3 minute read

Protecting New Zealand’s critical infrastructure from attack

A recently published Fortinet whitepaper highlights the need to protect New Zealand’s critical infrastructure from “grey zone” threats as global tensions heighten and a new Cold War sets in.

Amid conflict in Ukraine and escalating geopolitical tensions, the new reality of hybrid warfare means that geopolitics and cybersecurity are now inextricably linked. According to the authors of Fortinet whitepaper Government and Industry: Partnering on Cybersecurity to Strengthen Data Security, this leaves New Zealand’s critical services unprecedentedly vulnerable.

“While there is no single definition of hybrid warfare, the term shows that countries can advance strategic aims by military and non-military means as well as additional tools of influence, coercion, and interference,” write Glenn Maiden and Nicole Quinn.

“Attacking a country’s critical infrastructure, such as power grid, ports, airports, hospitals and communications systems can do profound damage to national resilience.”

It’s a threat highlighted in New Zealand’s Defence Assessment 2021 in terms of ‘grey zone’ activities. “By undertaking grey zone campaigns,” notes the Assessment, “states can deploy a wide range of tools of statecraft to pursue their objectives – including incrementally and/or opportunistically – while avoiding or mitigating international responses.”

Weaponised Cyberspace

Russia’s continuing invasion of Ukraine shows how cyber technology is now a central and increasingly effective component of modern warfare, state Maiden and Quinn.

“Moscow has sought to disable Ukrainian IT networks, attacked critical infrastructure, and sought to disrupt the command-and-control systems of the Ukrainian military.”

According to New Zealand’s Cyber Security Strategy 2019, state-sponsored cyber operations are increasingly frequent, with more governments openly developing offensive cyber capabilities to steal sensitive commercial information, disrupt critical systems and interfere with democratic processes.

With cyber weapons being deployed by states and organised criminal groups, enterprise security and risk cannot be managed solely by CISOs and their teams, write Maiden and Quinn. “Everyone from individual employees to top management, customers, and supply chain partners must help to contain cyber risks.”

Critical infrastructure

In addition to a heavily contested South China Sea, competition for influence in the Pacific and Indian

Oceans, increasing strain on global supply chains, and the impacts of climate change, Maiden and Quinn cite ageing critical infrastructure –and ageing operational technology (OT) systems in particular – as a key exposure.

It’s an exposure highlighted by a discussion document on enhancing the resilience of New Zealand’s critical infrastructure that’s just been released by the New Zealand Department of Prime Minister & Cabinet.

The document, which stems from the Government’s response to Rautaki Hanganga o Aotearoa –New Zealand Infrastructure Strategy 2022-2052, identifies “a pressing need to boost the resilience of our critical infrastructure system.”

It lists the deteriorating national security environment, along with climate change, economic fragmentation, and rapid technological change, as a global megatrend heightening the risk of infrastructure failure.

“New Zealand faces a deteriorating national security environment,” states the document, “and our critical infrastructure system is an attractive target for espionage, sabotage, cyberattacks, and other types of interference.

A global cybersecurity leader with deep experience in protecting OT, Fortinet helps governments and businesses better understand and defend against cyber threats. Click here to download the whitepaper.

This article is from: