National Cyber Policy Office: ‘Our geographical isolation provides no protection against cyber threats’

Last year, the New Zealand Defence Force (NZDF) exhibited its interest in digital technology with the production of the Force Fit app, which provided a very modern solution to the growing problem of unfitness among young people.

But the NZDF doesn’t only dabble in digital technology for the purposes of marketing. The military organisation also sees it as integral to the sovereignty and safety of New Zealand.

“New Zealand faces on-going cyber risks,” says a government spokesperson from the National Cyber Policy Office*.     

“Our geographical isolation provides no protection against cyber threats.  New Zealand, like many other countries, is dependent on information technology.”

So, while New Zealand enjoys relative safety provided by the giant moat known as the Pacific Ocean, this material defence does no exist in a world connected by ethernet cables under the seabed.

“This brings inevitable vulnerabilities – not just the risk of malfunction, but the increasing risk of malicious actions.  The cyber environment provides opportunities for those with criminal, hostile or offensive objectives. There are numerous examples of major cyber incidents offshore – these incidents can affect New Zealanders and their businesses; we should not be complacent about the prospect of a major incident happening in New Zealand.”

According to the spokesperson, such an incident could include hacktivism, cyber vandalism, foreign State-sponsored cyber espionage, intellectual property theft, or cyber terrorism (which might involve state-sponsored retaliatory action).

Given the rapid growth of digital interfaces in the decade from 2000 to 2010, the Government in 2011 released ‘New Zealand’s Cyber Security Strategy’, a document that outlines several steps the Government has taken to lessen the risk of a cyber attack on New Zealand citizens. 

“The government believes that a multi-layered approach to achieving cyber security is required,” says the spokesperson. “This involves technical protections, intelligence, operational coordination, standards and assurance, legislation, awareness-raising, training, education, research, and international engagement.  There is no silver bullet.”

The importance of vigilance on the part of common citizens is interesting, given that places at least some level of responsibility on the shoulders of the very people the military is supposed to protect. And this has necessitated a different approach.

“Building cyber capability amongst individuals, businesses, government departments and organisations is important to ensure that New Zealanders at all levels have the skills and tools to protect themselves online and to make it harder for malicious cyber actors to steal private data.”

For this reason, in June last year, the the government launched the ‘Connect Smart’ campaign, which gives home users, businesses and schools tips on how to keep their digital property safe from malicious infringements.

Upon the launch of the campaign, Paul Ash, the director of the National Cyber Policy Office, pinpointed Kiwi complacency regarding digital security as one of the justifications for the campaign:

“We knew public awareness was lower than it needed to be – but we didn’t know by how much.  The research told us the scale of the challenge was bigger than we had imagined.

We learnt that:

  • Most New Zealanders are unresponsive to cyber security breaches.  83 percent have experienced a breach.  But only 39 percent of us changed anything about our online behaviour.
  • The majority of Kiwis rarely change their online passwords.  40 percent never or hardly ever change passwords, and 43 percent do so only occasionally. 
  • People are leaving themselves – and their employers – exposed due to relaxed device security.  66 percent secure their personal smartphone with a password.  Only half secure their work smartphone.
  • We kiwis tend to be cautious when transacting online – two-thirds check for secure payment platforms.  Half look for a professional looking site that doesn’t seem dodgy.
  • Most encouragingly, our research tells us New Zealanders want to find out more.  Almost one in five kiwis say they find the topic of cyber security overwhelming.  But most New Zealanders are interested in finding out more about prevention and identification of cyber security risks and nearly three-quarters say they’d like to receive proactive advice on the subject.”

{% gallery ‘connectsmart’ %}

The campaign, developed by Acumen Republic, also includes a Spark-sponsored Digital Clans Quiz, which categorises Kiwis into one of five groups of digital users: the digital cowboys, the cautious connectors, the digital converts, the constant connectors and the digital pace setters (Acumen Republic also recently won the account after an RFP and will further develop the Connect Smart brand in 2015).

The user’s category will be determined by the answers chosen in the quiz, and the advice given will be tailored to this categorisation. When it comes to online proficiency, users’ skill levels vary significantly and this approach aims to ensure that different users don’t disregard the advice on account of it not sounding relevant.

But even if members of the public are vigilant, this might not be sufficient to ensure that an infringement doesn’t happen. By their very definition, hackers are adept at sidestepping security systems and finding the information that they want.

And as the National Cyber Policy’s spokesperson says: “Malicious cyber actors can act stealthily and anonymously online, leaving few clues, and operating from any internet-connected location globally. This makes it hard to distinguish between State-sponsored cyber intruders, organised cyber-criminal groups and an isolated computer hacker, or to reliably attribute responsibility. As a result, it can be very difficult to determine whether a cyber intrusion constitutes an act of war – an act of aggression by another State.”

Given these challenges, the NZDF has in recent years ramped up its digital and technical capabilities in an effort to ensure that government files are kept safe.  

“The NZDF protects its information and systems in line with its responsibilities as an agency in the State Services,” says the spokesperson.

The Cyber Policy Office would not release any further information in regard to what these defence structures might include, because of the risk that “it would likely prejudice the security or defence of New Zealand**”.

Also, increasingly relevant is the use of social media for the purposes of spreading information.
So key is social media to modern military activities that the British Defence Force will in April be recruiting 1,500 soldiers to take charge of alternative digital warfare. This 77th Brigade, as it was called by a spokesperson in a Guardian article, will include digital experts as well as people with media and social media experience.

The Spokesperson from the Cyber Policy Office would not be drawn into stipulating how many Kiwi recruits currently function in a digital security capacity, but did say that social media is playing an important role in Defence Force comms.

“The New Zealand Defence Force Public affairs unit has been using social platforms for some time, including Facebook, YouTube and Twitter. The NZDF uses these platforms to share news, information, events, photos and videos with their communities. These social networks help to share NZDF’s story.”

In many ways, this is nothing new. Modern military organisations all over the world have regularly used the available media channels to spread their propaganda messages. The challenge today, however, is that social media isn’t quite the same as sticking a print ad of burly military man in a newspaper.

“It is a two-way-communication channel where valuable feedback from stakeholders and communities is received through their action of ‘liking,’ ‘sharing,’ ‘commenting,’ ‘retweeting’ and ‘direct messaging,’” says the spokesperson. “These communities are varied and comprise of people who may not have been reached through traditional and mass media channels.”

From the YouTube atrocities of ISIS to racist views spread by extremist politicians, social media is making it easier than ever before for organisations to spread their messages—and governments are struggling to manage and respond to the distribution of such content.

And this problem isn’t helped by the fact that Google recently admitted that so much content is uploaded to YouTube on a daily basis that it’s virtually impossible for the company to pre-screen every clip and filter out those that don’t comply with its guidelines.

This doesn’t imply that a system of censorship should be applied to social media channels. But it is problematic that the core journalistic rules—such as name suppression, right of privacy, sensitivity to families of the deceased, or accuracy of facts—don’t have quite the same manifestation in social media as what they have had in traditional media in the past.

As a corollary, this has given the public access to more information than it has ever had before, but it has also made it more challenging for the government to keep material that might be a real threat to national security or to the rights of members of public from being distributed.

And given that social media channels aren’t going anywhere, the government is essentially joining the party and using the available mediums to “tell its stories”—or, in other words, spread its propaganda.    

*All responses to questions were compiled by the National Cyber Policy Office, within the Department of Prime Minister and Cabinet, in consultation with the New Zealand Defence Force.
** The National Cyber Policy withheld this information under Section 6 (a) of the Official Information Act. 

About Author

Comments are closed.