Information Assurance (IA)
As communications technologies advance, the need to protect information carried by those technologies also grows.
There are two main reasons to protect information. Firstly the confidential information of the Government of New Zealand needs to be protected from unauthorised disclosure. This means that Government departments can communicate information securely. Secondly there is a requirement to protect information and infrastructure from corruption by malicious 'attack', the most common form of which is the humble computer virus.
The Information Assurance (IA) function of the GCSB relates to the protection of information that is processed, stored or communicated by electronic or similar means and includes:
- the formulation of communications and security policy;
- the promulgation of standards;
- the provision of material, advice and assistance; and
- IA assessment and inspection services for government departments and authorities.
These functions incorporate and expand on the more traditional functions of Communications Security, Computer Security, and Technical Security.
In August 2001 the Government extended the functions of the GCSB to include co-ordination, support and advice to critical infrastructure owners regarding cyber-threats and vulnerabilities. The unit, called the Centre for Critical Infrastructure Protection (CCIP), primarily assists organisations in the Energy; Emergency Services; Banking and Finance; Government; Transport; and Telecommunications sectors.
In October 2011, the role of the CCIP was absorbed by the National Cyber Security Centre (NCSC). The NCSC provides enhanced services to government agencies and critical infrastructure providers to assist them to defend against cyber-borne threats.
The GCSB also contributes to several e-Government initiatives.
When implementing IT infrastructure changes the GCSB recommends consideration of IA Standards & Best Practices.