Cyberattacks and continuous disclosure
There is a “seedy, unspoken, underbelly of cyberattacks” in this country, according to Jeremy Jones, head of security at the consultancy Theta who previously worked in cyberoperations as a Royal Air Force officer in the UK. He told CIO New Zealand this week that one way to combat this scourge is through mandatory breach reporting, so people can see the true extent of the damage being caused.
Jones suggests publicly listed companies should be reporting cyberrisks. “If you’re hit with a cyberattack, it affects your ability to raise capital, seek investment, and [raises] privacy issues. You absolutely should report it. … Hiding it in the shadows is not going to help anybody.”
We asked the NZX, which recently suffered a major attack, what the rules are with regards to continuous disclosure of cyberattacks. Head of communications David Glendining provided this guidance: “There is no particular requirement for disclosure related to cyberattacks. However, in the event that such an attack constituted an operational and/or financial impact on the company, and was assessed to be ‘material information’, then this would require disclosure under Section 3 of the NZX Listing Rules.”
Mandatory reporting with regards to personal data breaches is part of the new Privacy Act, which comes into effect in December 2020.
Unbundling status quo
Enabling retail service providers (RSPs) to put their own equipment into ‘last-mile’ telco network infrastructure, and thereby increase their share of the user fee, is known as ‘unbundling’. New Zealand was late to regulate unbundling of the copper network, but what about the fibre network—will retailers rush to unbundle the UFB?
Here’s what fibre unbundling looks like, compared to copper unbundling:
Sarah Putt/IDG
The differences between fibre unbundling and copper unbundling in New Zealand.
To unbundle a customer’s premise, the RSP must carry out the following and pay the proposed fees:
- Pay rental space in the wholesaler’s central office (CO). The price varies.
- Pay the wholesaler a monthly fee for the feeder fibre between the CO and the fibre flexibility point (FFP). The proposed cost is $200 per month.
- Depending on the wholesaler, the RSP may need to supply its own optical splitter that the wholesaler will install in the FFP. In the case of Enable, it includes the provision and installation of a splitter for $236.53 per month.
- Pay the wholesaler a monthly fee to access the second distribution fibre that runs to the house. Proposed cost varies depending on wholesaler with figures of between $28.70 and $37.24 per month quoted.
- RSP must install its own optical network terminal (ONT) at the customer’s premise.
As with so much in telecommunications, it hinges on what the Commerce Commission decides. In its latest findings—outlined in an 86-page guidance document on equivalence and nondiscrimination—it appears the status quo prevails, although pricing isn’t covered in detail.
That, at least, is the view of Chorus, whose spokesperson Steve Pettigrew says, “There were no surprises from the earlier draft. … We certainly appreciate the certainty the ComCom’s release brings to our regulatory obligations. It supports our ongoing investment in the fibre network and demonstrates that there’s a competitive broadband market out there, one that still encourages new providers to enter the market as we’re seeing.”
We’ve also sort comment from Vocus, which has formed a partnership with Vodafone to unbundle fibre and which claims the current proposal is uneconomic. The Commission says it will address their views by 2021. In the meantime, you can catch up on the dispute in our full report.
Chile, Singapore, and us
DEPA may never become a household acronym but it should probably be on the IT radar. The Digital Economy Partnership Agreement (DEPA) is an open agreement among New Zealand, Singapore, and Chile, which other countries may sign up to over time. It is designed to “shape the rules on digital trade” and address gaps in other international trade agreements which don’t allow for emerging issues in the digital economy.
That doesn’t mean there aren’t legal requirements that will affect New Zealand organisations. The National Interest Analysis document on DEPA posted on the Ministry for Foreign Affairs (MFAT) website includes obligations around paperless trading, electronic transactions and payments, and data issues.
An example of how DEPA might affect local businesses is the obligations around e-invoicing, as this document notes: “Most businesses that choose to will be able to adopt to e-invoicing and electronic trade documents with minimal changes to existing internal IT systems and business processes. However, some businesses may need to invest in their systems and processes in order to access these benefits. This may entail some additional cost to those businesses.”
New Zealand signed up to DEPA in June 2020, and during MFAT’s consultation process it received submissions from groups that included the Information Technology & Innovation Foundation (which doesn’t appear to be local). MFAT has also been offering webinars about DEPA to NZ Tech members.
It’s hard to argue with most of the content of this document, but it does illustrate how trade agreements can impact IT departments. As a nation dependent on exports for economic prosperity trade agreements are essential, so if the Green Party’s tech policy to “give technology firms and software developers a voice in trade negotiation” is enacted, maybe consultation can be extended to the wider IT sector.
Take the skills survey
Since the dawn of time there has been talk of skills shortages in the New Zealand IT sector. Prior to COVID-19, the IT sector had the option of going off shore for talent—and about half of new roles were filled this way, according to NZ Tech.
But with the borders closed, there is even more emphasis on the need to grow talent locally. One way employers can do this is by taking part in internships such as Summer of Tech. We checked in with CEO Trent Mankelow to see how “offers day” went this week. Here are the stats:
- 2557 students have taken part in the programme this year.
- 316 have been offered jobs, and there are another 88 jobs to be filled.
- 340 jobs are expected to be offering through the program in 2020—slightly down from 352 jobs last year.
NZ Tech, IT Professionals, and NZ Rise, in conjunction with the Ministry of Business, Innovation, and Employment, are surveying the IT sector to determine where the skills gaps are. If you lead an IT team, there is still time for you to fill out the survey.