New Zealand MFAT: Mission and Cybersecurity

Questions and Answers

Which of the following best describes MFAT's approach to international relations, considering its cybersecurity priorities?

• MFAT prioritizes independent cybersecurity operations, separate from international collaborations, to ensure data sovereignty and security.
• MFAT sees cybersecurity mainly as a technical challenge, addressing it separately from its broader diplomatic and trade objectives.
• MFAT views cybersecurity as a critical component of fostering stable and secure international partnerships, ensuring data protection and trust. (correct)
• MFAT focuses primarily on domestic cybersecurity improvements, with international collaborations playing a secondary role in its overall strategy.

How might MFAT balance its commitment to open communication and collaboration with the need to protect sensitive diplomatic data?

• MFAT should implement stringent compliance rate metrics and focus on minimizing the risk from potential data breaches.
• MFAT should exclusively use proprietary security tools to safeguard sensitive information, avoiding open-source technologies to prevent vulnerabilities.
• MFAT should strictly limit international collaborations to reduce the risk of data breaches, focusing on domestic partnerships with vetted cybersecurity firms.
• MFAT should prioritize open communication and rely on strong encryption methods, such as AES and RSA, to protect sensitive data during transit and storage. (correct)

Considering MFAT's focus on continuous improvement in cybersecurity, what is the most effective way for a cybersecurity specialist to contribute to this goal?

• By exclusively adhering to established security protocols, ensuring consistency and minimizing deviations that could introduce vulnerabilities.
• By actively monitoring threat intelligence, updating security protocols, and participating in training to prepare for new attack vectors. (correct)
• By focusing on individual skill development, such as obtaining advanced certifications, without directly applying new knowledge to MFAT's practices.
• By regularly attending security conferences and focusing only on the latest high-profile vulnerabilities without integrating them.

In the context of MFAT's strategic priorities, how does cybersecurity directly support the goal of expanding New Zealand's export value and economic resilience?

By focusing on securing digital platforms related to New Zealand's global trade operations, protecting international business dealings and sensitive economic data. (D)

How should a cybersecurity specialist prioritize their actions when addressing potential vulnerabilities discovered through vulnerability scanning and threat intelligence?

Prioritize vulnerabilities based on potential impact, collaborating with teams to ensure critical vulnerabilities are patched or mitigated promptly. (B)

What is the most effective approach for MFAT to address the cybersecurity challenges associated with remote regions in the Pacific?

Focusing on enhancing security resilience by addressing unique cybersecurity challenges and bolstering security in these regions. (B)

In the event of a detected cybersecurity incident, what should be a cybersecurity specialist's first priority?

To immediately isolate all affected systems to prevent the attack from spreading and potentially compromising other assets. (B)

How can MFAT ensure the integrity and confidentiality of communications while leveraging international partnerships and global resources?

By implementing TLS encryption for sensitive data in transit and practicing secure key management protocols to protect encryption keys and rotate them regularly. (B)

Given MFAT's commitment to human rights, how should a cybersecurity specialist integrate this value into cybersecurity frameworks?

By integrating human rights considerations within cybersecurity frameworks, ensuring sensitive human rights data and information protection are prioritized. (A)

What role does threat intelligence play in MFAT’s ability to stay ahead of emerging cybersecurity threats?

Threat intelligence helps MFAT understand emerging risks and quickly adapt security strategies to defend against the latest threats. (C)

How can MFAT address cultural differences and communication challenges when working with international teams on cybersecurity incidents?

Adjusting incident response timing to align with different time zones and varying communication styles. (D)

How would a cybersecurity specialist contribute to improving security protocols in an incident response?

By conducting post-incident reviews to identify improvements, updating incident response plans, and refining security protocols. (A)

What elements should be included in training?

Theoretical concepts, a structured training plan, and hands-on practice. (C)

How should MFAT approach managing cybersecurity risks differently when collaborating with international teams and embassies compared to domestic operations?

Enforce standardized security policies across regions, tailoring security training to handling sensitive data and identifying phishing attempts. (D)

In the context of MFAT's global operations, how would you balance the need for standardized security measures with the varying cybersecurity maturity levels of different international teams and embassies?

