The New Zealand Government has had a signals intelligence (SIGINT) capability since the Second World War. It has also long recognised the need to ensure that it was protected from “bugging” (technical security, or TECSEC) and that its sensitive messages could not be read by third parties (communications security, or COMSEC). Until the establishment of the GCSB, these services were provided by bodies such as the New Zealand Defence Force and the New Zealand Security Intelligence Service (NZSIS). In 1977, the then Prime Minister, Robert Muldoon, approved the formation of the GCSB, but its functions and activities were kept secret.
In 1980 it was decided that the existence of the GCSB could be disclosed on a limited basis, leading to the first briefings of the Cabinet and the Leader of the Opposition. These briefings only acknowledged the GCSB’s TECSEC and COMSEC functions, but not its SIGINT functions. Prime Minister Muldoon publicly acknowledged the existence of the GCSB and its SIGINT function in 1984.
In early 2000, it was decided that the GCSB should be placed on a statutory footing similar to that of the NZSIS, and a legislative process, including public consultation, began.
In 2001, the Centre for Critical Infrastructure Protection (CCIP) was established to work with the New Zealand Government and critical national infrastructure agencies to improve their awareness and understanding of cyber security in New Zealand, provide them with watch and warn advice in relation to cyber incidents, and investigate any such incidents that occurred against them.
On 1 April 2003, the GCSB Act took effect. In June 2003, Cabinet formalised the role of the GCSB as the national authority for signals intelligence and information systems security.
In June 2011, New Zealand’s Cyber Security Strategy (NZCSS) was published and allocated responsibility for cyber security to selected government agencies. As part of the NZCSS, a National Cyber Security Centre (NCSC) was established within the GCSB in September 2011, and absorbed the functions of the CCIP.