SecurityBrief New Zealand logo
New Zealand's leading source of cybersecurity and cyber-attack news
Story image

The who’s who of NZ’s government & public cybersecurity agencies

By Sara Barker
Thu 30 Sep 2021

Aotearoa, New Zealand, is a young nation cutting its teeth on innovation and digital capabilities. Our tech sector is growing; our people use digital tools in business and at home to explore and invent. But, with every new technology-enabled path we forge, we must also defend ourselves from cyber threats and exploitation. New Zealand’s national cyber defence involves many agencies and strategies. Here we take a look at some of the main players.

Government ministers, policies, and legislation

The New Zealand Government has two primary Ministers responsible for technology and security: Andrew Little, Minister for the GCSB and NZSIS, and David Clark, Minister for the Digital Economy and Communications. They are involved in developing New Zealand’s cybersecurity policy with the help of the Government's chief information security officer/GCSB director-general Andrew Hampton and the broader Government. In addition, The ICT Security and Related Services Panel enables commercial organisations to supply security services to the Government to protect New Zealand’s cybersecurity and defence.

Clark, Little, and their predecessors in previous governments have put significant effort into protecting New Zealand against security threats through the National Cyber Policy Office, established in 2012. In addition, there are specific forms of legislation and policies to plot New Zealand's cybersecurity journey. The most notable of these is the Cyber Security Strategy launched in 2011 and was updated until 2019. The Government also follows the Cyber Security Emergency Response Plan (CSERP), which was last updated in July 2021.

The CSERP outlines the government response to a cybersecurity emergency in terms of roles and responsibilities, the private sector’s understanding of the government approach, an effective and coordinated response, and the swift restoration of services and operations. The CSERP focuses on five principles: Cooperation, coordination, sustainability, timeliness, and trust. The CSERP is also activated when the National Cybersecurity Centre (NCSC) or CERT NZ identifies a cybersecurity emergency based on reports from partners, the public, or technical capabilities that identify threats that could lead to an emergency.

The Government Communications Security Bureau (GCSB)

Currently led by Director-General Andrew Hampton, the GCSB has been operating since 1977. However, the modern form of the GCSB started to take shape in 2003 when it became a public service under the Government Communications Security Bureau Act 2003. Since then, the bureau has continued to build out its capabilities whilst administering the network security provisions of the Telecommunications (Interception Capability and Security) Act 2013 and delivering its mandate under the Intelligence and Security Act 2017.

The GCSB was drawn into the public eye after attacks on its Waihopai spy base in 2008 and its involvement in the Five Eyes intelligence network. However, the GCSB’s remit is much broader than these incidents. Essentially, the GCSB exists to protect New Zealand from threats, both online and offline. 

Hampton explains, “We have two primary missions. One is intelligence gathering or signals intelligence, which is generally foreign intelligence. We do that by electronic means, following priorities set by Government. This means finding out about global and national issues that are relevant to New Zealand decision-makers."

“The other role we have relates to the NCSC, specifically cybersecurity and information assurance for organisations of national significance. We don’t provide the country’s firewall, and we don’t duplicate services provided by the commercial providers. Instead, we help to protect organisations of national significance from advanced persistent threat actors."

“There is a relationship between those two missions: the fact that we are an intelligence bureau means that we have access to legal authorities, partner relationships and technologies. These give us more capabilities in cybersecurity that other organisations may not be able to achieve.”

The GCSB is also involved in security risk assessments for new technologies such as 5G and even space launches under the The Outer Space and High-altitude Activities Act 2017. For example, in the last year alone, the GCSB assessed 24 space-related activities from New Zealand - these assessments covered launches, payloads, and high-altitude vehicles.

“If anyone wants to launch a space vehicle from New Zealand, we need to assess the payload. This is to make sure there are no national security risks,” says Hampton.

New Zealand’s National Cyber Security Centre (NCSC)

The NCSC was launched in 2011 and led by Lisa Fong since 2016. It operates within the GCSB to protect and provide incident response for New Zealand’s most significant public and private sector organisations from cyber threats. 

These organisations can include government departments, telecommunications companies, transport and energy companies, and much more. In 2018 there were more than 250 organisations in New Zealand classified as being of national significance. The NCSC provides advisory services, support, advice and education for these organisations. It also collaborates with the information security community, technology industry and Government.

