In response to the country’s recent cyber security issues, a New Zealand cloud computing platform provider has launched a new security service based on a blueprint developed in collaboration with the Government Communications Security Bureau (GCSB) to assist government agencies to protect themselves. The service aims to ensure that agencies are always compliant with all security controls.
“Any organisation that participates in the digital world must take steps to ensure that they do so in a safe and secure manner for their employees and customers,” said the country manager for the public sector.
The platform’s New Zealand country manager for the public sector said that the New Zealand Information Security Manual (NZISM) Conformance Pack would assist government agencies and New Zealand organisations in assessing the compliance of their platform’s cloud environments against more than 150 NZ Information Security Manual controls. According to him, this enabled all customers to make compliance a “continuous activity.”
Customers were strengthening their cyber security postures by shifting from point-in-time compliance to continuous assurance. To assist customers in making compliance a continuous activity, the New Zealand Information Security Manual (NZISM) Conformance Pack displayed the real-time status of their environment in a user-friendly dashboard-style report.
Several public sector agencies were engaged in developing the NZISM Conformance Pack, which was accompanied by a comprehensive training and support programme, he said. “Our world-class core infrastructure is designed to meet the security needs of governments, global banks, and other high-sensitivity organisations,” he said.
In May, the cloud company launched a security and privacy knowledge hub for customers in New Zealand and Australia to help them build knowledge, capability, and security skills by providing local information, expert advice, and practical resources. This was part of the company’s commitment to invest in education and initiatives that help customers, partners, and industry build skills to fully realise the cloud’s potential.
Recently, thousands of New Zealanders’ work was disrupted when their internet connection went down due to a cyber-attack on a major internet provider. Just after 1 pm the afternoon, an internet infrastructure provider – which operates a few other New Zealand Fibre internet connections – was hit with a DDoS attack, which then knocked its internet down for about 30 minutes. Reports from affected users came in from all over the country, but the majority came from the North Island, which included Auckland, Hamilton, and Wellington. The company confirmed the issue was caused by a DDoS attack in a statement on its website.
OpenGov Asia had also reported that the Home and Community department and the housing ministry are on the approach of implementing zero-trust security in the government of New Zealand. After COVID-19 transformed the risk profile of the company, it rapidly introduced laptops and remote access for its employees and led the Home and Community department as a member of the Government Information Security Forum. Zero trust does not replace perimeter safety but works on the presumption that an infringement has taken place. Under the model, system access requests are treated as if they came from an open network on a “never trust, always verify” basis.
Sophisticated intelligence and analytics are then deployed to detect and respond to anomalies in real-time. The Data Protection Officer, the Information Manager and the cyber security / IT security manager of the Home and Community department worked closely together to protect information that can be personally identified. In its 2022 financial year, the agency also had 21 projects under its programme, while the Home and Community Department reported to the Social Services Parliament and the community selection committee in June.
