16 July 2021
Scott
By email:
[FYI request #15848 email]
Reference: OIA-2020/21-0696
Dear Scott
Official Information Act request relating to cyber security
Thank you for your request made under the Official Information Act 1982 (the Act) received on 21 June
2021. You requested:
“…ONE: I request a copy of the evaluation report and corrective action plan for the DPMC-led
cyber security incident response exercise ACTUATOR, conducted November 2018 through the
National Exercise Programme.
TWO: The Cyber Security Strategy Action Plan 2016 mandates “twice yearly inter-agency
exercises, including with the private sector and international partners.”
I request the following information for every inter-agency cyber security exercise conducted
since the beginning of 2019:
- The name of the exercise
- The date it was conducted (month and year)
- The identity of every participating agency or organisation
- A description of the scenario covered
THREE: The Cyber Security Strategy 2019 mandates the production of an annual Cyber
Security Strategy work programme. I request a copy of the latest work programme.
FOUR: I request a copy of the Cyber Security Emergency Response Plan…”
I have decided under section 15A of the Act to extend the time limits for responding to your request
by an additional 20 working days. Consequently, the extended due date for your response will be
16 August 2021. The extension is required because further consultations are needed in order to make
a decision on your request. Despite this, a response will be sent to you as soon as possible.
You have the right to ask the Ombudsman to investigate and review my decision under section 28(3)
of the Act.
Yours sincerely
Sarah Corbett
Manager, Ministerial and Business Services
Executive Wing, Parliament Buildings, Wellington, New Zealand 6011
4407291
64 4 817 9700 Facsimile 64 4 472 3181 www.dpmc.govt.nz