The NCSC runs a malware detection and disruption service called Cortex. While Cortex's inner workings remain classified, it leverages threat intelligence from a range of sources to protect a select group of New Zealand organisations. Cortex is an ambitious service that is still shrouded in secrecy. Still, its prowess is apparent: In 2018, Cortex won two awards. The iSANZ Awards dubbed Cortex ‘Best Security Project’ and the Institute of Public Administration (IPANZ) recognised Cortex in the Excellence Award for Building Trust and Confidence in Government.

“Much of what we do is classified by necessity so it was fantastic to be able to win awards that recognise the services we provide to ultimately protect organisations and New Zealanders,” says Hampton.

Malware-Free Networks is a threat detection and disruption service similar to Cortex, but it is more widely available through cybersecurity providers and managed service providers. It also provides a curated threat feed informed by information from various sources, including classified ones, from the NCSC and its partners. Malware-Free Networks protects all organisations of national significance.

The service has been live since June, and the NCSC is working with network operators and commercial security service providers to enable the Malware-Free Networks service to be offered to their existing customers and accessible within the IT security market to new customers.

The NCSC’s Cortex and Malware Free Networks services aren’t available to every New Zealand business or individual. So who else can help out when an incident happens? CERT NZ is the next port-of-call.

A CERT is a Computer Emergency Response Team. CERT New Zealand (CERT NZ) was established in 2016 as an agency that provides security updates, and it investigates and reports security risks to businesses, IT teams, and individuals.

CERT NZ works with other government agencies and other CERTS worldwide, such as AusCERT (Australia), HKCERT (Hong Kong), and US-CERT (the United States). 

The agency also partners to share intelligence, update and technical advice alongside the Department of Internal Affairs, the NCSC, the New Zealand Police, Netsafe, and international partners in Australia, the United States, Canada, and the UK. In addition, CERT NZ runs a Pacific Partnership Programme that supports Pacific countries to build their cybersecurity capabilities. 

CERT NZ director Rob Pope explains, “We help protect people in three main ways: We analyse the international cybersecurity landscape for what threats and vulnerabilities are relevant to New Zealand, and pass on these warnings so that others can be vigilant. Secondly when an incident occurs, we are there for people to report to so we can offer our trusted and expert information and advice to help them deal with and recover from the attack. Lastly, we raise awareness of cybersecurity impacts and deliver up to date, actionable advice on cybersecurity best practice.”

Pope says ransomware is amongst the most disruptive types of attacks in New Zealand and worldwide. Still, there are also lessons to be learnt from the speed at which attackers can exploit software vulnerabilities to conduct attacks. Every three months, CERT NZ publishes a Quarterly Report, which touches on the most commonly reported security incidents. 

“The pressure is on organisations to be able to get their software updated before they can be impacted. Cybercrime is opportunistic and we see small to medium businesses being targeted frequently, and in the current economic climate as budgets are tightly constrained, often cybersecurity might seem like a line item organisations struggle to afford.”

Pope believes it’s important for businesses and New Zealanders to report cyber attacks or online fraud quickly.

“Incident reports are important because we can offer immediate support to help understand, mitigate and recover from cyber attacks. We can act as a triage service, putting people in touch with the right law enforcement contacts, and advising where to turn for IT help.”

CERT NZ treats all reports as confidential, and those submitting reports need only share as much as they feel comfortable.

He adds, “We are seeing attitudes move away from the ‘shame’ of being a victim of a cyber attack and people becoming more willing to report them and ask for help. The more reporting done, the more awareness and knowledge we're building, and the more we're helping each other to keep secure online.”

You can report cyber attacks, security breaches or online fraud at

New Zealand Police

The NZ Police Cybercrime unit was created in 2009. Back then, its focus was to coordinate the response to technically complex crimes. It had a dual reactive and proactive focus on these crime types. Five years later, the unit expanded to cover complex and serious cybercrime, including the Cryptopia theft and the recent Waikato District Health Board ransomware attack.

The team works closely with other New Zealand agencies, including the NCSC, CERT NZ, Netsafe, the Department of Internal affairs, and international partner organisations like INTERPOL and other like-minded law enforcement agencies. 

The Police Financial Crime Group Asset Recovery Unit has also been involved in investigating money laundering and cybercrime when New Zealand organisations get caught up in the mess. A prime example of this type of event is the Canton Business Corporation and BTC-e investigation, which resulted in the largest restraint of funds (NZ$140 million) in New Zealand Police history.

“New Zealand Police recognises cybercrime is a growth area which requires a targeted and meaningful response. We are continually working to strengthen the strategies Police use to address this type of offending,” says NZ Police Cybercrime Unit detective senior sergeant Greg Dalziel.

Dalziel echoes observations that ransomware attacks, cryptocurrency scams and business email compromise scams are becoming more common.

