NetSafe covers accommodation costs, and provides cybersafety professionals the opportunity to develop their knowledge and skills as a part of a dedicated cybersafety and cyber security team.

The secondment programme doesn’t have a lot of set rules or requirements. There is no minimum or maximum secondment period although we’d recommend no less than six weeks. On the other hand, NetSafe is a leading cybersafety organisation developing and delivering important cybersafety products and services to New Zealanders. Therefore,

• You will need to be working in cybersafety or cyber security education already and
• You will need to be known to NetSafe, or be vouched for by somebody well known to NetSafe

We can organise secondment timing around events and activities of particular significance or interest to you.

There is always something interesting to work on at NetSafe. In the education sector we have the NetSafe Kit for Schools v4 and new NetBasics resources under development.  NetSafe is also developing the National CyberSecurity Awareness week and website (in partnership with New Zealand’s Ministry of Economic Development).

You will also have the opportunity to participate in a number of NetSafe multi-stakeholder projects and programmes including the National Cyber Bullying Task force, the ORB Cyber Crime reporting group, and The National Cyber Security Initiative group.

If you’re interested in considering a secondment to NetSafe, or have any questions about this opportunity – please contact me and we can discuss what options might suit you best.

Wikipedia was blacked out for a day as part of a widespread protest against the US Stop Online Piracy Act (SOPA) and Protect Intellectual Property Act (PIPA). These Acts were endorsed by the Motion Picture Association (MPA) but the technology industry was opposed to them as restricting the openness of the internet.  American politicians seemed to take notice, and these Acts were sidelined. Next, the Online Protection and Enforcement of Digital Trade (OPEN) ACT was introduced to Congress, which is supported by the tech giants but resisted by the Motion Picture Association as going to easy on piracy!

And I thought, will these two groups ever find a satisfactory comprise?

A high profile blow was struck by the anti-piracy organisations as the former Chrisco Mansion was raided, filelocker Megaupload was shut down, and Kim Dotcom and some business associates were arrested. The anti-anti-piracy groups hit back organising DDOS attacks that (at least briefly) shut down about 10 websites including the FBI, Universal Music, RIAA, and Hodopi (it’s French)

And I thought, I wonder where the Chrisco people live now.

Moving away from copyright – Research by the Ipsos Social Research Institute named Australia as having the highest levels of cyberbullying on social networking sites. New Zealand wasn’t included in the research. I suspect we’d have placed pretty well.

And I thought, we could do with some of that anti-piracy (or the anti-anti-priracy) enthusiasm in the anti-cyberbullying fight.

TVNZ CloseUp returned to air this week and its first story for 2012 was about adult men who met a 14 year old girl online (or in this case, and actor they believed to be 14) and then travelled and meet them for sex. I was surprised at the lack of caution these men showed. It never occurred to them that it might be a sting – by journalists, or the Police.

And I thought, we could really do with a few Police sting operations of this type to discourage these men.

And then I thought. It looks like 2012 will be pretty much the same as 2011.

The review has two parts. The first covers the extension of the traditional media’s legal rights and responsibilities to some new media publishers. The second part of the review looks at whether the laws which deal with crimes such as harassment, intimidation, defamation, and breach of privacy are fit for purpose in the digital age.

It is really the second half of the review that most interests NetSafe, although the first half looks at a very interesting question. At what point does a blogger or a news website  access the legal privileges and exemptions currently reserved for the traditional news media? David Farrar at Kiwiblog has more readers than many newspapers in this country and often writes about political issues – so it absolutely makes sense to consider him “news media” . But what about Mods Motors? That also has a wide “circulation”. Its mostly about cars, but it does also include “news” and opinion about car and transport regulations.  What about the NetSafe blog?  The review also recommends an independent converged regulator (like the ACMA or OFCOM) to manage regulation of this space.

The second half of the review sits squarely in NetSafe territory. Information technology has been a real enabler for harassment, intimidation, defamation, and breach of privacy. The laws that deal with these issues were written pre-technology. Mostly they tend to be applicable, but accessing the remedies is comparatively prohibitive. Basically, its really easy to offend against somebody – and hard to effectively defend yourself.

