A group of New Zealand organisations responsible for critical infrastructure have established voluntary standards for the security of such systems against digital attack.
The New Zealand Cyber Security Voluntary Standards for Industrial Control Systems were devised with the support of the National Cyber Security Centre (NCSC).
Their originators are keeping quiet about the detail of the standards and the identity of members of the group, because it might set them up as a target for attackers.
They will not even say how many organisations are in the group.
An agreed statement, released through the NCSC, says the standards group "is for companies in the critical national infrastructure that are dependent on SCADA (Supervisory Control and Data Acquisition) or other industrial control, process control or telemetry systems. Members share confidentially mutually beneficial information regarding electronic security threats, vulnerabilities, incidents and solutions."
The one member willing to identify itself is Genesis Energy, whose spokesman on the topic, Mike Judge, says "this work has allowed us to safely discuss cybersecurity issues, and work together with industry to develop best practice and share information.
"The participants in this group are well placed, to provide or endorse security guidance to the New Zealand utility industry," Judge adds. "Risks will vary, but this standard we have developed is a practical compilation of best practice and guidance for establishing a secure control system.
"The aim is to minimise the threat from unauthorised or inappropriate access, and also to maintain access and control during adverse conditions.
"These voluntary standards will be applicable for a range of New Zealand industries including electricity, oil and gas, water, transport, chemical, pharmaceutical, food and beverage, and manufacturing," Judge says.