1. Working from home—thank you, IT
What a year! Back in March, IT departments up and down the country moved swiftly to enable their organisations’ staff to work from home when the first (and most severe) COVID-19 lockdown was called. PCs and monitors flew out the door, new collaboration tools were deployed, and video conferencing enabled everything from board meetings to Friday drinks.
Fry Up checked in with IT leaders from Countdown, University of Auckland, and Fonterra when Auckland was put into an additional lockdown in August. As Countdown head of technology and customer care Steve James explained, during these times the focus isn’t on tech, it’s on people.
It’s making that conscious decision that we’re in this together with our customers. We were reminded very strongly by our executive team to remember our colleagues in stores who are touching things, having to wash their hands a hundred times a day, dealing with stressed-out people—we need to think about them in everything we’re doing.
2. Under DDoS attack
As a small nation, we love to be noticed, just not by cybercriminals. CERT noted a 33% increase in cyberattacks on New Zealand organisations between July and September this year, with phishing, malware, scams, and frauds the biggest threats.
But it was DDoS that captured the headlines, when the NZX spent days fighting a sustained attack in August and September. The severity level and the apparent inability of the stock exchange to get on top of the attacks surprised many. At one stage, the cybercriminals appeared to be targeting other organisations, although in the case of Ruapehu Alpine Lifts, the perpetrators looked to be locals annoyed at a new online parking system.
Aside from the reminder that strong cybersecurity is critical, the NZX incident also raised the question of whether CIOs and CSOs should go public when attacks occur. While the GCSB advises caution, expert Jeremy Jones, who has worked in cyberoperations in the UK, has the opposite view, telling CIO New Zealand that more reporting will raise greater awareness of the problem.
There is this seedy, unspoken, underbelly of cyberattacks in New Zealand that never gets reported. It’s not in the news about how many NZ businesses are actually getting hit with ransomware. You would be mortified if you knew how bad it actually is.
3. New privacy act passes into law
Privacy breaches on the other hand must now be reported following the passing of the Privacy Act 2020, which came into effect on 1 December. It gives the privacy commissioner more powers, including the ability to fine organisations and businesses as much as $10,000 if they are deemed in breach the new law.
Organisations are now required to report a privacy breach if they believe it has, or could, cause serious harm. While overseas organisations that do business in New Zealand—even if they don’t have a physical office here—are now subject to the law.
It is not, however, as strong as the GDPR, the European Union’s catch-all privacy regulations, where fines are a maximum of $34 million or 4% of annual global turnover, whichever is greater.
Nor is there a consumer data right, but while this didn’t make it into the Privacy Act, it might get its own legislation, following a consultation paper released by the Ministry of Business, Innovation, and Employment. In the meantime, work is being done on what a collective data right would look like and how it can protect indigenous communities in Aotearoa and around the world.
4. The future is maybe cloudy
Microsoft’s decision to set a data region in New Zealand was deemed so significant it was talked up by Prime Minister Jacinda Ardern during one of her COVID-19 1pm press conferences in May. It certainly drew the attention of some of our biggest companies, with Fonterra announcing in July it is going all-in on Azure, while the Bank of New Zealand is hedging its bets with a multicloud approach.
Other IT leaders remain unconvinced about whether the public cloud represents a good investment, at least for now. Kevin Drinkwater, who is retiring as CIO at Mainfreight, says while he loves the idea of the cloud, he isn’t so enamoured with the price tag.
We have a fraction of our compute in the cloud, and [yet] it costs us almost as much as all the HPE equipment we have in our primary and secondary data centres.
5. Major infrastructure projects need more than money
Rounding out the Fry Up Top 5 is the performance of the Ultra Fast Broadband network in this pandemic year. Without this infrastructure our economy would be looking a whole lot worse as people would have struggled to work from home, shop online, connect with friends, continue their education, and so on.
In its briefing to the incoming Minister of Digital Economy and Communication David Clark, the agency responsible for the build, Crown Infrastructure Partners (CIP), explains how the business model works. In short, CIP provides interest-free funding to the companies that are building the network. These companies repay the money once customers are connected, via the monthly fee paid to them by retail service providers. This has resulted in the following investment highlights to date:
- Appropriated funding of $1.6 billion
- CIP is investing $1.7 billion in the UFB programme
- Additional $190 million from UFB partners funds returned
- Total private sector co-investment of about $5.7 billion
While these are large sums, the UFB isn’t only successful because of its business model. It is also because 10 years ago the government at the time changed the structure of the telco industry when it forced the separation of Telecom into Chorus and (what became) Spark. This opened up innovation and competition across the sector, which—amongst other things—has led to two additional international cables including the Hawaiki cable that links New Zealand to the US via Australia and American Samoa. Hawaiki is funded by private investors such as Malcolm Dick (former cofounder of CallPlus and Slingshot), who is now heading Datagrid, a company planning to build the country’s first hyperscale data centre near Invercargill.
As we emerge from the pandemic there is renewed public discussion about the necessity (or not) for major national infrastructure projects. Plenty can be learned from what has occurred with the UFB, including that it would not have taken place without a whole bunch of people in the tech and telco sectors making a whole lot of noise about the ills of monopoly providers.
Major users in companies like Mainfreight (Drinkwater served on the TUANZ board when it was lobbying for fibre networks) and scrappy challenger providers like Slingshot (now part of Vocus) and Orcon (also now part of Vocus) engaged. The CEOs of those internet companies were energetic, passionate advocates for their businesses, but also for a fair market that would deliver for all New Zealanders.
One of those people was Scott Bartlett, who became CEO at Orcon in 2007 and who went on to become CEO at Kordia. It is with much sadness that we note his passing this week, at just 40 years old, from brain cancer. He always had a point of view; he was always willing to engage. RIP Scott Bartlett.