NZ’s line in the sand on cyber attacks

Foreign Affairs

With cyberattacks on the rise, the Government has laid out how New Zealand’s view of how international law on physical warfare can translate to state-sanctioned hacking online

As more and more of our lives moves into the digital realm, so too do some of our greatest vulnerabilities.

In May, international freight company Toll Group confirmed it had been subject to an attack on its IT systems in a bid to secure a ransom, while the NZX stock exchange has suffered a number of distributed denial-of-service attacks this year. 

Covid-19 has also opened up new avenues for hackers to explore: New Zealand’s National Cyber Security Centre (NCSC), which focuses on potentially high-risk events and nationally significant organisations, said the pandemic had “created many opportunities for malicious cyber actors to steal data, commit financial crimes, undertake espionage or disrupt the systems of organisations with a pandemic response role”. 

While some attacks may have purely financial motives, others have more geostrategic factors – and the hand of foreign countries – at play.

Thirty percent of the 352 cyber security incidents the NCSC recorded in 2019/20 had been linked to state-sponsored actors, while Government Communications Security Bureau director-general Andrew Hampton warned in August that “state-sponsored groups almost certainly have the capability and intent to target organisations for the purpose of gathering information about their response to Covid-19”.

But with room for uncertainty over what exactly countries can do to respond, the Ministry of Foreign Affairs and Trade (with Crown Law) has set out New Zealand’s view on how international law applies to the wild west of cyberspace.

The position paper argues that international rules such as the United Nations charter, the law of state responsibility and international human rights law apply online as much as they do offline.

“Calling someone out, you put the spotlight on it and you bring attention…