{"id":87096,"date":"2024-05-22T11:00:31","date_gmt":"2024-05-22T01:00:31","guid":{"rendered":"https:\/\/www.aspistrategist.ru\/?p=87096"},"modified":"2024-05-22T09:43:48","modified_gmt":"2024-05-21T23:43:48","slug":"australia-and-new-zealand-need-an-anzac-cyber-incident-review-board","status":"publish","type":"post","link":"https:\/\/www.aspistrategist.ru\/australia-and-new-zealand-need-an-anzac-cyber-incident-review-board\/","title":{"rendered":"Australia and New Zealand need an Anzac cyber incident review board"},"content":{"rendered":"<figure><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"683\" class=\"alignnone size-full wp-image-87099\" src=\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2024\/05\/GettyImages-2153607066.jpg\" srcset=\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2024\/05\/GettyImages-2153607066.jpg 1024w, https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2024\/05\/GettyImages-2153607066-205x137.jpg 205w, https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2024\/05\/GettyImages-2153607066-768x512.jpg 768w, https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2024\/05\/GettyImages-2153607066-332x221.jpg 332w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n<p>Many cyber attacks now straddle the Tasman Sea, such as last year&#8217;s data breach against Latitude, an Australian financial services provider, which affected more than 14 million people across Australia and New Zealand. As both nations focus on how to recover better from such large-scale incidents, they should combine their efforts by setting up an Anzac cyber incident review board.<\/p>\n<p>A joint board would have several key functions enhancing the cybersecurity posture of both nations. It would review technical details of an incident, its root cause, actions taken by industry and government, effectiveness of coordination between stakeholders during a response, and the impacts on the affected entity, sector, and communities in both nations.<\/p>\n<p>Upon completion of a review, findings and best practices learnings could be made public through a report to enhance collective cyber security and help prevent recurrences.<\/p>\n<p>A joint board, unlike two national ones, would have the strength of the shared resources and expertise of Australia and New Zealand. Having just one board for both countries would also help industry, which would not have to engage with two reviews about a single incident.<\/p>\n<p>Seamless trans-Tasman cooperation on cybersecurity is a stated priority. New Zealand Prime Minister Chris Hipkins and Australian Prime Minister Anthony Albanese emphasised \u2018the importance of both countries continuing to work together to strengthen cyber security and rules and norms in cyberspace\u2019 at their annual meeting in May 2023.<\/p>\n<p>The two nations have a long history of creating trans-Tasman institutions to confront national security threats. A prime example is the Australia-New Zealand Counter-Terrorism Committee (ANZCTC), which promotes cooperation among law enforcement and policy officials in both countries. It played a pivotal role in helping Australian officials understand the challenges faced by their New Zealand counterparts after the 2019 Christchurch massacre. Now it&#8217;s time to build on the institutional framework of ANZCTC to create a joint cybersecurity taskforce.<\/p>\n<p>Setting up a joint cyber incident review board would formalise collaboration that Australia and New Zealand already have. After the Latitude data breach, the Office of the Australian Information Commissioner (OAIC) and the New Zealand Office of the Privacy Commissioner (OPC) launched a joint investigation into the company\u2019s practices in handling personal information. As a joint investigation, it will efficiently exploit both agencies\u2019 resources and maybe reduce the regulatory effect on Latitude. Importantly, it won\u2019t preclude the OAIC and OPC from reaching separate regulatory outcomes or making separate decisions on regulatory responses.<\/p>\n<p>In any new institution that confronts digital risks, a genuine partnership model with industry must be built in. Both Canberra and Wellington are trying to adapt national institutions and frameworks, or even design them from scratch, but the issue can&#8217;t be solved through government actions alone.<\/p>\n<p>Australia is further along in the process of collaborating with industry on cyber risk. Its <a href=\"https:\/\/www.homeaffairs.gov.au\/about-us\/our-portfolios\/cyber-security\/strategy\/2023-2030-australian-cyber-security-strategy\" target=\"_blank\" rel=\"noopener\">2023\u20132030 Cyber Security Strategy<\/a> seeks to re-shape public-private partnership, and one of its aims is to create a cyber incident review board. The board would deliver no-fault, no-liability reports on cyber incidents following investigations conducted by government in conjunction with industry, similar to the United States&#8217; <a href=\"https:\/\/www.cisa.gov\/resources-tools\/groups\/cyber-safety-review-board-csrb\" target=\"_blank\" rel=\"noopener\">Cyber Safety Review Board<\/a>. The US version is made up of government and private sector members and sends recommendations directly to the Secretary of Homeland Security and the President.<\/p>\n<p>Exactly what authority Australia&#8217;s review board would have\u2014for example, whether it could compel companies, through subpoena, to provide information for an investigation\u2014is being decided following a recent consultation with the public and industry.<\/p>\n<p>As New Zealand considers an update to its 2019 Cyber Security Strategy, it should explore how the Australian model could be translated. New Zealand officials should engage with the results from Australia\u2019s public consultation process and envisage a new approach to industry partnership.