“Outside of this there are the volume crime cases where the losses are smaller, and often not connected to a particular campaign, hitting New Zealand."

"Prevention messaging remains a key response to cyber enabled crime. There is often a user interaction that results in the loss, and if we can prevent this occurring, we can stop a crime before any loss occurs.”


Netsafe is a charity whose mission is to work with schools, parents, education providers, and the wider public. Netsafe aims to encourage positive use of technology, prevent online harm, and provide support for people who have negative and often devastating online experiences. The agency has been operating for 20 years and runs a confidential, free helpline and other services.

Netsafe CEO Martin Cocker says, “Individuals are never more than a few clicks away from trolls, bullies, scammers, objectionable content and a range of other unpleasant online experiences. According to Netsafe’s research, one in five adults and nearly twice as many young people received a digital communication that had a negative impact on their life."

“Our job is to make it easier for people to enjoy the opportunities being online offers and to help them if something goes wrong. We do this by providing free support, advice and education, and by working collaboratively with the community, tech industry and Government.”

Netsafe and its collaboration partners strive to achieve the best outcomes for New Zealand. The agency is involved in everything from the Facebook Safety Advisory Board and the Twitter Trust & Safety Council to working groups such as the Global Internet Forum to Counter Terrorism (GIFCT), the NZ Pornography Working Group, and many partners in between.

Over the last couple of years, Netsafe noted a rapid uptake in technology during the pandemic, which has produced benefits and downsides for New Zealanders. Unfortunately, the negatives added to existing anxiety about health, stress, and physical separation. Cocker says that during this time, many people contacted Netsafe for self-help and incident support. Unfortunately, these experiences have sometimes resulted in physical, financial, and psychological harm, decreased user confidence, and undermined the digital economy and social investment.

“Some of the main threats facing the community relate to misinformation, the need to build resiliency, and providing equal access to content. Large parts of the internet function as an egalitarian platform. This means that the infrastructure of the internet treats the information it delivers as functionally equivalent,” he says.

In other words, the internet can present a scam and a genuine service alongside each other almost in the same breath. Fringe ideologies can divide people and also create their own communities. While the internet does have platforms, moderators and online safety mechanisms, they can’t always catch content designed to misinform or misdirect people.

“With more and more contentious issues debated online, many of these centring around internet technologies themselves, it takes a team effort to support people who have been the subject or recipient of this content and to better develop tools and processes to reduce this in the long term,” says Cocker.

"Aotearoa New Zealand’s digital society is full of challenges, and some are highly complex – but there are organisations people can turn to for help. There are processes, systems, self-help advice and tools that work – if only we can connect people to them fast enough.”

You can report an online safety incident on Netsafe's website at

New Zealand’s cybersecurity sector - diversity, pathways, and careers in homegrown tech

One of the most important ways to develop New Zealand’s cybersecurity capabilities is through fresh thinking, recruitment, and skills development. But this can be difficult - the world is facing a technology skills shortage, especially in cybersecurity. Private organisations and universities also offer scholarships and degrees, but what are our government agencies doing to help?

As an equal opportunity employer, The GCSB runs initiatives such as the Gender Pay Gap Action Plan and Diversity and Inclusion Strategy to attract more women, Māori, Pacific and Asian peoples within the GCSB and NZSIS. If that wasn’t enough, the GCSB also runs Women in STEM scholarships to help pave the way for STEM careers and within the GCSB itself. To top it off, The GCSB received the Rainbow Tick for diversity and inclusion.

Hampton says diversity and inclusion are important to the GCSB - as they should be for any organisation. The cybersecurity industry is facing challenges that require many different perspectives to solve. Diversity is not just about the usual things like gender, ethnicity, or sexuality - it also means different ways of thinking. Groupthink, Hampton says, is not welcome.

The GCSB is also growing as the Government invests more in New Zealand’s security. That means the bureau needs to represent the very New Zealanders it serves. 

“Organisations like ours operate in secret by necessity, but it’s also important that we’re open to people with different views and different perspectives, and that we reflect New Zealanders. That’s what we try to achieve through our recruitment.”

“Cybersecurity is a great career to pursue, particularly when there is a skills shortage. If you’re after job security and if you want an in-demand role, cybersecurity is a great fit. It helps if you have a technical background so STEM (science, technology, education and mathematics) subjects are important, but you also need to balance that with curiosity, an understanding of context, and a keenness to learn.”

