Keeping New Zealand s Economy Cyber Secure

Transcription

1 Keeping New Zealand s Economy Cyber Secure CYBER SECURITY SUMMIT 5 May 2016

2 MINISTERIAL FOREWORD Kia ora and welcome to New Zealand s first ever Cyber Security Summit. We can all agree that cyber security is critical to our nation s economic prosperity. Since the Government launched our refreshed Cyber Security Strategy in December, the business community s level of awareness of, and interest in, cyber threats has continued to grow. From the boardroom to the front desk, businesses are rightly identifying cyber security as a key issue for them. Almost $257 million was lost to cybercrime in the past year, affecting around 856,000 New Zealanders 1. But this is just the tip of the iceberg. As we further embrace the digital era, the complexity and sophistication of cyber threats will continue to grow. While we re all cognisant of the harm cyber-attacks can cause, how we should respond isn t always clear. New Zealand s inaugural Cyber Security Summit is about bringing together our top business and government leaders to kick-start an important discussion about how we keep our economy cyber secure. At the moment it may not be obvious who does what or where to go when you face an issue. There are considerable overlaps and gaps. The Government also accepts that we don t have all the answers and can t solve this in isolation. What is evident is that we need a joined up response the private and public sectors working together to share information and expertise. The Summit is an opportunity for chairs and chief executives from across New Zealand to continue the conversation around how as a country we tackle the threat of cybercrime, and improve our resilience and security in this increasingly digital age. I m sure you ll find the summit informative and provocative. We ve drawn on expertise and insights from across the world and attendees will hear first-hand from our Prime Minister John Key on how the Government is beefing up our cyber security architecture to keep New Zealanders safe. Thank you for partaking in this important discussion. Your attendance speaks to how seriously New Zealand is taking this issue. I look forward to an interesting and robust discussion throughout the day. Hon Amy Adams Minister for Communications Protect yourself online The Connect Smart partnership is a public-private collaboration focused on driving cyber security improvement in New Zealand. All New Zealanders will benefit if we can unlock the potential of the internet by using it in a safe and secure way. Facilitators FRANCES VALINTINE Founder, The Mind Lab by Unitec, Education Futurist Frances Valintine is an education futurist, committed to shifting education practice, policy and understanding to contextualise it within a contemporary global environment. Frances has been an active leader in education for more than 20 years, founding the Media Design School in In 2013, Frances established The Mind Lab, later The Mind Lab by Unitec. Frances holds a range of governance roles and is on the board of Callaghan Innovation, Education New Zealand, NZ Tech, New Zealand Game Developers Association, Auckland Screen and Digital Content, Santa Fe University of Art & Design and Talentnomics, Washington DC. She is also a member of the Ministry of Business, Innovation & Employment s Small Business Development Group and Global Women. PAUL ASH Director, National Cyber Policy Office, Department of Prime Minister and Cabinet The National Cyber Policy Office (NCPO) coordinates and leads the development and implementation of New Zealand cyber security policy. Paul has led the NCPO since it was established in July Paul was previously a career diplomat, most recently Deputy Head of Mission in Brussels from 2008 to Paul has also had postings to Honiara, Beijing and Taipei, and has worked in the International Security and Disarmament, Pacific, United Nations and Human Rights, and Development divisions of MFAT in Wellington. 1 Norton Cybersecurity Insights Report, November 2015:

3 CYBERSECURITY a public private partnership NEW ZEALAND BUSINESSES RELY ON THE INTERNET EVERYDAY 96 % OF NEW ZEALAND BUSINESSES have access to the Internet 1 90 % OF NEW ZEALAND BUSINESSES are using the Internet for finance, largely online banking 1 WHAT S AT STAKE FOR NEW ZEALAND? $34 billion COULD BE ADDED TO THE NEW ZEALAND ECONOMY if businesses made more effective use of the Internet million MOBILE PHONES ARE CONNECTED TO THE INTERNET 86 active connections for every 100 New Zealanders 3 Only 23% of boards of directors ACTIVELY PARTICIPATE IN SECURITY POLICY 2 AS A RANSOMWARE TARGET, New Zealand ranked 4th in the Asia Pacific and 21st globally with an average of 108 ransomware attacks per day 4 FOUR INTERSECTING GOALS TO ACHIEVE CYBER SECURITY CYBER RESILIENCE New Zealand s information infrastructures can resist cyber threats and we have the tools to protect our national interests CYBER CAPABILITY New Zealand businesses, and government agencies understand cyber threats and have the capability to protect themselves ADDRESSING CYBERCRIME New Zealand improves its ability to prevent, investigate and respond to cybercrime INTERNATIONAL COOPERATION New Zealand protects and advances its interests on cyberspace issues internationally 1 The Value of Internet Services to New Zealand Businesses, 31 March 2014: 2 PwC Global State of Information Security Survey 2016, October 2015: 3 Internet Service Provider Survey, October 2015: 4 Internet Security Threat Report, April 2016:

