Story image

Domain Name Commission & CERT NZ to share information about .nz cyber threats

14 Jun 18

CERT NZ and the Domain Name Commission (DNC) are vowing to protect all .nz domain names from cybersecurity threats.

The two agencies have agreed to share certain domain registration information so that they can ‘enhance’ cybersecurity in New Zealand.

“We’re pleased to announce that we have signed a Memorandum of Understanding with CERT NZ, who will use their access to international cyber threat and vulnerability information together with withheld domain name registration information to alert domain owners in the .nz space to cybersecurity issues,” comments Domain Name Commissioner Brent Carey.

The Memorandum of Understanding will allow CERT NZ to access withheld domain name registration information from the DNC in situations where cybersecurity threats have been identified.

CERT NZ must provide reasons for accessing the data, and the DNC can suspend CERT NZ’s access if it believes that access has affected security and stability of the .nz domain.

The DNC will also share regular transparency reporting, including high-level information on the withheld data accesses by CERT NZ.

“Both parties acknowledge that there will be occasions when access to the Withheld Data is needed in a timely manner to prevent possible security issues and harm… The parties will work together as much as possible to resolve any such security issues,” the Memorandum of Understanding says.

According to Carey, the DNC and InternetNZ are stewards of the .nz domain space. He says they are conscious of the role they play to keep New Zealanders and their domains safe.

Currently individuals that own .nz domains are able to use the Individual Registrant Privacy Option to hide certain contact details from .nz query searches and domain lookup services such as WHOIS.

“Where individuals have validly chosen our privacy option, it’s paramount we protect their privacy. Security of our domain name space critical infrastructure is equally as important. Putting this agreement in place means that we can protect that privacy while also giving CERT NZ access to some information that they need to help keep New Zealand safe,” says Carey.

CERT NZ director Rop Pope adds that the Memorandum of Understanding and access to privileged information is about keeping Kiwis safe online.

“When we’re alerted to issues that may affect New Zealand domain owners, this agreement means we can access the right information at the right time.”

Pope adds that cybersecurity must be a team sport.

“When we’re alerted to issues that may affect New Zealand domain owners, this agreement means we can access the right information at the right time,” he concludes.

Symantec releases neural network-integrated USB scanning station
Symantec Industrial Control System Protection Neural helps defend against USB-borne cyber attacks on operational technology.
SingleSource scores R&D grant to explore digital identity over blockchain
Callaghan Innovation has awarded a $318,000 R&D grant to Auckland-based firm SingleSource, a company that applies risk scoring to digital identity.
Ramping up security with next-gen firewalls
The classic firewall lacked the ability to distinguish between different kinds of web traffic.
Spark Lab launches free cybersecurity tool for SMBs
Spark Lab has launched a new tool that it hopes will help New Zealand’s small businesses understand their cybersecurity risks.
Gartner names LogRhythm leader in SIEM solutions
Security teams increasingly need end-to-end SIEM solutions with native options for host- and network-level monitoring.
Cylance makes APIs available in endpoint detection offering
Extensive APIs enable security teams to more efficiently view, enrich, and contextualise real-time intelligence collected at the endpoint to keep systems secure.
SolarWinds adds SDN monitoring support to network management portfolio
SolarWinds announced a broad refresh to its network management portfolio, as well as key enhancements to the Orion Platform. 
JASK prepares for global rollout of their AI-powered ASOC platform
The JASK ASOC platform automates alert investigations, supposedly freeing the SOC analyst to do what machines can’t.