I would conduct consistent cybersecurity policies across all international regions and conduct regular training and awareness programs for embassy staff so all staff are prepared for threats like phishing and social engineering attacks. (B)

In what ways would a cybersecurity analyst improve the productivity and efficiency of the team?

Improve alert triage skills.Improve our team’s overall efficiency, allowing me to focus on higher-priority tasks and ensuring quicker incident resolution. (B)

What vulnerabilities are weaknesses?

Poor access controls. (A)

A threat could be any of the following?

Cybercriminal or state-sponsored attacker. (C)

The TCP handshake is vulnerable to which of the following attacks?

SYN floods. (B)

Which of the below is not a common KPI?

Revenue. (C)

Flashcards

MFAT's Mission

Advancing New Zealand's international priorities. Providing advice on global developments.

Foreign Policy and Diplomacy

Represents New Zealand to other countries and international organizations.

Trade and Economic Interests

Works to open market access; negotiates trade agreements; supports businesses' international expansion.

Development Assistance

Manages the New Zealand Aid Programme, focusing on reducing poverty and sustainable development.

Bede Corry's Role

Oversees the ministry's operations.

Operational Support

Assist in protecting the Ministry's information and cyber security operations.

Incident Response

Identify, analyze, and respond to security incidents.

Risk Assessment

Conduct regular assessments for vulnerabilities; recommend mitigation strategies.

Continuous Improvement

Stay updated on emerging cyber threats; enhance security protocols.

Deepening Relationships

Strengthening ties with India, Southeast Asia, and ASEAN.

Pacific Partnerships

Collaborating with Australia to enhance regional security.

Trade Growth

Expanding New Zealand's export value and economic resilience.

Russia-Ukraine Conflict

New Zealand has imposed sanctions in response to Russia's invasion.

Climate Change Initiatives

Focuses on climate finance, mitigation, adaptation, and capability building.

Human Rights Commitments

Focuses on integrating human rights in New Zealand's foreign aid strategy.

Strategic Intentions 2024–2028

Outlines MFAT's long-term objectives.

United Nations Handbook 2024–25

Provides insights into New Zealand's engagement with the UN.

Define 'Risk'

Risk is the potential for loss, when a vulnerability is exploited by a threat.

Define 'Vulnerability'

Vulnerabilities are weaknesses, such as unpatched software or poor access controls

Define 'Threat'

A threat could be a cybercriminal, state-sponsored attacker, or insider threat.

Study Notes

Mission and Purpose

• The Ministry of Foreign Affairs and Trade (MFAT) aims to advance New Zealand's international priorities
• MFAT's work ensures the security, stability, and prosperity of New Zealanders both in New Zealand and internationally
• A primary goal is promoting security, stability and prosperity for New Zealand
• Cybersecurity is critical to safeguarding sensitive data and systems that are critical to NZ’s international relations

Key Functions of MFAT

• MFAT represents New Zealand in formal communications with the United Nations, APEC, WTO and other countries
• MFAT emphasizes safeguarding diplomatic communications and data across international platforms
• MFAT aims to expand market access for New Zealand exporters
• MFAT negotiates trade agreements and supports international expansion for businesses
• Cybersecurity is vital for shielding trade agreements and sensitive economic data
• The New Zealand Aid Programme is managed by MFAT
• The New Zealand Aid Programme focuses on poverty reduction and sustainable development, especially in the Pacific region
• Secure digital platforms in development programs are important, particularly in high-risk Pacific regions

Organizational Structure of MFAT

• Hierarchical structure
• Bede Corry is currently the Chief Executive and Secretary of Foreign Affairs and Trade
• The Senior Management Team includes the Chief of Staff, Deputy Chief Executive for People and Operations, the Chief Financial Officer, the Chief Info Officer, and the Chief People Officer
• Organised into regional and functional divisions
• Teams focus on trade, consular services, development, and specific geographic areas