4 SUMMIT PROGRAMME 8.15AM 9.00AM Registration CYBER SECURITY SUMMIT OPENING SESSION 9.00AM 9.20AM Welcome by Paul Ash, Director of the National Cyber Policy Office, Department of the Prime Minister and Cabinet Address by the Prime Minister, Rt Hon John Key Keeping New Zealand s Economy Cyber Secure KEYNOTE SPEECHES 9.20AM 9.45AM 9.45AM 10.15AM 10.15AM 10.30AM Jim Lewis, Senior Vice President and Program Director, Center for Strategic and International Studies (CSIS) Matt Thomlinson, Vice President of Security, Microsoft Morning tea SESSION 1: WHAT S AT STAKE FOR NEW ZEALAND? UNDERSTANDING THE OPPORTUNITIES AND THREATS 10.30AM 11.15AM Achieving the vision of a secure, resilient and prosperous online New Zealand means that individuals are protected online and New Zealand s businesses can function, grow and innovate. Cyber security has the potential to be used as a point of positive, competitive advantage internationally. New Zealand s Cyber Security Strategy, December 2015 Panel discussion facilitated by Frances Valintine, Founder Tech Futures Lab; Founder and Chair of The Mind Lab by Unitec Major General (Ret) Earl D Matthews, Vice President, Enterprise Security Solutions, Hewlett Packard Enterprise Services, U.S. Public Sector Lillian Grace, Chief Executive, Figure.NZ Dr Patrick Strange, Chair Chorus; former Chief Executive Transpower Steve Glynn, Chief Information Security Officer, ANZ Bank KEYNOTE SPEECH 11.15AM 11.45AM Richard Bejtlich, Chief Security Strategist, FireEye, Non-resident Senior Fellow, The Brookings Institution MINISTERIAL ADDRESS 11.45AM MIDDAY Address by Minister for Communications, Hon Amy Adams SESSION 2: A CALL TO ACTION: MAKING NEW ZEALAND SECURE, RESILIENT AND PROSPEROUS ONLINE MIDDAY 12.45PM The government has a role to play in cyber security but not on its own. Close partnerships with the private sector and non-government organisations are required. Businesses drive the New Zealand economy and depend on the Internet and networked technology. They must protect the information that is critical to their commercial success. The private sector owns and operates the telecommunications systems. The private sector and technical community also have considerable cyber security expertise. New Zealand s Cyber Security Strategy, December 2015 Panel discussion facilitated by Frances Valintine, Founder Tech Futures Lab; Founder and Chair of The Mind Lab by Unitec Dr Rick Ede, Chief Executive, Unitec Institute of Technology Jo Healey, Chief Executive, Dimension Data Major General Stephen Day, former head of the Australian Cyber Security Centre Rick Shera, Partner Lowndes Jordan (IT/IP specialist); Chair of NetSafe; Director, Network for Learning SESSION 3: WHAT ARE THE ODDS OF GETTING HACKED? 12.45PM 1.00PM 1.00PM 1.45PM John Allen, Chief Executive, NZ Racing Board Networking lunch

