Griffin on Tech: Cybersecurity shake-up and a dearth of digital policies
This week started with a bang, as Kiri Allan drove her electric car into the back of a black ute, thus upturning her political career, and quite possibly, Labour’s election prospects.
We are seeing the ideological lines along which that election will be fought with tax policy, law and order, health, and education, predictably dominating the agenda. Interest.co.nz has helpfully tried to gather together the political parties’ policy positions on everything from ACC to youth justice.
But the policy statements are still thin on the ground as the parties save their powder until closer to election day. When it comes to the digital economy, innovation, and transitioning to a knowledge economy with more higher-paying jobs, and lower-emitting businesses, there’s a disappointing dearth of policy pledges so far.
National’s promise to overhaul biosecurity legislation to stimulate innovation in gene editing technology was well-received, but it's the minor parties leading with ideas in tech-related areas.
Cash for Māori STEM initiatives
Te Pāti Māori plans to “establish a $276m fund to ramp up the work of STEM and STEAM academies, such as the Pūhoro STEM Academy,” a policy pledge that wouldn’t be too hard to get across the line if Labour looks for the party’s support to form the next Government.
The Green Party will offer “free vocational training and redeployment opportunities for those in high-emission industries to enable a transition to climate-safe work”. It’s unclear what exactly the Greens have in mind, but they’d be foolish to ignore the opportunities in the tech sector, which continues to deal with a pronounced talent shortage, despite the slowdown in tech-related job advertisements.
One area where it would be good to see some fresh ideas floated, is in the area of cybersecurity, which many other countries have heavily invested in as they see it as an increasingly urgent national priority.
Andrew Little, the minister responsible for the Government Communications Security Bureau and the New Zealand Security Intelligence Service, confirmed his decision to bundle cybersecurity support agency CERT NZ into the National Cyber Security Centre, within GCSB.
That’s been met with dismay by many business people, cybersecurity professionals, and InternetNZ, which wrote to Little in May outlining its concerns about the move. In essence, it comes down to trust, and the potential erosion of trust that would result in moving CERT from MBIE to an intelligence and security agency.
“Some communities may not feel safe to engage with a CERT that is a department or function of the GCSB. There is clear evidence that Māori in particular do not trust the security intelligence functions of government,” InternetNZ pointed out.
Focus on the big end of town
Rick Shera, who was a founding CERT NZ board member, and is a partner at IT law firm Lowndes Jordan voiced his own concerns on LinkedIn this week.
“I think it inevitable that a CERT inside the Government security apparatus will be biased towards the “big end of town” and effectively foresake individual scam triage,” he wrote.
“The multiple references to Five Eyes in the supporting paper from the advisory group that recommended the takeover seem to me to underline this. In contrast, hardly any reference to Netsafe which handles consumer level scam triage on a daily basis.”
That advisory group wanted to tackle a genuine problem, frustrations over a fragmented approach to dealing with cybersecurity issues. They wanted one ‘front door’ for businesses and consumers to knock on. That indeed leaves a question mark over the future of Netsafe.
But I’m ambivalent about where CERT NZ sits. The new structure mirrors that of Australia’s emergency response team, which sits within the Australian Signals Directorate. There’s some logic in having all of this expertise in one place. The test will be whether that perceived lack of trust is reflected in engagement with CERT moving forward. Whoever is in government needs to check in on progress regularly and be transparent in its reporting of how businesses and consumers are using this service.
What I’d rather see is a decent funding commitment to growing national-level cybersecurity capabilities. We’ve underspent in this area relative to other countries. Australia is investing heavily in a cybersecurity workforce, and collaborating with the US and the UK on cutting-edge cyber capabilities via Pillar 2 of its AUKUS deal. The door is open to New Zealand to join that, which would give us a seat at the table in accessing and co-developing technologies related to AI, quantum computing, and cyber tools.
You won’t hear much, if anything, about that in the run-up to the election. But effective cybersecurity is vitally important to our country’s future. We shouldn’t wait for another major cyber incident to happen, to finally see it put on the political agenda.