The forum, which was organised by the NZ Defence Industry Association, had as its theme: "Emerging Technologies & Cybersecurity Capabilities Supporting National Security Agencies". It heard from speakers including Tony Kryzewski, a cybersecurity compliance consultant who cited figures showing that worldwide, 1.9 billion records were extracted from organisations in the first half of 2017, and in September alone 174 million files were stolen.
This week the ZDNet website reported that a hacker stole restricted technical information on the F-35 Joint Strike Fighter, the P-8 Poseidon maritime patrol aircraft, the C-130 transport aircraft and the Joint Direct Attack Munition (JDAM) smart bomb kit from an Australian defence subcontractor. The breach was in July 2016 although the Australian Signals Directorate wasn't alerted until November last year. The data was restricted under the US International Traffic in Arms Regulations, the report said.
Ash said his office anticipates a workshop being held in the next month or so as a result of the GETS notice with organisations capable of delivering a scheme for SMEs.
"We're trying to offer that work to the market, to see what interest is there and what ideas that might generate," he told BusinessDesk.
It aims to give New Zealand's small businesses a credential they could show their customers and supply chain: "Here's my cyber credential. If you're coming to do business with me you can at least know we've been through a sensible process to improve our cyber security."
The scheme for SMEs is part of the National Cyber Security Strategy, which was released with an Action Plan in 2015.
Another leg of the strategy was the establishment last year of a Cyber Security Skills Taskforce, which is made up of executives from the IT and banking industries along with representatives of educational bodies.
A near-term target is the launch of a 'polytech' level course of less than a year that would train people to work in roles such as junior cyber-security analysts. Ash said the NZ Qualifications Authority is currently considering a proposal for a level 6 diploma and consulting with industry to ensure the right trainees were produced.
Work was also being done on options to repurpose mid-career workers for cyber roles. "There are lots of people with assurance and compliance skills, particularly in professions such as accounting, who could be retrained into cybersecurity," Ash said.
Another body of work was underway, involving the Ministry of Foreign Affairs and Trade and other agencies to ensure New Zealand businesses will be ready for the cyber regulatory environments currently emerging in major global markets such as the European Union, the US and China, he said.
"We're just at the front edge of that now," Ash said. "We need to be able to demonstrate we can meet or beat other countries' cybersecurity frameworks."
That requires upskilling - bringing digital expertise to bear on existing diplomatic and trade policy expertise - and international cooperation, he told the Forum this week.
Challenges include a lack of consensus on the rules of operation in cyberspace (the United Nations and a range of other organisations have work underway) and rapidly evolving technology including "a massively expanded attack surface" with the emergence of the Internet of Things, a wider range of threat actors, and artificial intelligence.