Kiwicon Kiwi security incident responders are gearing up to go live with New Zealand's first computer emergency response team (CERT) next March. And in a change of tack for CERTs, New Zealand's will help all businesses, not just the top end of town.
Declan Ingram, a heavy lifter with CERT NZ says it will help small businesses all the way to enterprises and government with incident response, and will even supply security engineers from the private sector with intelligence.
The well-known former penetration tester told the Kiwicon hacker conference CERT NZ is running a ten-month sprint to start up after being announced in May 2016.
"It (CERT NZ) is really, really different to a lot of other CERTs which are focused on critical infrastructure, focused on their memberships," Ingram says.
"The CERT we're building is for everybody, which is fantastic, except that there is a finite amount of resources and an awful amount of people who can benefit from the help.
"A big part of what the CERT is going to be doing is connecting people."
Declan Ingram. Image: Darren Pauli / The Register
Ingram says it will be able to assist and liaise with victims; analysts; enforcers such as police; security providers; fixers who "mop up" after incidents, and champions who help with public education.
He invites security vendors to contribute intelligence to the CERT to help build New Zealand's "herd immunity" for security threats.
It will not be a business' "personal response team" however, nor cop,security information and event management box, or security operations centre.
"It is about providing assistance, giving information back, and giving people cyber hugs," Ingram told the 2000 attending hackers in Wellington, Friday.
"If you've been ransomware'd [sic], you call up and we'll ask 'show us where it hurts' and help you get on with your life," he says.
The CERT operates under New Zealand's Ministry of Business Innovation and Employment, and takes over from an ad-hoc collection of security nice guys including the NZITF and other global CERTs.
Its five core functions include:
- Incident response and triage;
- Situational awareness and information sharing;
- International collaboration with a tight-bit network of global CERTs;
- Advice and outreach, and;
- Co-ordination of serious cyber incidents.
Ingram invited interested security types to apply for limited roles at the CERT through the Ministry of Business Innovation and Employment. ®