He continues, “Cybersecurity doesn't exist in isolation. It's actually something that should be pervasive in business and in society. Even if your aspiration isn't to have a career in cybersecurity, learning something about it's going to be important for whatever job you do because it's likely to involve technology in some form or another. Technology also creates a whole lot of risk and so having some understanding of that and how to manage it will be important whatever you choose.”

Rob Pope adds on behalf of CERT NZ, “The best way to get involved is to find your local cybersecurity community groups. Often there will be technical or social meetups. These are excellent ways for people looking to join the field to learn from people involved in the industry and get advice on how to move into cybersecurity as a career path. There are also tertiary study options now.

“The other important thing is to just be curious, as there are a wealth of resources available to learn about cybersecurity available, and anyone can dive in and begin learning about the field.”

Public Interest Journalism Fund logo
Public Interest Journalism funded through NZ On Air.
Related stories
Top stories
Story image
What every CISO must answer to enable a best-in-class security operations program
It has been widely reported recently that South Australian government employees have been the victims of a cyberattack.
Story image
Identity and Access Management
The post-pandemic workforce requires secure IAM capabilities
HID Global discusses what identity and access management means for organisations in today's convoluted digital world.
Story image
BYOD / Bring Your Own Device
How zero trust can lead the battle against ransomware
SecOps teams champion a zero trust strategy to support the fight against the escalating risk of cybercrime and help monitor threat actors across a network.
Story image
Elevation of Privilege the top 2021 Microsoft vulnerability
BeyondTrust has released its 2022 Microsoft Vulnerabilities Report, finding that Elevation of Privilege is the top vulnerability category for the second consecutive year.
Story image
Vectra AI
Understanding the weight on security leader’s shoulders, and how to shift it
Millions of dollars of government funding and internal budgets are being funnelled into cybersecurity to build resilience against sophisticated threats, indicating how serious this issue has become.
Story image
Managed service provider
Barracuda MSP Day 2022 highlights MSP opportunities
Barracuda Networks has released a report showing global services-related MSP revenue is set to increase by more than a third in 2022 compared to 2021.
Story image
Cybersecurity prompts upgrade for 1.3 billion electricity meters
ABI Research finds Advanced Metering Infrastructure (AMI) and cybersecurity concerns are prompting the upgrade of 1.3 billion electricity meters by 2027.
Story image
Vishing attacks reach all time high - Agari and PhishLabs
"Hybrid vishing campaigns continue to generate stunning numbers, representing 26.1% of total share in volume so far in 2022."
Story image
Let’s clear the cloud visibility haze with app awareness
Increasingly, organisations are heading for the cloud, initiating new born-in-the-cloud architectures and migrating existing applications via ‘lift and shift’ or refactoring.
Story image
Employees on the frontline of cyber defense - report
In the first quarter of 2022, employees found themselves more than ever at the frontline of cyber defense, according to a new report from Kroll. 
Story image
Global cybersecurity insurance market worth $11.5b this year
Future Market Insights finds the cybersecurity insurance market is expected to reach USD$11.5 billion in 2022, growing to $61.2 billion in 10 years.
Story image
Supply chain
Jetstack promotes better security with supply chain toolkit
The web-based resource is designed to help organisations evaluate and plan the crucial steps they need to establish effective software supply chain security.
Story image
Data Protection
Barracuda launches new capabilities for API Protection
"Every business needs this type of critical protection against API vulnerabilities and automated bot attacks," Barracuda says.
Story image
New Relic
New Relic launches vulnerability management platform
New Relic has introduced New Relic Vulnerability Management to help organisations find and address security risks faster and with greater precision.
Booster Innovation Fund. A fund of Kiwi ingenuity – for Kiwi investors.
Link image
Story image
Silver Peak
The path to an adaptive, modern network
Managing and securing the network looks different than it did just two years ago—especially given that most of these networks are made up of multi-generations of infrastructure stitched together over time.
Story image
Asia Pacific plagued by sophisticated bad bots - report
The three most common bot attacks were account takeover, content or price scraping, and scalping to obtain limited-availability items.
Story image
Ponemon Institute
Email revealed to be riskiest channel for data loss
More than half (60%) of organisations experienced data loss or exfiltration caused by an employee mistake on email in the last 12 months.
Story image
Tech job moves - Forcepoint, Malwarebytes, SolarWinds & VMware
We round up all job appointments from May 13-20, 2022, in one place to keep you updated with the latest from across the tech industries.
Story image
Artificial Intelligence
Gartner reveals top three tech trends for banks this year
