NCSC reveals unclassified look into New Zealand's cyber threat landscape
The GCSB’s National Cyber Security Centre (NCSC) has been doing its bit to protect New Zealand from cyber threats and it says it has reduced the impact of cyber threats by almost $40 million over the last year.
The NCSC works with New Zealand public and private sector organisations to protect information systems from cyber threats. It also provides incident response for incidents at a national level.
The NCSC released its 2016/2017 Cyber Threat Report last week, which reveals that there were 396 cyber incidents between July 1 2016 and June 30 2017 – 58 more than in the previous year.
211 incidents involved public sector entities; 146 involved private sector entities and 91 were classed as ‘other’. This includes incidents reported to NCSC, those detected through CORTEX and those from other channels.
One attack used a New Zealand’s organisation’s network to conduct a ‘significant cyber operation’ against a foreign organisation. The attackers had use a malicious Remote Access Trojan (RAT) to compromised the New Zealand organisation and the foreign target.
“The NCSC determined the New Zealand organisation was not targeted on their own merits and the compromise was likely opportunistic; analysis indicated the cyber actor exploited a weak password to gain access to the server. In this instance, the NCSC attributed the compromise to a foreign intelligence service,” the report reveals.
NCSC director Lisa Fong says that 122 incidents involve indicators that have previously been linked to state-sponsored actors, although the report stresses that attribution can be costly. It is only performed to its full extent in ‘the most serious incidents’.
The NCSC’s defences, collectively known as CORTEX, provides direct protection to ‘a targeted subset’ of New Zealand’s nationally significant organisations to reduce economic harm.
“The benefits of the capabilities are felt beyond the direct recipients of cyber defence services, as we are able to share the cyber threat information we obtain from their operation with a wider group of nationally significant organisations,” she explains.
She comments that development and implementation of advanced cyber threat detection and disruption capabilities has improved understanding of what threats target New Zealand’s critical systems.
The threat report found that potential harm could cost New Zealand $640 million annually. CORTEX was able to reduce harm by $39.47 million.
The CORTEX initiative has been active for the last three years and is designed to develop threat detection and disruption capabilities.
As part of the initiative, NCSC sought advice on how to develop a model that could pinpoint the total potential harm to the country’s significant organisations.
“The external model assesses the total potential annual harm from advanced threats targeting the full spectrum of our nationally significant organisations, to be around NZ $640 million annually,” she explains.
“Using the model, and our incident response data, we can calculate that the reduced harm benefit from the operation of our CORTEX capabilities is around $39.47m for the 2016-17 year.”
“We also analyse cyber threat information obtained through the operation of our capabilities, and use it to provide security advice and updates to our wider customers. The benefit of this broader advice is not included in the harm reduction benefit calculation," Fong concludes.
The NCSC also works with CERT NZ, NZSIS and the New Zealand police to protect the country from advanced cyber threats.
It also works closely with other cybersecurity agencies including the global CERT community, Australian Cyber Security Centre, the United Kingdom’s National Cyber Security Centre, Canada’s Communications Security Establishment and the United States of America’s National Security Agency.
NCSC says it aspires to a strategic goal of ‘impenetrable infrastructure’ by 2020.