5 #CYBERNZ16 SESSION 4: SUMMING UP THE KEY ISSUES FOR NEW ZEALAND 1.45PM 2.30PM Paul Ash, Director of the National Cyber Policy Office, Department of the Prime Minister and Cabinet, welcomes participants to the afternoon sessions The panel sums up the key messages from the morning s discussions. Richard Salgado, Global Director of Information Security, Google David Havercroft, Chief Operating Officer, Spark Kendra Ross, Co-Founder, Duo NZ, 1stTuesday and isanz Jordan Carter, Chief Executive, Internet NZ Toby Gee, Special Counsel, Minter Ellison Tony Wilson, Head of Information Security, BNZ WORKSHOPS 1 & PM 3.15PM 3.15PM 3.30PM WORKSHOPS 3 & PM 4.15PM WORKSHOP 1: CLOSING THE CYBER SECURITY SKILLS GAP New Zealand s cyber security expertise needs to grow so that businesses and organisations can source the technical staff required to carry out ICT security. At the same time, the education and training system should produce ICT users at all levels with the skills to put in place basic cyber hygiene practices. Facilitator: David Eaton, Chief Technology Officer (NZ), Hewlett Packard Enterprise (NZ) Afternoon tea WORKSHOP 3: MAKING A DIFFERENCE TO THE CYBER SECURITY OF SMALL BUSINESSES Small and medium enterprises (SMEs) play a huge role in New Zealand s economic growth; it is important that they are equipped to protect their business information... A new cyber credentials scheme is proposed for SMEs. The scheme will promote to the SME audience the core actions that, if implemented properly, can make a big difference to their cyber security. Facilitator: Ken Wallace, New Zealand practice leader for Technology Risk and Assurance, EY Introductory comments: Minister for Small Business, Hon Craig Foss WORKSHOP 2: BUILDING A CERT It is proposed that a national CERT be established. This institution would act as a central reporting mechanism for the full range of cyber incidents, triaging incident response to the relevant separate organisation and ensuring technical advice gets to the organisations that need it in real-time. Facilitator: Kirk Hope, Chief Executive, Business New Zealand WORKSHOP 4: CONNECTING SMART AND PREVENTING CYBERCRIME Achieving [the Cyber Capability] goal means that New Zealanders at all levels will have the skills and tools to protect themselves online, making it harder for malicious cyber actors to steal private data, identity information or cause damage to information systems. Prevention first is at the heart of our approach to cybercrime giving New Zealanders the tools to change their online behaviour. Facilitator: Kevin McDonald, Chief Risk Officer, ASB WRAP-UP: KEY OUTCOMES FROM THE FOUR WORKSHOPS 4.15PM 5.00PM 5.00PM 6.30PM The four facilitators sum up the key messages from the workshops. David Eaton, Chief Technology Officer (NZ), Hewlett Packard Enterprise (NZ) Kirk Hope, Chief Executive, Business New Zealand Ken Wallace, New Zealand practice leader for Technology Risk and Assurance, EY Kevin McDonald, Chief Risk Officer, ASB Networking drinks

6 INTERNATIONAL KEYNOTE SPEAKERS Jim Lewis SENIOR VICE PRESIDENT AND PROGRAM DIRECTOR, CENTER FOR STRATEGIC AND INTERNATIONAL STUDIES Matt Thomlinson GLOBAL VICE-PRESIDENT OF SECURITY, MICROSOFT Richard Bejtlich CHIEF SECURITY STRATEGIST, FIREEYE Jim Lewis is an acknowledged international expert and researcher on cyber security. He is currently a Senior Fellow and Program Director at the Center for Strategic and International Studies (CSIS) and directs its Technology Programme. Before joining CSIS, he worked at the Departments of State and Commerce as a Foreign Service Officer and as a member of the Senior Executive Service. His government experience includes work on politico-military assignments. He helped to develop initial US policies for Internet security and encryption. Since moving to CSIS, Lewis has authored more than 100 publications. His recent work focuses on cybersecurity, including Securing Cyberspace for the 44th Presidency, the best-selling report whose contributions to US policy were publically recognised by the White House. Lewis current research examines Internet sovereignty, cybersecurity, warfare, strategy, and technological change. He received his Ph.D. from the University of Chicago. Matt Thomlinson is Vice President, Cloud and Enterprise Security. He leads the organization responsible for Microsoft s security response, innovative security solutions for customer protection, and cyber threat intelligence. Matt s career spans more than 20 years at Microsoft where he has contributed to a number of security technologies. He is a 5-year board member and former chairman of NIST s Information Security & Privacy Advisory Board (ISPAB). In 2014, Matt was recognized as a Federal 100 winner for his work to secure the US federal government, and a 2015 Computerworld Premier 100 IT Leader. He is the inventor or co-inventor of over 20 patents on technologies ranging from secure secret storage and random number generators, to various vulnerability mitigation techniques. He holds both Master s and Bachelor s degrees in Electrical Engineering from the University of Washington. Richard Bejtlich is Chief Security Strategist at FireEye, and was Mandiant s Chief Security Officer when FireEye acquired Mandiant in He is a non-resident senior fellow at the Brookings Institution and an advisor to Threat Stack, Sqrrl, and Critical Stack. Richard was previously Director of Incident Response for General Electric, where he built and led the 40-member GE Computer Incident Response Team (GE-CIRT). Richard began his digital security career as a military intelligence officer in 1997 at the Air Force Computer Emergency Response Team (AFCERT), Air Force Information Warfare Center (AFIWC), and Air Intelligence Agency (AIA). Richard is a graduate of Harvard University and the United States Air Force Academy. He has a Bachelor of Science in History and a Bachelor of Science in Political Science from the United States Air Force Academy, and a Master of Public Policy from Harvard University. SPONSORS TERABYTE KILOBYTE BYTE