Key Ministers

• Minister of Foreign Affairs oversees the ministry's foreign policy initiatives
• Minister for Trade focuses on trade negotiations and economic partnerships
• Minister of State for Trade lends assistance in trade-related areas
• Minister of Climate Change is responsible for international climate change negotiations
• CIOs are key in securing information systems

Key Responsibilities of Cyber Security Specialist - SOC Analyst

• Helps keep the ministry's information and cyber security operations running smoothly
• Securing data and systems is a critical part of their role
• Ongoing security oversight is provided for MFAT’s digital infrastructure
• Ongoing security ensures the security of critical data
• Expertise in incident detection and security monitoring
• Identify, analyze, and respond to security incidents while working with stakeholders to mitigate risks
• Experience in incident management to improve abilities
• Quickly and effectively identify, analyze, and mitigate security incidents
• Conduct regular risk assessments
• Recommend mitigation strategies
• Experience with tools like CrowdStrike, Sentinel, and Darktrace will help you find vulnerabilities at MFAT
• Stay up to date on emerging cyber threats
• Enhance security protocols continuously
• Stay updated on emerging cyber threats by making contributions

MFAT's Strategic Intentions (2024-2028)

• Strengthening relationships with India, Southeast Asia, and ASEAN aligns with MFAT's goals
• Cybersecurity is needed to secure diplomatic ties, trade agreements, and private discussions
• Secure data exchange strengthens relationships
• Collaboration with Australia is a Pacific Partnership strategy used to improve regional security and economic growth
• Security resilience bolsters security
• Expanding New Zealand’s export value with trade growth
• Security is key to protecting international business as MFAT expands exports
• Securing platforms tied to New Zealand's global trade

Global Awareness

• An understanding of world events, especially in New Zealand, is vital
• New Zealand sanctions on Russia in response to its invasion of Ukraine
• International infrastructure increasingly faces state-sponsored threats, increasing cybersecurity risks on a global scale
• Climate change finance involving mitigation, adaptation, and capability building is the focus of MFAT climate change initiatives
• The ministry may work with global partners on environmentally related programs, while cybersecurity helps ensure secure Collaboration and Data-sharing
• Focuses on integrating human rights into New Zealand's foreign aid strategy
• Experience with integrating human rights within cybersecurity frameworks is needed, since sensitive human rights data and information need protection

Review of Public Statements

• MFAT’s long-term goals are outlined in Strategic Intentions 2024–2028
• Understand how cybersecurity can assist MFAT meet goals
• The need for strong cybersecurity frameworks
• Insights into New Zealand’s engagement with the UN are in the United Nations Handbook 2024–25
• Understand cybersecurity protocol needs in a global context
• Align MFAT’s works with global diplomacy
• Gender, Māori, Pacific, and Ethnic Pay Gap Action Plan 2024–2025 are in the Diversity and Inclusion Reports
• The focus aligns with broader government goals, despite not directly related to technical roles
• Diversity can enhance problem-solving and innovation in security teams

Behavioral Questions

• Justin Dulangon is a passionate cybersecurity professional dedicated to protecting data and critical systems
• He stays sharp by participating in Capture The Flag (CTF) competitions, ensuring he's up-to-date with emerging threats
• At Kordia, Justin specializes in threat detection, prevention, and analysis as a Security Analyst
• The cybersecurity mission at MFAT is exciting, and aligns with his interest
• He is proactive, detail-oriented, and eager to learn
• He strengthens security and preventing risks
• Helping to ensure the safety of sensitive government data
• Passion for cybersecurity and working with diplomatic missions
• Values clear goals, open communication, learning, problem-solving, and teamwork
• Wants to expand cloud security knowledge
• Improve detection and response to advanced security threats
• Creating stronger security teams

Short and Long Term Goals

• Seeks expertise in threat intelligence and pentesting
• Short term, gain hands-on experience with advanced security tools in cloud security
• Seek to become an expert in security operations and incident response
• Long term, become a subject matter expert in threat intelligence and penetration testing
• Transition into a leadership role and shape the cybersecurity strategy

