• Home
• ICT
• Digital Technology
• Security and Confidence
• Strategic Consideration
• Discussion Paper
• Priority Areas ...

• Digital Technology

• Security and Confidence

• Strategic Consideration

• Discussion Paper
• Media Statements

36. The outline and discussion of the above issues concerning ICT security and confidence is for the purpose of promoting feedback and discussion on the priority areas for further work for government in terms of both government-led actions and the actions of business and users which can be supported by government. In some areas work is already being undertaken to address the implications of new technologies from a security and confidence perspective but in other areas there are clear gaps that need to be addressed. There is also a need for agreement on which agencies should have primary responsibility for new issues and which agencies have an interest.

37. One of the concerns that arises from an analysis of ICT security and confidence issues is that while there is informal liaison and cooperation between various agencies there is a lack of formal coordination and strategic oversight of the work of the many different government and non-government agencies that are involved in this area. Accordingly one issue that may need examining is whether or not there is a need for a dedicated group which carries out this function.

38. Areas for further work would appear to include the following:

• Reviewing the need for the establishment of a national computer emergency response team (CERT) and a mechanism for anonymous reporting of security incidents;
• Reviewing the consistency of New Zealand's cyber-security laws with international laws;
• The development and application of security standards for ICT infrastructure;
• The promotion of ICT network and systems security within businesses, including educating staff on good workplace practices;
• Professional and technical education requirements to support ICT security and safety;
• The review of InternetNZ policies concerning the registration of domain names and whether there is a need for it and the Government to establish a more formal relationship regarding Internet management issues;
• A review of threats to information security and individual privacy from developments in information and communications technologies, including consideration of the issues of spyware, identity theft and internet banking security;
• The promotion of ICT safety/security awareness;
• The establishment of a specialist unit or units in the police to investigate cyber-crime and safety issues arising from information and communication technologies;
• Consideration of data retention obligations on telecommunications and Internet service providers to assist criminal investigations;
• Consideration of the need for minimum security requirements to apply to ICT devices;
• The education and support of police, judges and lawyers on the methods and consequences of cyber-crime and abuse of ICT services;
• The development of an initiative aimed at scanning computers for compromise and vulnerability and seeking the assistance of ISPs in taking action to address this;
• The review of court and dispute resolution processes to take account of the different nature of e-commerce compared to ordinary commercial dealings;
• The review of the responsibilities of online publishers for compliance issues involved in the sale of products facilitated by their sites, such as product safety;
• Reviewing what legal obligations regarding content safety should apply to Internet service providers and other providers of digital content services.