Domain Name Commission & CERT NZ to share information about .nz cyber threats
CERT NZ and the Domain Name Commission (DNC) are vowing to protect all .nz domain names from cybersecurity threats.
The two agencies have agreed to share certain domain registration information so that they can 'enhance' cybersecurity in New Zealand.
"We're pleased to announce that we have signed a Memorandum of Understanding with CERT NZ, who will use their access to international cyber threat and vulnerability information together with withheld domain name registration information to alert domain owners in the .nz space to cybersecurity issues," comments Domain Name Commissioner Brent Carey.
The Memorandum of Understanding will allow CERT NZ to access withheld domain name registration information from the DNC in situations where cybersecurity threats have been identified.
CERT NZ must provide reasons for accessing the data, and the DNC can suspend CERT NZ's access if it believes that access has affected security and stability of the .nz domain.
The DNC will also share regular transparency reporting, including high-level information on the withheld data accesses by CERT NZ.
"Both parties acknowledge that there will be occasions when access to the Withheld Data is needed in a timely manner to prevent possible security issues and harm… The parties will work together as much as possible to resolve any such security issues," the Memorandum of Understanding says.
According to Carey, the DNC and InternetNZ are stewards of the .nz domain space. He says they are conscious of the role they play to keep New Zealanders and their domains safe.
Currently individuals that own .nz domains are able to use the Individual Registrant Privacy Option to hide certain contact details from .nz query searches and domain lookup services such as WHOIS.
"Where individuals have validly chosen our privacy option, it's paramount we protect their privacy. Security of our domain name space critical infrastructure is equally as important. Putting this agreement in place means that we can protect that privacy while also giving CERT NZ access to some information that they need to help keep New Zealand safe," says Carey.
CERT NZ director Rop Pope adds that the Memorandum of Understanding and access to privileged information is about keeping Kiwis safe online.
"When we're alerted to issues that may affect New Zealand domain owners, this agreement means we can access the right information at the right time.
Pope adds that cybersecurity must be a team sport.
"When we're alerted to issues that may affect New Zealand domain owners, this agreement means we can access the right information at the right time," he concludes.