International Experience

• Worked with international teams at Kordia adapting work styles to Australia and the U.S.
• Participate in global cybersecurity competitions

Complex Problem-Solving

• Handled high-pressure incidents involving global clients as a Cybersecurity Analyst
• Remediated after swiftly investigating a persistent APT threat targeting cloud assets
• Used Microsoft Defender, Sentinel, DarkTrace, and CrowdStrike to stop state-sponsored phishing campaign

Demonstrated Values in Action

• Committed to human rights, global security, and climate action while supporting mission
• Advocate for sustainable practices and cloud security solutions that support eco-friendly computing principles
• Contributed to cybersecurity awareness

Incident Management

• Detected malware by a Cassini CTI indicator in Sentinel and Defender and worked under pressure
• Expiro malware and control server were linked to endpoint device with suspicious processes and compromised credentials
• Other devices connected to suspicious domains, suggesting potential lateral movement
• Client confirmed unauthorized domains so they blocked them
• Anomaly detected by CrowdStrike, and has a 100% confidence abuse score on IPDB
• Contacted client to advise isolating server and blocking malicious ips

Conflicting Priorities

• At Kordia, simultaneously managed P1 and P2 incidents for multiple clients needing immediate attention
• Assessed each incident to see which posed the highest risk/urgent resolution
• Delegated tasks by teamwork and urgency

Security Vulnerabilities

• During the night shift, identified a high-priority (P1) security incident involving compromised user access
• The account had suspicious login attempts at multiple locations
• Senior advised to immediately contact client

Performance Management

• Discuss in a one-on-one conversation
• Communicate with team to figure out what is necessary to continue
• Communicate issue with the team leader

Complex Technical Issues

• Ability to explain impact of phishing attack and nation-state campaign
• Avoid jargon and utilize simple language

Working with International Teams

• Ensure to check time zones
• Supply clear concise details
• Be mindful of communication styes and cultural differences

Adapting to the Current Work Environment

• Transitioned from Altissan Confluence to ServiceNow
• Learn from training materials
• Simplify the work stream
• Stay efficient with workflows, be proactive and flexible

Risk, Vulnerability, and Threat

• Risk is an exploited vulnerability created by a threat
• Threat intelligence and vulnerability scanning to prioritize risks based on potential impact
• Threat = cybercriminal, insider threat or state-sponsored
• Use tools like NIST Cybersecurity Framework to account for vulnerabilities - minimized both preventatively and deductively
• Keep up-to-date on emerging risks by leveraging the NIST Cybersecurity Framework

Encryption

• Symmetric encryption via AES is efficient for large data volumes
• Private communication via RSA with asymmetric encryption
• Implement AES and RSA for MFAT

Incident Response

• Detection via Microsoft Sentinel
• Identify attack to confirm malware or ransomware and understand impact
• Isolate systems to prevent attack from spreading
• Remove malicious file and patch exploit vulnerability and ensure clean restart
• Use back ups to ensure all data is intact
• Lessons learned - conduct a review to implement additional safety

TCP Handshake and Network Security

• TCP is vulnerable to attacks such as SYN floods
• Use WireShark to detect attacks, implementing proper rate-limiting
• Need to ensure proper rate-limiting in firewalls

Emerging Threats and Remaining Informed

• Use AliensVault and MISP along with blogs like Dark Reading
• Patch systems and ensure back-up protocols are in place
• Assess potential

Global Environment

• Maintain secure policies and training for consistent communication and cybersecurity
• Adjust actions due to regional threat landscapes
• MFA, standardize VPN's and encrypt teams and training

Microsoft Sentinel and Defender

• Review alerts and patterns to improve analytics and playbooks

SIEM and IDS/IPS Tools:

• Analyze pattern trends and anomaly alerts to improve tool performance
• Prioritization of those that breach business impact quickly

Azure Cloud Security

• Skilled in Azure security principles
• Ensure identity and access management and multi-factor authentication
• Continously assess and monitor compliance

Mentorship

• Help create the training plan
• Helped junior analysts and reviewed alerts
• Structured the theoretical
• Helped with practical scenarios