Story image

Report finds GCSB in compliance with NZ rights

10 Dec 2018

Government Communications Security Bureau (GCSB) director-general Andrew Hampton welcomes the Inspector-General of Intelligence and Security finding it has sound compliance systems and processes for the fourth year in a row.

“The Inspector-General fulfils an important role. As our key oversight body, she helps to give the public confidence that everything we do is in line with priorities set by the Government, and in accordance with New Zealand laws and human rights obligations,” Hampton says.

“I am pleased to say that for the fourth year in a row the Inspector-General has given the GCSB its compliance tick of approval in her Annual Report.

“This follows on from the Inspector-General’s report about GCSB’s intelligence activity in relation to New Zealand’s interests in the South Pacific region. The report found the GCSB conducted itself appropriately and did not deliberately target the communications of any of the complainants. The report did not make any recommendations.

“Another area GCSB has regularly engaged with the Inspector-General has been on the implementation of our new legislation, the Intelligence and Security Act 2017. Establishing the systems, policies and processes that support staff to undertake their roles and be compliant with the new legislation has been a major undertaking.

“As with any new legislation, there isn’t existing case law which means extra care is required when establishing a working understanding of the law. When issues arose, we carefully considered the Inspector-General’s recommendations and observations in developing the new policies and processes required.

“When there is a lack of clarity about the interpretation of the law, as with any government agency, the GCSB relies on Crown Law for a definitive view.

“It has also been a significant year for the GCSB’s cybersecurity functions.

“Our cyber defence services called CORTEX took out two top awards. The first was the Excellence Award for Building Trust and Confidence in Government at the Institute of Public Administration (IPANZ). The second was Best Security Project at the Information Security Awards.

“Earlier in the year, the Government announced it would be expanding some CORTEX services to a much larger number of nationally significant organisations through a project called Malware-Free Networks (MFN). The expansion of MFN is a multi-year scale-up and will continue to keep us busy for some time to come.

“The GCSB published our first survey of cyber resilience in October, which continues our ongoing efforts to provide more information to the public about the threats New Zealand faces and our response.

“This year, the GCSB supported the Government in calling out malicious cyber activity carried out by-state sponsored actors. This included two attributions to Russia.”

Safety solutions startup wins ‘radical generosity’ funding
Guardian Angel Security was one of five New Zealand businesses selected by 500 women (SheEO Activators) who contributed $1100 each.
Industrial control component vulnerabilities up 30%
Positive Technologies says exploitation of these vulnerabilities could disturb operations by disrupting command transfer between components.
McAfee announces Google Cloud Platform support
McAfee MVISION Cloud now integrates with GCP Cloud SCC to help security professionals gain visibility and control over their cloud resources.
Why AI and behaviour analytics should be essential to enterprises
Cyber threats continue to increase in number and severity, prompting cybersecurity experts to seek new ways to stop malicious actors.
Scammers targeting more countries in sextortion scam - ESET
The attacker in the email claims they have hacked the intended victim's device, and have recorded the person while watching pornographic content.
Cryptojacking and failure to patch still major threats - Ixia
Compromised enterprise networks from unpatched vulnerabilities and bad security hygiene continued to be fertile ground for hackers in 2018.
Princeton study wants to know if you have a smart home - or a spy home
The IoT research team at Princeton University wants to know how your IoT devices send and receive data not only to each other, but also to any other third parties that may be involved.
Organisations not testing incident response plans – IBM Security
Failure to test can leave organisations less prepared to effectively manage the complex processes and coordination that must take place in the wake of an attack.