Speech to Cyber Security Summit
Good morning and welcome to New Zealand’s first ever Cyber Security Summit.
It’s great to have so many business leaders from across New Zealand here in one room.
You’re here because you’re passionate about New Zealand’s economy and about keeping it safe and secure.
So am I.
Cyber incidents and attacks threaten our economy.
They can undermine our strategic and competitive advantages and cost our economy of millions of dollars each year.
This Government takes the protection of our businesses and economy from this growing threat seriously.
Businesses, both big and small, also need to accept that cybercrime poses an enormous and immediate risk to their bottom line.
A discussion about cyber security needs to happen across business, from boardrooms to the front desk.
That’s why I’m glad to see you all here today.
Our focus on cyber security is about helping to safeguard New Zealand’s economy.
It’s about making sure we remain open for business and ensuring Kiwis are safe online.
Across Cabinet we are working hard to build a stronger, more competitive economy.
New Zealand enjoys low inflation and interest rates, and an employment rate that is the envy of the developed world.
We have low debt and high economic growth.
Under our programme of responsible economic management we have seen more jobs created and higher incomes for New Zealand families.
We are an open and confident country that backs itself on the world stage.
A big part of our economic story is our investment in connectivity.
Just like running water and electricity, connectivity has become a vital piece of infrastructure for business.
We simply cannot grow and succeed in today’s digital age without it.
It means faster, more convenient ways of communicating and delivering ideas, products and services to customers.
And it means access to a hungry and wealthy global market.
A recent report claimed that if businesses properly harnessed the internet, it could add $34 billion to the New Zealand economy.
I want all New Zealanders to tap into this enormous economic potential.
That’s why our Government is investing more than $2 billion in building faster, more reliable broadband infrastructure across the country.
Our Ultra-Fast and Rural Broadband programmes are connecting our Kiwi companies with global customers.
I’d like to acknowledge Communications Minister Amy Adams for the great work she is doing in this area.
At the end of last year, 875,000 homes, schools and workplaces were able to connect to UFB.
Across the country, the build is more than 60 per cent complete – and it’s ahead of schedule and within budget.
Our Rural Broadband Initiative is making a big difference to farmers, schools, hospitals and health centres in our regional and rural communities.
Almost 280,000 rural addresses are now able to connect to speeds that were beyond reach five years ago.
As a result of our UFB and RBI programmes, internet speeds have tripled since 2008 – and are set to more than double in speed again.
But we’re not leaving it there.
We’re extending our broadband infrastructure programmes.
And we have set a bold new target so that virtually all New Zealanders will be able to access better broadband and make the most of the digital economy.
As we encourage better use of the internet, we must also ensure we have an online environment that is as safe and secure as possible.
This is important for New Zealand’s international reputation as a safe place to do business.
Our increasing reliance on networked devices and new technology is matched by the growing problem of cyber security threats.
And while we’ve worked hard to build a productive and competitive economy, cyber-attacks can bring it to a screaming halt – or worse, bring it crashing down.
There is no point in building a brand new house to then leave the front door unlocked.
Technology also provides new opportunities for those with criminal or hostile motivations.
New Zealand’s place in the South Pacific has helped keep us safe from traditional forms of attack in the past.
But our geographical isolation does not protect us from cybercrime.
Simply put, malicious cyber-attacks can be perpetrated from anywhere in the world, at any time and by anyone.
More than 856,000 New Zealanders are affected by cybercrime each year.
And a recent report put the cost of cybercrime to New Zealand at $257 million in 2015.
These are small-time attacks in the form of computer viruses and malware, credit card fraud, online scams, phishing and identity theft.
And while we are yet to experience a full-scale cyber incident like we’ve seen offshore, New Zealand is not immune to them.
Overseas these have included the likes of the cyber-attack on Sony Pictures, where company information was stolen and leaked online.
Or the hacker who stole credit card details from more than 110 million customers of the US-based Target department store.
Or the cyber attackers who shut down the power grid in the Ukraine.
These are just a few examples.
If we are to take full advantage of new technology to drive economic growth, we also need to fully understand and manage the risks.
One of the great difficulties of dealing with cyber security is the complexity of the landscape.
