Close this search box.

We are creating some awesome events for you. Kindly bear with us.

New Zealand announces comprehensive refresh of cybersecurity approach

New Zealand announces comprehensive refresh of cybersecurity approach

New Zealand’s Broadcasting,
Communications and Digital Media Minister Clare Curran has announced
a comprehensive refresh of the country’s approach to cyber security. 

This is being done in view of the increasing number and sophistication
of cyber threats and the opportunities for criminals and other states to gain
advantage and cause harm in New Zealand. New Zealander’s widespread use of
connected devices and the security challenges of emerging technology are
intensifying the problems. 

The National Cyber Security Centre estimates that advanced
cyber threats could potentially cause $640m harm annually to New Zealand’s
organisations of national significance.

The Ardern Coalition Government has specifically stated an aim
to close the digital divide by 2020 and it has committed to the objective of
ICT being the second largest contributor to GDP by 2025.

A modern,
responsive cyber security system would be essential for achieving
these objectives. “We must protect the information and network systems that are
vital to our economic growth, ensure the integrity and security of our
increasingly digitalised government services and make sure Kiwis can interact
online without suffering harm,” Minister Curran said.

Hence, the 2015
Cyber Security Strategy and Action Plan
is going to be refreshed in close
collaboration with the private sector and citizens. The refresh will be led by
the National Cyber Policy Office (NCPO)
within the Department of Prime Minister and Cabinet (DPMC) and involve a wide
range of government agencies.

Progress on the 2015 Cyber
Security Strategy and Action Plan

The Department of the Prime Minister and Cabinet notes that
there has been good progress to improve New Zealand’s cyber security under the
Cyber Security Strategy and Action Plan approved by Cabinet in 2015.

This includes establishment of CERT NZ in April 2017, delivery of CORTEX
malware detection and disruption services, cyber security awareness campaigns,
the first Cyber Security Summit in May 2016, Protective Security Requirements
for government agencies, work to improve the cyber security of small
businesses, a focus on building a cyber security workforce, developing NZ
Police skills to respond to cybercrime and international engagement on cyber
security issues.  

On the international front, there has been particularly
close trans-Tasman cyber cooperation, with areas highlighted annually in the
Prime Ministers’ Joint Statements. New Zealand has held two cyber dialogues
with China and one each with India and Singapore. There have also been useful
cyber security discussions with Israel, the Netherlands and Japan. Regional
cyber security is pursued through the ASEAN Regional Forum and the ASEAN
Defence Ministers Meeting (Plus).

Scope of the refresh


The refresh of the Cyber Security Strategy and Action Plan
will require collaboration across a number of Ministerial portfolios. Minister
Curran is proposing to work closely with all of the relevant Ministries to determine
the priorities and initiatives to be incorporated in a refreshed Cyber Security
Strategy and Action Plan.

A successful refresh will also involve hand-in-hand
partnership with the private sector and non-government organisations to seek
their views on “what more the government can do to improve New Zealand’s cyber

The Minister is also proposing a refresh of the Digital
Strategy to consider ways to promote a more joined-up approach to cyber
security by government agencies, in cooperation with the private sector and
non-government organisations.

The refresh provides an opportunity to look at the cyber
security roles of agencies. The Government will continue assessing whether it has
the optimal arrangements and resources for effectively addressing cyber
security efforts across government. The State Services Commission will be
closely involved if any machinery of government issues arise in this context.

Work is underway to improve the system-wide understanding
and mitigation of cyber security risks to government agencies.

The Minister also plans to explore innovative models to
achieve strong cyber security collaboration between the government and the
private sector and non-government organisations. A structured approach to
ensuring private sector engagement with the government’s work (and vice versa) through
models such as advisory boards or a cyber security council, might be one option.


The refresh will assess whether NZ Police and other agencies
have sufficient resources and appropriately trained staff to protect New
Zealanders from online crimes and deal with the challenges of emerging
technologies. Since cybercrime is a transnational issue, the opportunity
provided by the refresh will also be used to explore whether NZ Police’s
existing international links are sufficient to deliver a comprehensive response
to cybercrime.

The current Action Plan proposed that New Zealand’s policy
and legislative framework should be tested to see whether it remains fit for
the purpose of dealing with cybercrime in the digital age. This action has yet
to be completed and it will remain part of the agenda.

Work is now underway – led by the National Cyber Policy
Office and Ministry of Justice – to outline what measures might be required to
bring New Zealand’s laws and investigative processes in line with the Council
of Europe Convention on Cybercrime (known as the Budapest Convention). The Cabinet
will consider whether New Zealand should formally express interest in accession
to the Convention, and the steps towards accession.

Cybersecurity industry, research and skills

In this area, the Minister plans to focus on expanding New
Zealand’s cyber security industry, investing in cyber security research and
development, and dealing with the shortage of skilled cyber security workers.

A strong domestic cyber security sector would lift the cyber
security of New Zealand’s businesses and enhance New Zealand’s reputation as a
stable, innovative and safe environment in which to invest, find business
partners, and do research and development.

