AUCKLAND, New Zealand, June 13 (UPI)
The New Zealand government will put a much greater emphasis on security and privacy when it comes to buying and setting up publicly accessible communication systems.
"New Zealanders expect government agencies will be doing everything they can to ensure the integrity of public sector ICT [information and communication technology] systems," State Services Minister Jonathan Coleman said.
"We expect every public service department and agency to comply fully with the agreed plan of action."
Coleman's statement comes in the wake of a review by Colin MacDonald, head of the Government Chief Information Office.
MacDonald's review examined the government's publicly accessible ICT systems, many of which are available at places such as kiosks and include WiFi networks and Web services.
He found privacy and security processes within many government agencies were underdeveloped and relied too much on the skills and capabilities of staff and suppliers rather than embedded programs and safety features.
The GCIO review covered 215 publicly accessible information systems across 70 government agencies.
It found 12 agencies had a weak point in the security of one of their publicly accessible systems. These issues were resolved quickly and there is no evidence of any actual privacy breach, the report said.
The government said it received MacDonald's report in December but delayed releasing the document.
Instead, the State Services Commission and the GCIO were given time to develop a work program to address the issues raised in the report before making it public.
"The public release of the GCIO's review was delayed to enable testing within these 12 agencies to ensure there were no further weak points," Internal Affairs Minister Chris Tremain said.
"Naming agencies can make them a target for hackers and we didn't want to put these systems at risk from cyber-attacks."
A recent report by NZ Television's 3 News said information from the country's intelligence agency Government Communications Security Bureau showed there were 134 significant cyberattacks last year, up from 90 attacks in 2011.
The government was the target of 21 of the attacks while 63 were against private companies.
Eight attacks were against infrastructure organizations including banks and phone companies. Some of the 42 other incidents were against individual New Zealanders.
Forty-two of the 134 attacks originated within New Zealand, 80 came from overseas and in 12 cases, the origin was unknown.
The actual numbers of serious attacks, whether successful or not, may never be known because not all cybercrime is reported to the GCSB, 3 News reported.
In some cases, the organization or government agency may not know it was attacked.
The GCSB refused to confirm how many of the attacks came from China or how many of them were successful, 3 News said.
On an individual level, a report by the U.S. global security company Symantec found 16 percent of New Zealanders were victims of mobile or social cybercrime in 2012.
Many of the attacks were initiated through malware masquerading as legitimate apps, with mobile malware growing by 58 percent since 2012, the New Zealand Herald reported last month.