The Law Commission has made a range of recommendations starting with a review of current laws to make sure they’re applicable in the digital age. There some clarifications of existing law and a handful of new offences recommended: maliciously impersonating another person, publishing intimate photos, and incitement to suicide.

The most radical of the proposals is the establishment of a Communications Tribunal that would operate at a lower level than the courts. The idea being that the tribunal would be more accessible for people who are offended against.

The Law Commission is taking submissions on this paper until March 12, 2012. I suspect there will be a number of strong voices against the recommendations – as there are against any attempts to exert control on online activities. I would encourage organisations and individuals working in the cyber safety and law enforcement space to make a submission.

Are computer security experts just justifying high incomes by positioning computer security beyond the realms of the average home user, or are they fundamentally right? If consumer security products don’t work, should people even bother to purchase and install them?

There’s no point in sugar coating it. The computer security gurus are essentially correct. If you are specifically targeted by cyber criminals, and you are reliant on consumer security – you’re in trouble. The good news for most people reading this blog is that they are not “high value targets” and are not going to be targeted by dedicated cyber criminals. Simply put, they’re not worth the investment in hacking time.

All security is about risk management. The level of investment we make in security should be appropriate for the risk we face. For most consumers and small businesses, the main threats they face are from non targeted malware. So the real question is – how well do consumer security products protect you against these threats.

The answer is – surprisingly well. This US PC Mag test shows the results from a range of 2012 security products. I was surprised how well they did. The results more than justify the relatively minor investment in these products. Even some of the free products do well.

But if you follow that link, you will see that no product was 100% effective in every test.

At any given time, each product will have malware that it misses. This is why it is important for people to remain vigilant. It is possible for your computer to become infected even if you have security software. If you think this might be you, run one (or better still – more than one) of the remote scanners listed on NetSafe’s website.  

And importantly, computer security isn’t just about security software. This is another area where security experts despair – because consumers are more often tricked by simple ruses than “hacked” in traditional terms. For this reason, NetSafe developed the NetBasics which looks at both the technical and non-technical aspects of security.

Before looking at how we can help more people benefit from e-commerce opportunities, I’d just like to mention a couple of things from the research that stood out for me.

Across the board, use of online auctions seems pretty low. Students led the charge at 23%, meaning nearly three quarters haven’t participated in an online auction in the last six months. I’d be surprised if New Zealanders didn’t score much higher in this category thanks to Trademe. I’m not sure if New Zealanders often think about just how well Trademe has done in creating such a reliable and trustworthy auction space. We just know its a good place to buy and sell items online. I’ve completed 150 trades on Trademe, and had one go bad (and it didn’t cost me money, just time). I wish I could acheive that same ratio with purchases made in tradition offline environments!

Paying bills and banking online score pretty well across the board. That’s no real surprise. In my opinion, banking online is better than banking at a bank branch. You can more easily access information and manage your money with online banking. Interestingly, the home duties sub-group scores lowest in these categories. I’d have thought being able to sort these things out from home would have really appealed to this audience. Then again, people in the home duties category might just enjoy the excuse to get out that going to the bank creates!

As I scan across the list of e-commerce activities, I can’t help but look at the percentages of people who are not doing each activity. You may know people in this category, or be one of those people yourself. Now, I understand that many people are happy with the traditional commerce options, but the truth is these e-commerce activities will save them time and money – and open up access to a wider range of products and services.

From my own experience, talking to friends and family – there seems to be two main reasons for the reluctance. It is perceived as too complicated, and too dangerous. With reference to the ”too complicated”  objection, people just need to be encouraged to give them a go. They will almost always find the experience positive.

If you are trying to help friends and family mitigate the risks of conducting commerce online – the good news is that there is an incredible amount of information and support available on these topics. A good place to start would be this NetSafe page on making a computer secure, then a quick read of this page on understanding online scams and fraud. Most e-commerce sites will also provide safety advice. For example Trademe has great information pages providing Safe Buying Advice and a Safe Computing Centre.

