Upload
informa-australia
View
105
Download
0
Tags:
Embed Size (px)
DESCRIPTION
Mike Seddon, Operational Security Manager, Telecom NZ, and co-founder and Chair of the New Zealand Internet Task Force (NZITF) delivered this presentation at the 2013 Corporate Cyber Security Summit. The event examined cyber threats to Australia’s private sector and focussed on solutions and counter cyber-attacks. For more information about the event, please visit the conference website http://www.informa.com.au/cybersecurityconference
Citation preview
New Zealand Internet Task Force
Building Trust at the bo2om of the world Mike Seddon NZITF Chair & Telecom NZ OperaBonal Security Manager
Improving the cyber security posture of New Zealand
Programme
• Who Am I? • New Zealand • The Birth of a Trust Group • The Early Days • Growing Up (coming out) • The Way We Work and What We Have Done • Who’s In and Who’s Out? • An Offer and InvitaKon • Q&A
• $DayJob = OperaKonal Security Manager for Telecom New Zealand
• Chair – NZITF
Who Am I?
New Zealand (Middle Earth)
New Zealand (Middle Earth)
What is the NZITF?
The New Zealand Internet Task Force is a non-‐profit with the mission of improving the cyber security posture of New Zealand
It is a collaboraBve effort based on mutual trust of it’s members
The Birth of a Trust Group
• Following BTF7 and Cyber Storm II cyber exercise in 2008 the NZ Botnet Task Force was formed
• Renamed NZITF early 2009 as the focus evolved and membership expanded
The Early Days • We started small without any big fanfare
• Coordinated by CCIP around other meeKngs
• Shoulder taps and introducKons
• Increasing acKvity levels of NZITF required the need for a Steering Commi`ee to be established in 2009
Growing Up (coming out)
• Formally Incorporated in 2011
• Membership fee structure introduced
• First adverKsed public event
NZITF Board
• Telecom NZ, Mike Seddon (Chair)
• Domain Name Commission, Barry Brailey (Vice Chair)
• Bank of New Zealand, Chester Holmes (Secretary)
• Internet NZ, Dean Pemberton (Treasurer)
• Dept. Internal Affairs, Toni Demetriou
• Vodafone, Steve MarKn
• PWC, Adrian van Hest
What has the NZITF done?
• CoordinaKng technical training • Targeted Threat Workshop • Security Architecture training • Wireless Security Training course • Team Cymru Botnet Forensics
• Honeynet Project and Shadowsever Botnet Defense/Offence courses
• CSIRT introducKon • Open Source Intelligence • Windows Reverse Engineering
What has the NZITF done?
• Support industry and community iniKaKves
• Graduate secondments into industry
• Support research iniKaKves
The Way We Work • Members are nominated and vouched on
• Traffic Light Protocol
• MeeKngs
• Training
• Working Groups
Current NZITF IniBaBves
• NZITF working groups • CREST NZ • Cyber Security Surveying • Cyber Exercising Framework
• Botnet/Malware
• Judiciary Outreach • TRUST.nz • Responsible Disclosure
CREST NZ
• The NZITF set up working group to establish CREST NZ Council of Registered Ethical Security Testers
• No professional voice or representaKon for the penetraKon tesKng industry
• Lack of educaKon and training courses • Skill set shortage in New Zealand • Growing internaKonal cerKficaKon • CREST Australia is now up and running
NaKonal Exercising Framework
• Exercising tests and improves the levels of preparedness for a significant cyber incident
• Develop a framework and schedule for conducKng cyber exercises:
• Scenario Discussions • Table Top Exercises (TTX) • CommunicaKons Checks • NaKonal and InternaKonal Full Play Exercises
Cyber Security Survey
• Limited NZ metrics for decision makers • Want to provide insight into: • Cyber security posture of New Zealand • Impact/cost of cyber crime to New Zealand • What future resources New Zealand requires
• Survey to provide feedback to parKcipants • Conduct annually if valuable
Botnet/Malware
• Assess current NZ infecKon rates • IdenKfy exisKng data sources of botnet infecKons and compromised New Zealand based websites
• Recommend which potenKal miKgaKons would be effecKve in New Zealand and the stakeholders for each
• IdenKfy possible technical and policy based miKgaKons
Judiciary Outreach
• Extending a hand of support and experKse to NZ Judiciary
• Breadth of NZITF membership to draw from
• Training opportuniKes • Expert witnesses
Who’s In and Who’s Out?
An Offer
Improving the cyber security posture of New Zealand