<\/p>\n<p>A joint board between Australia and New Zealand would not apportion blame or recommend liability against any company. Instead, it would focus on lessons learned and provide non-binding recommendations to the public. Additionally, if a significant incident were to affect Australia and not New Zealand, representatives from New Zealand could be observers rather than active reviewers. As observers, they could still draw lessons from an incident.<\/p>\n<p>In addition to establishing a smooth collaboration across the Tasman, an Anzac cyber incident review board would be a valuable resource for the broader region. In particular, it would be an asset for the Pacific Cyber Security Operational Network (PaCSON), which brings together government-designated cybersecurity incident response officials from across the Pacific. Australian and Kiwi officials could stand together at future PacSON meetings to offer updates and joint recommendations.<\/p>\n<p>The time is right to modernise tran-Tasman cooperation on cyber security and to digitise the Anzac spirit to tackle cyber threats together.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Many cyber attacks now straddle the Tasman Sea, such as last year&#8217;s data breach against Latitude, an Australian financial services provider, which affected more than 14 million people across Australia and New Zealand. As both &#8230;<\/p>\n","protected":false},"author":1983,"featured_media":87099,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_mi_skip_tracking":false,"footnotes":""},"categories":[1],"tags":[17,169,95,73],"class_list":["post-87096","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-general","tag-australia","tag-cyber-crime","tag-cyber-security","tag-new-zealand"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v19.3 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Australia and New Zealand need an Anzac cyber incident review board | The Strategist<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.aspistrategist.ru\/australia-and-new-zealand-need-an-anzac-cyber-incident-review-board\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Australia and New Zealand need an Anzac cyber incident review board | The Strategist\" \/>\n<meta property=\"og:description\" content=\"Many cyber attacks now straddle the Tasman Sea, such as last year&#8217;s data breach against Latitude, an Australian financial services provider, which affected more than 14 million people across Australia and New Zealand. As both ...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.aspistrategist.ru\/australia-and-new-zealand-need-an-anzac-cyber-incident-review-board\/\" \/>\n<meta property=\"og:site_name\" content=\"The Strategist\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/ASPI.org\" \/>\n<meta property=\"article:published_time\" content=\"2024-05-22T01:00:31+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-05-21T23:43:48+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2024\/05\/GettyImages-2153607066.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1024\" \/>\n\t<meta property=\"og:image:height\" content=\"683\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Adam Dobell\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@ASPI_org\" \/>\n<meta name=\"twitter:site\" content=\"@ASPI_org\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Adam Dobell\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.aspistrategist.ru\/#website\",\"url\":\"https:\/\/www.aspistrategist.ru\/\",\"name\":\"The Strategist\",\"description\":\"ASPI&#039;s analysis and commentary site\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.aspistrategist.ru\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-AU\"},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-AU\",\"@id\":\"https:\/\/www.aspistrategist.ru\/australia-and-new-zealand-need-an-anzac-cyber-incident-review-board\/#primaryimage\",\"url\":\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2024\/05\/GettyImages-2153607066.jpg\",\"contentUrl\":\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2024\/05\/GettyImages-2153607066.jpg\",\"width\":1024,\"height\":683,\"caption\":\"KOBE, JAPAN - MAY 19: Gold medalist William Stedman (R) of New Zealand and silver medalist James Turner (L) of Australia pose after competing in the Men's 400m T36 final during day three of the World Para Athletics Championships Kobe at Kobe Universiade Memorial Stadium on May 19, 2024 in Kobe, Hyogo, Japan. (Photo by Paul Miller\/Getty Images)\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.aspistrategist.ru\/australia-and-new-zealand-need-an-anzac-cyber-incident-review-board\/\",\"url\":\"https:\/\/www.aspistrategist.ru\/australia-and-new-zealand-need-an-anzac-cyber-incident-review-board\/\",\"name\":\"Australia and New Zealand need an Anzac cyber incident review board | The Strategist\",\"isPartOf\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/australia-and-new-zealand-need-an-anzac-cyber-incident-review-board\/#primaryimage\"},\"datePublished\":\"2024-05-22T01:00:31+00:00\",\"dateModified\":\"2024-05-21T23:43:48+00:00\",\"author\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/c61ba704b95a2372d28efdb133185f3f\"},\"breadcrumb\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/australia-and-new-zealand-need-an-anzac-cyber-incident-review-board\/#breadcrumb\"},\"inLanguage\":\"en-AU\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.aspistrategist.ru\/australia-and-new-zealand-need-an-anzac-cyber-incident-review-board\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.aspistrategist.ru\/australia-and-new-zealand-need-an-anzac-cyber-incident-review-board\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.aspistrategist.ru\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Australia and New Zealand need an Anzac cyber incident review board\"}]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/c61ba704b95a2372d28efdb133185f3f\",\"name\":\"Adam Dobell\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-AU\",\"@id\":\"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/b406d1fe2e6a9e0265995e6e479fbec9?