According to the proposal, the refresh of the Cyber Security
Strategy and Action Plan should also advise on the role that government should
play in addressing the security challenges arising from the Internet of Things
and other emerging technologies such as Artificial Intelligence or Quantum
computing. should include an assessment of the extent to which such
technologies are empowering criminals and malicious actors.

The Refresh process
and governance

The NCPO will establish and chair a “Cyber Security Strategy
and Action Plan Refresh Working Group” (the Working Group) including
representatives from the following agencies amongst others: GCSB (Government  Communications Security Bureau), CERT NZ, MFAT (Ministry of Foreign Affairs and
Trade), NZ Police, GCDO,
SSC and (State Services Commission).
This Working Group will engage with a broader range of other agencies.

The Working Group will work closely with government
agencies, the Chief Technology Officer, the Human Rights Commissioner, the
Privacy Commissioner, the Inspector-General of Intelligence and Security,
non-government organisations and the private sector. Engagement with the
private sector and other stakeholders can occur through the Connect Smart partnership – a
community of practice to drive improved cyber security in New Zealand – and
more widely as needed.

The NCPO will provide a report to the Minister of Broadcasting,
Communications and Digital Media with recommendations for a revised Cyber
Security Strategy and Action Plan at the beginning of July 2018.

Governance will be provided by a “Cyber Security Strategy
and Action Plan Refresh Governance Group” to ensure the refresh is conducted in
a robust and effective manner, provide executive oversight and accountability;
and advise on strategic direction. The Governance Group will include senior
representatives from DPMC (Department
of the Prime Minister and Cabinet), GCSB, MBIE
(Ministry of Business, Innovation and Employment), MFAT (Ministry of Foreign Affairs and
Trade), NZ Police, GCDO, SSC and other agencies as necessary.

The Minister will report back to the Cabinet External Relations
and Security Committee by 31 July 2018 with a revised Cyber Security Strategy
and Action Plan.

DPMC has released two documents relating to the refresh of New
Zealand’s Cyber Security Strategy and Action Plan. They can be accessed here.


Qlik’s vision is a data-literate world, where everyone can use data and analytics to improve decision-making and solve their most challenging problems. A private company, Qlik offers real-time data integration and analytics solutions, powered by Qlik Cloud, to close the gaps between data, insights and action. By transforming data into Active Intelligence, businesses can drive better decisions, improve revenue and profitability, and optimize customer relationships. Qlik serves more than 38,000 active customers in over 100 countries.


As a Titanium Black Partner of Dell Technologies, CTC Global Singapore boasts unparalleled access to resources.

Established in 1972, we bring 52 years of experience to the table, solidifying our position as a leading IT solutions provider in Singapore. With over 300 qualified IT professionals, we are dedicated to delivering integrated solutions that empower your organization in key areas such as Automation & AI, Cyber Security, App Modernization & Data Analytics, Enterprise Cloud Infrastructure, Workplace Modernization and Professional Services.

Renowned for our consulting expertise and delivering expert IT solutions, CTC Global Singapore has become the preferred IT outsourcing partner for businesses across Singapore.


Planview has one mission: to build the future of connected work. Our solutions enable organizations to connect the business from ideas to impact, empowering companies to accelerate the achievement of what matters most. Planview’s full spectrum of Portfolio Management and Work Management solutions creates an organizational focus on the strategic outcomes that matter and empowers teams to deliver their best work, no matter how they work. The comprehensive Planview platform and enterprise success model enables customers to deliver innovative, competitive products, services, and customer experiences. Headquartered in Austin, Texas, with locations around the world, Planview has more than 1,300 employees supporting 4,500 customers and 2.6 million users worldwide. For more information, visit


SIRIM is a premier industrial research and technology organisation in Malaysia, wholly-owned by the Minister​ of Finance Incorporated. With over forty years of experience and expertise, SIRIM is mandated as the machinery for research and technology development, and the national champion of quality. SIRIM has always played a major role in the development of the country’s private sector. By tapping into our expertise and knowledge base, we focus on developing new technologies and improvements in the manufacturing, technology and services sectors. We nurture Small Medium Enterprises (SME) growth with solutions for technology penetration and upgrading, making it an ideal technology partner for SMEs.


HashiCorp provides infrastructure automation software for multi-cloud environments, enabling enterprises to unlock a common cloud operating model to provision, secure, connect, and run any application on any infrastructure. HashiCorp tools allow organizations to deliver applications faster by helping enterprises transition from manual processes and ITIL practices to self-service automation and DevOps practices. 


IBM is a leading global hybrid cloud and AI, and consulting services provider, helping clients in more than 175 countries capitalize on insights from their data, streamline business processes, reduce costs and gain the competitive edge in their industries. Nearly 3,800 government and corporate entities in critical infrastructure areas such as financial services, telecommunications and healthcare rely on IBM’s hybrid cloud platform and Red Hat OpenShift to affect their digital transformations quickly, efficiently, and securely. IBM’s breakthrough innovations in AI, quantum computing, industry-specific cloud solutions and business services deliver open and flexible options to our clients. All of this is backed by IBM’s legendary commitment to trust, transparency, responsibility, inclusivity, and service. For more information, visit