SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image

New Zealand completes cyber security review after IPAC threats

Mon, 15th Jul 2024

The National Cyber Security Centre (NCSC) of New Zealand's Government Communications Security Bureau (GCSB) has completed a review of its practices and procedures in response to reports of malicious cyber activity targeting members of the Inter-Parliamentary Alliance on China (IPAC). The review emphasises the need for a more comprehensive approach to dealing with cyber security incidents, extending beyond mere technical responses.

The assessment was initiated by GCSB's Deputy Director-General Cyber Security, Lisa Fong. Fong indicated that the purpose was to identify areas for improvement and to update current procedures where necessary. The review covered a broader range of incidents and practices, not just the specific IPAC incident.

"I initiated the review to identify areas for improvement, including where current NCSC procedures and practices could be updated," said Fong. "The review was broader than the specific incident."

The review was conducted by senior staff from the NCSC's Cyber Defence Operations branch and included input from the New Zealand Security Intelligence Service, New Zealand Police, and the Parliamentary Service. It considered views from IPAC members and the Minister Responsible for the GCSB.

"The review showed there were aspects of the NCSC's practice that could be improved," Fong stated. "The NCSC did not identify any information to indicate the activity resulted in a successful cyber security compromise but did identify a number of phishing emails sent to parliamentary email addresses."

One of the key recommendations from the review was to ensure the NCSC considers the wider implications of cyber security incidents rather than focusing solely on the technical response. This includes engagement with individuals targeted by foreign state-sponsored actors and reaffirming the approach to briefing incidents to the Minister Responsible for the GCSB and the Minister's office.

The report highlighted the necessity for a more nuanced strategy that includes both preventative and responsive measures, encompassing technical assessments and broader security implications. Copies of the review have been provided to the GCSB Director-General, the Minister Responsible for the GCSB, and the Inspector-General of Intelligence and Security.

The review and its findings underscore the evolving nature of cyber threats and the importance of adaptive and thorough response frameworks. The NCSC is expected to integrate these recommendations into its operational procedures to strengthen overall cyber security measures in New Zealand.