious actors. It is therefore becoming necessary to protect sensitive information and data from hackers.
Some of the challenges to maintaining cyber security includes: Rapid change in technology, malicious actors becoming more sophisticated and lastly diverse range of threats.
The first challenge is, the Rapid change in technology:
Each cyber incident can vary in context and its consequence. With change in technology new threats emerge. This requires quick adaption to the changing environment.
It is very difficult to predict its onset and nature of invasion.
Innovation in mobile technology such as 5G pose new kinds of risks from the previous versions of mobile (New Zealand’s cyber security strategy, 2019).
The Next challenge includes, Malicious actors that are becoming more sophisticated:
As business on the internet grows it attracts more cyber criminals that are more sophisticated than before.
Threat actors may include individuals to nation states that have access to same gadgets and technology.
“In 2017, the WannaCry outbreak caused major international disruption, including shutting down computers in the United Kingdom’s National Health Service. WannaCry was attributed to North Korean actors by a number of New Zealand’s international partners, highlighting how nation states can use cybercriminal tools, and vice versa” (New Zealand’s cyber security strategy, 2019, p.4)..
Next is, Diverse range of threats:
There is no clear way to explain what the threat involves.
The challenges face by an individual may be very different to the challenges faced by a company.
“As all nations improve their cyber security, and where users respond to one cyber security challenge, malicious actors will seek new vulnerabilities and opportunities” (New Zealand’s cyber security strategy, 2019, p.5)..
Reporting cyber crimes
Reporting cyber crime can remain another challenge in maintaining cyber security because of public misconcept of whether to treat this form of crime as an actual crime. Therefore, they often fail to report such crime.
Secondly, the channels they do report to fail to pass it on to the police
Thirdly, even if the police gets a complaint they often fail to categorise it as cyber crime.
Lastly, due to the anonymous nature of the crime committed, the chances of the criminal being persecuted is rare. (Richardson & Gilmour, 2015). Lax approach of the judicial system and coordination between agencies can be an obstacle around developing a robust cyber security system.
According to National Cyber security Centre
New Zealand’s remoteness gives it an advantage as it stands isolated from many security threats. However given the interconnected nature of the cyber world cyber related threats have become a growing concern.
Cyber connection has allowed New Zealanders to have the benefit to access information with ease, have access to services and goods online, have social interactions and entertainment via the internet (National Cyber Security Centre, 2017/18). As the cyber world evolves it is important to ensure security measures are taken to protect New Zealanders from any risks.
“In the eyes of malicious cyber actors, this increasing connectivity and adoption of digital services increases the available attack surface and potential accessibility of New Zealand information infrastructures and networks” (National Cyber Security Centre, 2017/18, p.8).
Cyber criminals are always looking for lapses or vulnerabilities in security measures within businesses, government and even with individuals.
New Zealanders can be exposed to both direct and indirect cyber related threats.
Direct threats have a specific agenda targeted at government departments or companies in order to cause damage or harm. Indirect threats on the other hand are aimed at targets randomly that are vulnerable such as organizations and individuals but can still pose a security threat to the country (National Cyber Security Centre, 2017/18).
“The interests and activities of a range of actors in cyberspace, both state and non-state, threaten to degrade the cyber security of New Zealand” (The National Cyber Security Centre, 2016-17, p.7).
Cyber security is important to ensuring New Zealanders operate in an environment where their confidentiality and integrity is maintained.
Government response has been promising so far in trying to develop a national strategy , a national cyber security centre as much as number of legislations are underway to enhance cyber security.
The government has established a cyber security centre and developed a national cyber security strategy that has been in place since 2015. It is seen as an attempt to improve cyber security across all sectors and a diverse range of actors involved in threats like cyber-espionage, cyber-crimes, and cyber-attacks by terrorist groups (Burton, n.d).
This kind of a national base helps improve security of government infrastructure, improve facilitation between private and government sectors and increase awareness amongst the public related to the issue.
This organization is of national significance as it provides services, guidance and support in areas related to cyber security. “The NCSC is an operational branch of the Government Communications Security Bureau (GCSB) that provides a range of advanced malware detection and disruption services to consenting nationally significant organizations”(National Cyber Security Centre, 2017/18, p.4). It also provides advice in the areas of cyber threat prevention and mitigation. The activities may include encrypting sensitive data or monitoring any changes to the networks that may be of threat to national security. It follows “a whole government approach” to security.
New Zealand’s cyber security strategy was developed in 2015 and has been in operation since. It is seen as New Zealand government response and commitment to addressing cyber security threat and to transform New Zealand to a safe and secure place for online users. It is to ensure New Zealanders personal information are not compromised. Number of actions have been taken since to realise this vision which includes establishment of CERT (computer emergency response team), Government Communication Security Bureau’s (GCSB) and New Zealand’s participation in the first Cyber security summit. It also includes increasing awareness and training of New Zealand police with the latest tools to address cyber crimes. These steps have been taken to enhance New Zealand’s response to cyber threat.
The strategy covers five key areas that intersect:
Cyber Resilience
New Zealand’s most important information infrastructures are defended from cyber threats and the impact of any breaches is mitigated.
Cyber Capability
Government agencies and businesses have the capability to understand and protect themselves from cyber threats.
Addressing Cybercrime
Government and businesses should have the ability to address cyber threats.
Cyber Security Aware and Active Citizens
Build awareness amongst the New Zealanders about what the threat involves and prepare them against vulnerabilities.
International Cooperation
To ensure in this era of globalization such threats are dealt with internationally through mutual cooperation.
The strategy is based on four principles
Partnerships are essential: is based a collaborative effort between the government and public and private sector and the community to combat cyber security threat.
Economic growth is enabled:: to ensure that New Zealanders operate in an environment conducive to their growth and well being. Such an environment can help boost New Zealand’s economic growth.
National security is upheld: to be able to protect national security is the key purpose of the strategy. It requires adaptability, resilience, preparation against any adversity (New Zealand’s cyber security strategy, 2019).
Human rights are protected online: to ensure New Zealanders operate in an environment where they feel safe and their human rights are protected. They are able to operate in a space where there is no fear of anyone causing them any harm and their privacy is protected.
Shortcomings of the cyber crime strategy
The strategy suffers from several shortcomings:
Firstly, although the strategy is based on best practice it is highly likely that New Zealand is not investing on the right resources in terms of intelligence, law enforcement, military and other agencies that can bring positive changes around tackling the issue.
Secondly the definition of cyber crime within this strategy remains obscure making it difficult to classify this form of crime.
The framework is broad and spreads across several organizations.
“It does not fit into the category of a comprehensive strategic document” (Rothery, n.d, p.9).
To conclude, cyber security is turning into a serous concern for New Zealand government with internet users on the rise that is giving way to a new kind of security threat. This type of crime can prove to be of threat to government infrastructures, businesses, intellectual property and individuals personal information that can disrupting services and online trading and normal functioning of the society. The New Zealand government has been finding it hard to mitigate the effects of cyber crime that are on the rise as the landscape is changing rapidly in the era of globalization. To ensure the stability, growth and security of this country does not come under threat New Zealand government has developed strategies and has had a national security centre in operation to deal with the day to day problem related to cyber security.
Although, the strategy has been operational since 2015, there are other challenges that renders such strategy weak and hard to implement. These challenges range from rapid change in technology to, the actors getting more sophisticated with time and the types of threat becoming more diverse. Lax approach of the judicial system and coordination between agencies can be can obstacle to form a robust system around cyber security. These complexities can have serious implications for the government, businesses and community at large. As the security realm evolves New Zealand government needs to find quick solutions that can match up with the pace.