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/b406d1fe2e6a9e0265995e6e479fbec9?s=96&d=mm&r=g\",\"caption\":\"Adam Dobell\"},\"url\":\"https:\/\/www.aspistrategist.ru\/author\/adam-dobell\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Australia and New Zealand need an Anzac cyber incident review board | The Strategist","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.aspistrategist.ru\/australia-and-new-zealand-need-an-anzac-cyber-incident-review-board\/","og_locale":"en_US","og_type":"article","og_title":"Australia and New Zealand need an Anzac cyber incident review board | The Strategist","og_description":"Many cyber attacks now straddle the Tasman Sea, such as last year&#8217;s data breach against Latitude, an Australian financial services provider, which affected more than 14 million people across Australia and New Zealand. As both ...","og_url":"https:\/\/www.aspistrategist.ru\/australia-and-new-zealand-need-an-anzac-cyber-incident-review-board\/","og_site_name":"The Strategist","article_publisher":"https:\/\/www.facebook.com\/ASPI.org","article_published_time":"2024-05-22T01:00:31+00:00","article_modified_time":"2024-05-21T23:43:48+00:00","og_image":[{"width":1024,"height":683,"url":"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2024\/05\/GettyImages-2153607066.jpg","type":"image\/jpeg"}],"author":"Adam Dobell","twitter_card":"summary_large_image","twitter_creator":"@ASPI_org","twitter_site":"@ASPI_org","twitter_misc":{"Written by":"Adam Dobell","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebSite","@id":"https:\/\/www.aspistrategist.ru\/#website","url":"https:\/\/www.aspistrategist.ru\/","name":"The Strategist","description":"ASPI&#039;s analysis and commentary site","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.aspistrategist.ru\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-AU"},{"@type":"ImageObject","inLanguage":"en-AU","@id":"https:\/\/www.aspistrategist.ru\/australia-and-new-zealand-need-an-anzac-cyber-incident-review-board\/#primaryimage","url":"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2024\/05\/GettyImages-2153607066.jpg","contentUrl":"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2024\/05\/GettyImages-2153607066.jpg","width":1024,"height":683,"caption":"KOBE, JAPAN - MAY 19: Gold medalist William Stedman (R) of New Zealand and silver medalist James Turner (L) of Australia pose after competing in the Men's 400m T36 final during day three of the World Para Athletics Championships Kobe at Kobe Universiade Memorial Stadium on May 19, 2024 in Kobe, Hyogo, Japan. (Photo by Paul Miller\/Getty Images)"},{"@type":"WebPage","@id":"https:\/\/www.aspistrategist.ru\/australia-and-new-zealand-need-an-anzac-cyber-incident-review-board\/","url":"https:\/\/www.aspistrategist.ru\/australia-and-new-zealand-need-an-anzac-cyber-incident-review-board\/","name":"Australia and New Zealand need an Anzac cyber incident review board | The Strategist","isPartOf":{"@id":"https:\/\/www.aspistrategist.ru\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.aspistrategist.ru\/australia-and-new-zealand-need-an-anzac-cyber-incident-review-board\/#primaryimage"},"datePublished":"2024-05-22T01:00:31+00:00","dateModified":"2024-05-21T23:43:48+00:00","author":{"@id":"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/c61ba704b95a2372d28efdb133185f3f"},"breadcrumb":{"@id":"https:\/\/www.aspistrategist.ru\/australia-and-new-zealand-need-an-anzac-cyber-incident-review-board\/#breadcrumb"},"inLanguage":"en-AU","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.aspistrategist.ru\/australia-and-new-zealand-need-an-anzac-cyber-incident-review-board\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.aspistrategist.ru\/australia-and-new-zealand-need-an-anzac-cyber-incident-review-board\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.aspistrategist.ru\/"},{"@type":"ListItem","position":2,"name":"Australia and New Zealand need an Anzac cyber incident review board"}]},{"@type":"Person","@id":"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/c61ba704b95a2372d28efdb133185f3f","name":"Adam Dobell","image":{"@type":"ImageObject","inLanguage":"en-AU","@id":"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/b406d1fe2e6a9e0265995e6e479fbec9?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/b406d1fe2e6a9e0265995e6e479fbec9?s=96&d=mm&r=g","caption":"Adam Dobell"},"url":"https:\/\/www.aspistrategist.ru\/author\/adam-dobell\/"}]}},"_links":{"self":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts\/87096"}],"collection":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/users\/1983"}],"replies":[{"embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/comments?post=87096"}],"version-history":[{"count":5,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts\/87096\/revisions"}],"predecessor-version":[{"id":87102,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts\/87096\/revisions\/87102"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/media\/87099"}],"wp:attachment":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/media?parent=87096"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/categories?post=87096"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/tags?post=87096"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}