Facebook have acknowledge the spam attack that apparently exploits a browser vulnerability (we are not sure at this stage which browser it is) allowing cross site scripting.  If you want a bit more background on what that means, read this Sophos article about the attack. But in short, users are tricked into pasting some  code (JavaScript) into the address bar which then allows the malicious code to run.

Next thing you know – you’re looking at pornography, and so are your Facebook friends.

Justin Bieber

As an adult, you may find this little more than a nuisance. However, despite the 13 year old age limit – there are many children that use Facebook. If you have children that use Facebook, you might want to warn them against cutting and pasting content into the address bar – and this is a timely reminder to keep a close eye on them when they are online. I’m not a child psychologist – but I’m fairly certain pornography is not the best way to introduce children to sexuality!

These sorts of attacks within Facebook should come as no real surprise. There are 900 million Facebook accounts – half of which are active every day. That’s a very juicy target. But perhaps more importantly, Facebook is a social network – so people are there for the express purpose of sharing content. There are competitions, pages to like, pictures to view. Click this, click that.  Its a social engineering opportunity like no other. As Facebook increases it capability to host different types of content – more opportunities will present themselves for criminals to try and exploit.

Most scams are designed to raise money for the scammers, and you can safely assume that the lessons being learned from these attacks will be put into practice for those sorts of attacks later.

In the meantime, NetSafe has a page of tips for staying secure on Facebook. Check them out here.

The reason for this is a combination of State sponsored cyber attacks – and computerised Industrial Control Systems (ICS). Countries have worked out that they can attack  another country using malware that targets ICS. The most publicised attack of this type was Stuxnet which targeted, and apparently damaged, the uranium enrichment infrastructure in Iran.  The Stuxnet virus was such a sophisticated attack that security specialist agreed it could only have been conducted with state level support.  It is widely speculated that Stuxnet is the work of Israel and the US. But it might not be. Countries can now hide behind the same online anonymity that has empowered criminals and offenders.

That’s right – on the internet, nobody knows you’re a dog that specialises in cyber warfare.

Stuxnet apparently has a relative – called Duqu. Duqu is a Remote Access Trojan (therefore having the fantastic acronym - RAT) that is designed to probe ICS and send data back to enable highly targeted attacks (like Stuxnet). The problem is that “highly targeted” is a phrase I’ve borrowed from traditional warfare – like “smart bombs”, and we all know how smart they are! Which brings us to another traditional warfare term – “collateral damage”. One of the amazing things about Stuxnet was how targeted it was (attacking a specific device operating in a very specific way). But what if the coders weren’t so careful, or just made a mistake?

People often tell me that in New Zealand we have no enemies, and therefore we have nothing to worry about. The problem with that logic is that with so many Industrial Control Systems using similar technologies to control the utilities upon which we depend, I don’t think it is such an outrageous prediction that we will soon see one of these state sponsored malware products create collateral damage. And there is no reason to suggest it could not be here in New Zealand.

Hopefully that won’t occur with the National Cyber Security Centre (NSCS) keeping watch. But with cyber attack malware being produced with big budget state sponsorship – they’ll have to be at the top of their game!

And that’s the first thing that should grab your attention. For somebody who has attended a number of conferences looking at ways to make the internet safer or more secure – to be surrounded by official government delegations was quite surreal. The Internet isn’t structured around countries and until now, neither have the conferences about it. But Governments increasingly feel they can not stand back and leave the internet entirely to international corporates and NGO’s. And certainly the evidence supports that hypothesis.

The problem with the internet is that it is – or at least has been until now – uncontrollable.  This is great if you’re a journalist avoiding a repressive government. However, this is not great if you’re a government trying to provide a stable and reliable environment for your citizens and businesses.

The challenge is balancing the two requirements. And at the moment – the balance is not in our favour. There is no question that the power of the internet to provide an agile anonymity favours the bad guys. This is something we’ve know in the safety space for a while. The problem for governments is that cyber crime is starting to cost big money.  The question is what to do about that. Just as in the early days of the online safety movement - some people focus their energy on trying to change the rules of the environment. And to be fair to them, the internet is something we built and maintain so it is technically possible to change the way it works. Basically if everybody wanted to use technical measures to make it safer and more secure, we could.