This is caused in part by the huge variance in the types of perpetrators attacking us, the harm they want to cause and the targets they choose to focus on.
First, the perpetrators.
In New Zealand we are dealing with state-sponsored espionage by foreign countries and organised criminal groups.
We’re attacked by extremists and terrorists, and issue-motivated activists.
Others include lone cyber hackers and disgruntled insiders.
There are multiple kinds of threats and cyber harms.
These include targeted spam or emails aimed at fraud or theft.
Malicious software to disrupt and damage systems.
And espionage for economic or strategic advantage.
These perpetrators are aiming at a range of targets.
Victims can include anyone — from individuals or small businesses that lack the capability to address these issues, right up to large corporations.
They target key industries and critical infrastructure.
Even government agencies aren’t safe.
These attacks require a comprehensive and coordinated response.
And the Government has a significant role to play.
This includes Police dealing with cybercrime, to the GCSB that are focused on advanced threats and the protection of our most important information infrastructure.
The Department of Internal Affairs is tackling spam and objectionable material, alongside the Government Chief Information Officer.
We understand it’s is not always clear where you should go if you have a cyber problem.
There is considerable overlap – and, inevitably, there are gaps.
Every day new threats are discovered and attackers find new ways of getting past our defences.
New Zealand has already done much to improve its cyber security.
In 2011 we launched our first ever Cyber Security Strategy.
We opened a National Cyber Security Centre to help defend government agencies and critical infrastructure providers against cyber threats.
We launched New Zealand’s first Cyber Security Awareness Week.
That programme has now evolved into the popular Connect Smart brand and services.
Last December, the Government refreshed our Cyber Security Strategy amid changes in technology and best practice.
The strategy was launched by Amy Adams with an action plan to address cybercrime.
Within that announcement was the Government’s intention to establish our own national Computer Emergency Response Team, or CERT, to defend businesses and infrastructure against cyber-attacks.
CERT will be a central part of New Zealand’s cyber security architecture.
It will be a focal point for the collection of reports about cyber security incidents and cybercrime.
This will be a significant step forward for New Zealand’s ability to understand the scope, scale and trends of this issue.
So today, I am announcing that as part of Budget 2016 the Government is committing $22.2 million to set up the national CERT.
This will be made up of $20 million of new operating funding over the next four years and $2.2 million of new capital.
This funding means the CERT will be fit for purpose and ready to open its doors in the first quarter of 2017.
The CERT is a key part of the national cyber security infrastructure.
It will help us to better understand the active and emerging cyber threats and cybercrime landscape.
And it will play an active role in providing up-to-date and trusted information and advice to help individuals, businesses and organisations prevent cyber incidents, and to help deal with the aftermath if an incident occurs.
The CERT will be a partnership between the government, private sector and NGOs.
International evidence has shown that for CERTs to be at their most effective they need to operate seamlessly in collaboration with the public and private sectors.
Presently, many small businesses are not aware of, or don’t have the capability to deal with cyber-attacks on their business.
The CERT will assist by working with the major sectors of the economy to ensure they have relevant and targeted information and intelligence about threats, as well as expertise for dealing with them.
This information will get to those that need it – in real-time.
It will also be the point of contact for liaising with CERTs in other countries.
Our $22.2 million investment from Budget 2016 underpins our commitment to cyber security.
It’s a concrete step towards better protecting New Zealand against cyber-attacks.
But none of this will work if it’s left up to the Government alone.
As I said earlier, businesses need to accept cyber security poses an enormous and immediate threat.
It is crucial they take steps to protect the information that is vital to their day-to-day functioning and commercial success.
The reality, too, is that it is the private sector that owns and operates the communication networks and critical national infrastructure that are the lynchpins of our economy.
Government agencies don’t have a monopoly on cyber security expertise, particularly as the technology evolves rapidly and the threats are constantly morphing.
We need to find ways to better share information and expertise between government and the private sector to address cyber security risks.
So it’s a no brainer that the government and the private sector should work together.
Businesses are the lifeblood of our economy.
A secure internet and thriving digital economy is critical to your commercial success and our economic future.
I wish you well for the rest of the summit today.