Improving cyber defence for critical national infrastructure in New Zealand

The challenge of securing comprehensive services enabled by cyber-physical technologies is becoming increasingly acute. Industrial Control Systems (ICS) and Operational Technology (OT) environments have been in place for several decades. With a combination of computer software, hardware components and industrial/commercial use, these systems are essential in the control and automation of countless industrial procedures and processes that provide indispensable human services in most countries; they make it possible to operate and maintain such operations as the flow of energy through power grids, the treatment and supply of clean water to billions of people, and the maintenance of life saving medical facilities around the world. This research aims to critically analyse New Zealand's existing cybersecurity strategies and approaches in its defence of Critical National Infrastructure (CNI) organisations operating OT and ICS environments. In this regard, the research draws on international best practices, and proposes a set of hypotheses and actionable insights to fortify cyber resilience for CNIs. It also explores how government-enforced frameworks and standards improve cyber defence for CNIs along with improved accountability. Learnings from this research may be used by policy makers, cyber security leaders, and the government of New Zealand in their consideration of and consultations on academic and pragmatic application, for the development or adoption and enforcement of cyber security standards for CNIs in New Zealand. The essence of this thesis lies in its commitment to contributing to the broader discourse on cybersecurity for OT and ICS environments--particularly in safeguarding critical infrastructures--thereby enhancing the security and welfare of nations in a dynamically changing threat landscape. To achieve the aforementioned aim, this thesis undertakes an analysis of cyber security standards and frameworks that governments around the globe--especially within the countries represented in the Five Eyes intelligence alliance comprising Australia, Canada, New Zealand, the United Kingdom, and the United States--have enforced for CNIs operating OT and ICS environments. Additionally, the thesis examines whether there are other geographies that are a closer fit culturally and economically for New Zealand to learn from and to emulate when it comes to considering future strategies for improving cyber defence for CNIs. This thesis further explores how systematic, strategic, and collaborative efforts in combination with government enforced frameworks and standards improve cyber defence for CNI and OT and ICS environments. It is guided by comparative analysis, utilizing both qualitative and quantitative data, including policy document reviews, expert interviews, and studies of international best practices.
Type of thesis
The University of Waikato
All items in Research Commons are provided for private study and research purposes and are protected by copyright with all rights reserved unless otherwise indicated.