However, there are a couple of problems. Firstly, different countries have different views on how they would balance control vs individual freedom. And then secondly, it is widely accepted that those changes will also have a negative impact on the internet’s ability to foster innovation, which it has a pretty good record of so far.

Therefore the attention inevitably shifts to rebalancing the equation without changing the fundamentals of the internet. And this is where the London Conference got to.

William Hague addresses the London Conference on Cyberspace

In his concluding speech, British Foreign Secretary (and conference host) William Hague said “These ideas and the principles that have come out of the conference include … that we enhance cooperation and collaboration between states, that we act together to address the threat from cybercrime, and that we preserve the global interoperability and resilience … ”

Those are pretty good ideas, but tough to put together in practice. The Conference will be reconvened in Hungary in a years time, but a lot of work will be done to try and progress the conversation in between. A safer online environment requires the combined efforts of NGOs, the private sector, and Governments. Whilst I wouldn’t want to overplay how much Governments can acheive – they have been visibly absent from the conversation so far – and this conference changed that. Therefore, it is my opinion that we will look back at the London Conference as a real turning point in the fight to keep the internet a powerful platform for progress – both socially and economically.

Again, for people outside New Zealand – this year is the Rugby World Cup (RWC) and it is being held here in New Zealand. This is a big deal for us. It is a costly exercise that is justified by the potential tourism benefits. We don’t talk about this much – but the other potential benefit is that the probability that the All Blacks will win is improved by them playing in New Zealand. The impact of this is hard to measure, but many New Zealanders will be happy for months. Happy people are more productive, and less likely to move to Australia.

The All Blacks will do everything they can to win – and this is where I finally get to my point. The management have banned tweeting during the RWC. This is because they think it will improve their chances of winning – and I think they’ve got it wrong.

The old guard might not understand twitter – but that’s no reason to fear it. I saw that (1987 RWC Winning Coach) Brian Lahore commented on tweeting. On the one hand he said they should forget about twitter and focus on the game at hand. He also stated  ”I don’t even know what Twitter is.” It doesn’t seem to have occurred to people that in this day and age – tweeting might actually be a way for players to focus on the game at hand.

Also – some of the All Blacks have a large number of followers on Twitter. Twitter is a way that the sports stars can connect with the fans. Obviously a large number of fans (Cory Jane has over 14,000 followers) want this. I think that right now, these individual twitter accounts are a missed opportunity to build the All Black brand.

Apparently the fear is that they might reveal team selections, details of injuries, criticise management or bait the opposition. Surely it would be better to set some rules than ban it all together. Surely all Blacks can be trusted to act in the best interests of the All Blacks?

So I say. Set some rules – and then let them tweet.

Womens Refuge have pointed out that this service could be abused by people to spy on and control their partners. This is true. However, there are already a number of software products that enable spying on phones. Many of which are more “feature rich” than myfone.

Civil Liberties groups have said it is spying – and that parents shouldn’t spy on kids. They have said that many parents are too controlling – and that this technology will be used to control kids. The technology isn’t promoted as covert surveillance. It is supposed to be disclosed to the phone user. In that regard – its not really “spying” – although there will be ways to work around the disclosure mechanism.

Sally Rae (one of the owners of the service in NZ) is quoted as saying “…what’s more important – our childrens’ civil rights or their safety and protection?”

I don’t think we need to make this a choice. Our children have a right to be safe. That is one of their rights. Parents have a responsibility to protect their children. What we also need to remember is that we have a responsibility to protect their other rights.

The product is just a tool. Using it – a parent can see into their child’s online life. What they do with that information is the key. If they are using the tool to control their child – that probably isn’t of much value. Children will find other ways to access the online world. If they think they can install this product and their child will be protected – they are wrong. In a networked world, online challenges are a reality for young people.

A product like this works if a parent uses the information it produces to educate their child about the challenges of communications technology. That means it can be a useful tool for young children – if its used properly.

Parents should also see this tool as temporary. As children show more maturity online, they should be given more freedom.