4 minute read

National Security Strategy highlights cybersecurity as a core national security issue

A recently published Fortinet whitepaper echoes New Zealand’s new National Security Strategy’s concerns around the growing threat from malicious cyber activities.

Launched in last month, Aotearoa New Zealand’s first ever national security strategy breaks new ground in articulating a vision for navigating a dynamic security environment and the national security threats we face.

“The cyber domain is increasingly a theatre for strategic competition and profit, states Secure Together Tō Tātou Korowai Manaaki: New Zealand’s National Security Strategy 2023-2028. “The likelihood and disruptive impacts of malicious cyber activities impacting information systems, telecommunication networks, and information technology infrastructures is growing.”

Cyber security means protecting people and their computers, networks, programs, and data from unauthorised access, disruption, exploitation, or modification, states the Strategy. “Malicious cyber actors, including state and non-state actors, present a persistent threat to all New Zealanders as well as New Zealand organisations, businesses, and government.”

“Beyond the risk of cyberattacks by nation states, organised crime and even lone cyber hackers have the intent and capacity to threaten businesses and individuals,” write Glenn Maiden and Nicole Quinn, authors of Fortinet’s Government and Industry: Partnering on Cybersecurity to Strengthen Data Security whitepaper.

“The security message is clear: whatever their origin, cyber threats present substantial new risks to individuals, businesses, governments, and nations,” they state. “Developing stronger security against such threats is an essential requirement.”

National Security Threat

In addition to being listed as one of the twelve “core national security issues” identified in the National Security Strategy, cybersecurity plays a critical role across almost all of them. The four core issues of

Emerging, Critical, and Sensitive Technologies; Disinformation; Foreign Interference and Espionage; and Transnational Organised Crime, for example, are clearly issues where cybersecurity is a key component.

Importantly, cybersecurity has a clear role to play in the core national security issue of Economic Security. According to the Strategy, economic security is about “building our resilience to shocks or external pressures, with the goal of safeguarding our independence and sovereignty”, and key to this is strengthening the resilience of our critical infrastructure from cyberattack and other disruptions.

Critical infrastructure is an attractive target for cyber threats, write Maiden and Quinn, “which can be remotely delivered, such as malware arriving hidden in an email or enabled through some element of human intervention (the so-called insider threat) or by conventional military means.”

Cyber enabled disruption is not limited by geography, meaning New Zealand’s cannot rely on its relative geographic isolation. Exposed critical infrastructure is an attractive target to a financially motivated criminal in Europe. It is also a very attractive option to cause targeted disruption or manipulation by a hostile foreign power.

During covid, for example, we saw the level of intricate interconnectivity in our supply chains. We also saw how critical digital systems are to keeping our supply chains safe. A very minor cyber incident to a single component could easily cause widespread disruption. This is a compelling motive for a cybercriminal to extort a ransom or a hostile nation state wanting to make a point.

Secure Together

The Government’s ability to deliver on the National Security Strategy, state its authors, depends on working together with New Zealand society and with international partners. The bulk of cyber security capability and effort, they acknowledge, “occurs outside government, with individuals and private organisations working to protect their data, networked devices, and infrastructure.”

It’s a key point echoed in the Fortinet whitepaper. “Better cooperation between public and private entities will deliver greater visibility of threats with shared intelligence, better use of scarce cyber specialists, and better management of incident response,” state Maiden and Quinn. It’s about “working together on a shared protective mission.”

Advanced cyber defences capabilities from industry leaders like Fortinet are already installed in every industry, in nearly every country across the globe. Harnessing this “system of systems” for real time threat intelligence is a vital component to a nation’s security.

There is no silver bullet, which necessitates the bringing of a full arsenal of advanced technical capability to the forefront of our defence strategy. Many people think that a simple firewall is enough, but providers such as Fortinet have a range of technologies to protect cloud and Operations Technology (OT) environments, as well as advanced deception, endpoint and active threat reconnaissance capability.

By converging a platform of defence to every corner of the national attack surface, combined with exercised defence strategy we can significantly raise our national resilience, and minimise the impact of a cyber threat.

“Given the growth of cyber threats, it has never been more important for the New Zealand government to coordinate with a much broader group of stakeholders, partnering to protect our shared interests,” state Maiden and Quinn. “It needs to be clearly understood that securing cyber and physical infrastructure is a shared responsibility.”

This article is from: