10 March 2014
New standards for cyber security have been developed and agreed by operators of critical power infrastructure in New Zealand.
The voluntary standards have been developed by the National Cyber Security Centre, which is part of the Government Communications Security Bureau (GCSB), and New Zealand Control Systems Security Information Exchange forum.
As part of the GCSB’s commitment to work with network operators, a draft of the Guidance paper for the Network Security section (part 3) of the Telecommunications (Interception Capability and Security) Act 2013 (TICSA) was released to network operators for consultation on the 17th of February 2014.
The draft Guidance provides an overview for network operators of the process they will need to follow under the Act, detail about the information they will need to provide and proposes some exemptions to the duty to notify.
The NCSC has released an advisory for mitigating the risks associated with mobile electronic devices. You can access the full advisory below.
If you have any questions regarding this advisory, please contact the NCSC at firstname.lastname@example.org
Reporting an Incident
If you are a New Zealand government institution or a Critical National Infrastructure (CNI) organisation and you have encountered or suspect the presence of a cyber threat, please complete and return an Incident Reporting Form. If required, you can speak with us directly on (04) 498-7654. All incident reports provided to the NCSC are treated in the strictest of confidence.
Some Interesting Stats
In its second year of operation, the NCSC saw an increase in the number of cyber security incidents reported, from a total of 90 in 2011, to a total of 134 in 2012. The bulk (60%) of the incidents reported to NCSC in 2012 originated from an overseas source.
The 2012 Sophos report states that approximately 30,000 new malicious URLs were found each day during the second half of 2011- an increase of 50% over the first half of the year.
In a research experiment, the Sophos Australia office purchased 50 USB flash drives from a lost property auction. A massive 66% of the drives were infected by malware.