Gartner says generative artificial intelligence, autonomic systems and privacy-enhancing computation are gaining traction in banking and investment services.
Story image
Accenture - a collective security approach a driving factor for cyber resilience
With the approaching Davos World Economic Forum upon us, it is even more imperative to discuss the impact of cybersecurity on business operations leading into the future.
Story image
More than 40% of banks worried about cloud security - report
Publicis Sapient's new report finds security and the lack of cloud skills and internal understanding of business benefits are big obstacles for banks moving to the cloud.
Story image
Infosec unveils role-guided cybersecurity training roadmaps
Infosec Skills Roles maps hands-on training and certifications to the 12 most in-demand cybersecurity roles to maximise training efficiency.
Story image
ChildFund launches new campaign to protect children online
ChildFund says WEB Safe & Wise aims to protect children from sexual exploitation and abuse online while also empowering them to become digitally savvy. 
Story image
APAC ranks third-highest region targeted by ransomware
Asia Pacific has ranked the third-highest region globally to be targeted by ransomware, according to cybersecurity firm Group-IB.
Story image
Qualys updates Cloud Platform solution with rapid remediation
The new update is designed to enable organisations to fix asset misconfigurations, patch OS and third-party applications, and deploy custom software.
Story image
Data Protection
Information management capabilities to meet privacy requirements
Organisations with customers or operations across more than one country face a spate of new and proposed privacy and data protection laws.
Story image
Trojan cyber attacks hitting SMBs harder than ever - Kaspersky
In 2022 the number of Trojan-PSW detections increased by almost a quarter compared to the same period in 2021 to reach 4,003,323.
Story image
WhatsApp and QR codes the next scam threat - report
KnowBe4 has warned it expects to see an increase in QR Codes and the WhatsApp chat platform being used for phishing and other scams. 
Story image
Comcast to use ThreatQuotient for cybersecurity operations
Comcast, the parent company of NBC Universal and SKY Group, has chosen ThreatQ Platform and ThreatQ Investigations to meet their cybersecurity needs.
Story image
Rubrik Security Cloud marks 'next frontier' in cybersecurity
"The next frontier in cybersecurity pairs the investments in infrastructure security with data security giving companies security from the point of data."
Story image
CERT NZ releases first Cyber Security Insights for 2022
CERT NZ has released Quarter One: Cyber Security Insights 2022, which offers an overview of reports about cybersecurity incidents affecting New Zealanders.
Story image
Sift shares crucial advice for preventing serious ATO breaches
Are you or your business struggling with Account Takeover Fraud (ATO)? One of the latest ebooks from Sift can provide readers with the tools and expertise to help launch them into the new era of account security.
Story image
Sysdig unveils new Kubernetes troubleshooting and cloud innovations
Sysdig has introduced two new innovations that look to help bolster cloud services and simplify Kubernetes troubleshooting.
Threat actors are exploiting weaknesses in interconnected IT/OT ecosystems. Darktrace illuminates your entire business and takes targeted action to stop emerging attacks.
Link image
Story image
APAC organisations fail to disclose ransomware breaches
85% of organisations in APAC were breached by ransomware at least once in the past five years, but only 28% publicly disclosed the incident.
Story image
New vulnerabilities found in Nuspire’s Q1 2022 Threat Report
“Threat actors are quickly adjusting their tactics and these exploits tend to get industry attention, but the threat posed by older and attacks still persists."
Story image
Maintaining secure systems with expectations of flexible work
Most office workers feel they've proved they can work successfully from home, and as much as employers try, things aren't going back to the way they were anytime soon.
Story image
Cloud Security
Aqua Security createa unified scanner for cloud native security
“By integrating more cloud native scanning targets into Trivy, such as Kubernetes, we are simplifying cloud native security."
Story image
i-PRO releases smallest AI-based surveillance camera on the market
The new i-PRO mini network camera is now available, with a pocket-sized form factor and full AI analytics functionality.
Story image
Noname Security partners with Netpoleon to target API issues
Specialist API security firm Noname Security has appointed Netpoleon as its distributor in Australia and New Zealand.
Story image
Amazon Web Services / AWS
RedShield leverages AWS to scale cybersecurity services
"Working with AWS gives RedShield the ability to mitigate significant application layer DDoS attacks, helping leaders adopt best practices and security architectures."
Story image
Customer experience
Gartner recognises Okta for abilities in Access Management
Okta has announced it has been recognised as a Customers' Choice for the fourth time in a row in the Gartner Peer Insights "Voice of the Customer" report.
Story image
Check Point
Check Point and CCTV expert join forces to boost protection
The partnership will involve Check Point Quantum IoT Protect Nano Agent being embedded in Provision-ISR’s CCTV cameras for on-device runtime protection.