Story image

GCSB and NZSIS bring new Minister up to speed with NZ's state of security

13 Dec 17

The Government’s new Minister responsible for the GCSB and NZSIS, Andrew Little, has been briefed on his new role by the agencies, according to an unclassified and heavily redacted briefing document released publicly.

The Briefing to the Incoming Minister document includes the purpose of both the Government Communications Security Bureau (GCSB) and the New Zealand Security Intelligence Service (NZSIS), as well as a look at the threat landscape, key international partnerships and agency functions.

Both agencies, along with the Security and Intelligence Group, work together as the New Zealand Intelligence Community (NZIC).

The briefing says that the NZIC started a ‘transformational change’ programme in 2016. The four-year project will focus on how to rebuild itself as a “modern, connected, customer-centric, and effective security and intelligence agencies that have earned the trust and confidence of New Zealanders”.

The briefing mentions four key national security threats, of which three are revealed in the unclassified document: cyber threats, violent extremism and espionage.

“New Zealand faces both direct and indirect cyber threats. Direct threats deliberately target New Zealand, such as cyber espionage targeting New Zealand government departments. Indirect threats include, for example, indiscriminate cyber operations that do not target New Zealand but can harm us nonetheless,” the briefing says.

Cyber threats mentioned in the briefing include NotPetya and WannaCry, as well as ‘indiscriminate phishing and scanning by state-sponsored actors’. The details are not revealed in the unclassified briefing.

 “In these instances, the impact on New Zealand was limited but the potential for future events of this kind to have a domestic impact is high.”

Violent extremism directly references the Islamic State of Iraq. It mentions that between 30-40 people have been listed on the NZSIS’s counterterrorism register at any one time.

Very little was revealed about the state of espionage in New Zealand, except for hints that show it is happening.

“Such activities in New Zealand over the past year have included attempts to access sensitive government and private sector information, and attempts to unduly influence expatriate communities,” the briefing states.

While little public information is revealed about the GCSB and NZSIS’s international partnerships, the briefing clearly states that they must act within New Zealand law, human rights obligations and the country’s national interests.

The briefing mentions the Five Eyes partnership, which has been a significant force in intelligence since World War II.

The GCSB’s Security Operations Centre explicitly states that it does not conduct mass surveillance on New Zealanders.

“New Zealand does not undertake any “mass surveillance” of New Zealanders, such as the active monitoring of emails, phone calls and internet use of the populations. We do not have the legal authority, capability or interest to undertake such activity. Both the 2015 Independent Review of Intelligence and Security in New Zealand, and the IGIS have looked at the matter and confirmed this to be the case.”

“The previous legal position, under the GCSB Act 2003, was that in pursuing its foreign intelligence function, GCSB could not do anything for the purpose of intercepting the private communications of New Zealand citizens or permanent residents, except where they were acting as agents or representatives of a foreign person or organisation. The ISA amends this position but puts in place strict warranting requirements before this can occur.”

As for the health of the GCSB and SIS as government agencies, the briefing describes GCSB as being an agency that provides fulfilling career options to its 400 employees.

It notes that in a recent staff engagement survey, the GCSB was positioned in the top 25% of public sector agencies, but there is still work to do in the areas of gender equality.

“While women are well represented in GCSB at senior level, and our gender pay gap is less than the wider State sector average, overall only 36% of our workforce is female. We recently agreed an action plan to increase female representation in GCSB and reduce our gender pay gap by half within a year,” the briefing notes.

The NZSIS is described as, “Now better positioned to deliver on investment committed in 2016, and meet the challenges of New Zealand’s evolving national security environment. The nature of our work, and the significant amount still to be done, mean however that risks will always remain.”

It has close to 300 full time equivalent staff, but is ‘less ethnically diverse’ than the wider Public Service.

The document goes on to explain many of the GCSB and NZSIS's core functions, concerns and achievements.

Read the unclassified Briefing to the Incoming Minister Responsible for the GCSB and SIS document here.

What MSPs can learn from Datto’s Channel Ransomware Report
While there have been less high profile attacks making the headlines, the frequency of attacks is, in fact, increasing.
Cisco expands security capabilities of SD­-WAN portfolio
Until now, SD-­WAN solutions have forced IT to choose between application experience or security.
AlgoSec delivers native security management for Azure Firewall
AlgoSec’s new solution will allow a central management capability for Azure Firewall, Microsoft's new cloud-native firewall-as-a-service.
Kiwis losing $24.7mil to scam calls every year
The losses are almost five times higher compared to the same period last year, from reported losses alone.
How to configure your firewall for maximum effectiveness
ManageEngine offers some firewall best practices that can help security admins handle the conundrum of speed vs security.
Exclusive: Why Australian enterprises are prime targets for malware attacks
"Only 14% of Australian organisations are continuously training employees to spot cyber attacks."
Exclusive: Why botnets will swarm IoT devices
“What if these nodes were able to make autonomous decisions with minimal supervision, use their collective intelligence to solve problems?”
"Is this for real?" The reality of fraud against New Zealanders
Is this for real? More often than not these days it can be hard to tell, and it’s okay to be a bit suspicious, especially when it comes to fraud.