[Check against delivery]
Good morning, welcome, and thank you to the organisers for this opportunity.
I am keen to engage more through forums like this, and others.
It is pleasing to see so many people here today, from right across the full span of what “intelligence” means in New Zealand. These conferences are an important element in helping build New Zealand’s intelligence community for the future. They provide a valuable opportunity for us all to see each other, to spend some time getting to know each other.
I’ve had a look at the programme for today, and it’s both broad and engaging. What a great range of speakers, and topics.
I am a new intelligence professional myself. This is my first public engagement as Director. Being so new means that I have a lot to learn, but it also means I have some first impressions of the GCSB and the wider New Zealand Intelligence that I am happy to share.
Firstly we need to look at our operating environment:
The intelligence community has an important role to play in protecting New Zealand, our people and our economy from these threats.
We need to ensure Government is well informed about the activities and intentions of foreign parties.
We need to protect our nationally significant organisations and information from cyber threats.
I also want to ensure there is time to be more interactive and to respond to your questions.
But before going further, I want to congratulate the participants in last night’s inaugural intelligence community awards.
I know my colleague Rebecca Kitteridge, Director of the NZSIS, spoke to you last night, and I share her view on the real value in being able to share and celebrate the great work this community does.
By necessity much of the work of our community needs to stay in the classified domain, however, these awards are an opportunity to show case outstanding work and be recognised by our peers. They provide a platform for demonstrating the value we provide to our customers and wider stakeholders.
Within my own organisation I am actively encouraging our leadership to look at our own activities from the perspective of awards such as these, other sector based awards and the broader Public Sector Excellence awards
The Bureau has three key functions:
The GCSB leadership team is currently working on a new detailed plan on how we deliver these against the background our strategic priorities:
Everything we do needs to be in accordance with the law and our international human rights obligations. It also needs to be proportionate, necessary and reasonable.
We do our work under an umbrella of a very strong legal compliance and oversight system. We are subject to a higher level of oversight than most of the State Sector agencies:
I want to ensure the Bureau is well positioned to respond to the contemporary threat scape and to deliver real value to the Government, our customers and the public of New Zealand.
To help achieve this I am focussing on:
Building public trust and confidence – talking more publically, and through the media about what we do, why it is important and how we are held accountable
Ensuring the Bureau and the wider NZIC effectively implement the new legislation (to be introduced later this year) and deliver on the capability we have just received new funding for
Increasing customer centricity – we will put the customer more at the centre of everything we do. Asking them what they want and involving customers in the design, delivery and evaluation of our products and services
Improving effectiveness by working with others – whether that is within the NZIC, other government agencies, private sector customers or our Five Eyes Partners
Building people capability - identifying, developing and deploying the people and leadership capability the GCSB needs, to ensure it is fit for the future in a very competitive and specialist labour market.
Delivering on major technology and change projects
Developing and maintaining effective relationships with key stakeholders including Ministers and my counterparts in overseas partner organisations.
Some of the Bureau’s activities are easier to talk about in a public forum than others. Cyber security is one of those, and we have a clear mandate to raise awareness across the Government and Private sectors of the importance of having an effective response to cyber threats.
Cyber security is an area where we are building capacity – both people and technical in delivering our information assurance and cyber security function.
Enhancing New Zealand’s cyber security is one of our key outcomes. It is reflected in our “Impenetrable Infrastructures” strategic outcome.
We do it against a backdrop which includes the National Cyber Security Strategy, the work of the Department of Internal Affairs and the Chief Government Information Officer, the National Cyber Policy Office and New Zealand Police. In the future there will also be the Computer Emergency Response Team (CERT) which is currently being worked on by MBIE
For the Bureau, particularly our National Cyber Security Centre, our focus is countering cyber-borne threats to organisations of national significance – e.g. to government departments, key economic generators, niche exporters, research institutions and operators of critical national infrastructure.
We assist others protect their own networks from the types of threats which are typically beyond the capability of commercially available tools.
As part of our cyber security function we are working across government and the private sector to implementing capabilities, namely CORTEX, to protect nationally significant organisations from advanced cyber threats.
CORTEX focuses on countering advanced foreign-sourced malware that is typically beyond the defensive capabilities of commercially available tools.
It helps protect against theft of intellectual property, loss of customer data, destruction or dissemination of private communications, holding data for ‘ransom’ and damage to IT networks and services.
CORTEX operates with the explicit agreement of the organisations that are protected.
We will soon pilot an arrangement, called Malware Free Networks, whereby we share cyber threat information with an ISP so that the ISP can actively mitigate advanced malware that is targeting a small subset of its customers.
Under this pilot arrangement the benefiting ISP’s customers must be aware of GCSB’s support to the ISP.
GCSB will not receive the Internet traffic of the participating ISP or of any of its customers
It is useful to give some context to this by looking at the number and nature of the threats we are being made aware of.
We have a voluntary reporting regime and the threats recorded here are just those reported to us or detected by our own capabilities.
In the 12 months ending 1 April 2016, 316 cyber incidents were logged by the National Cyber Security Centre (NCSC), the part of GCSB that operates the CORTEX capabilities. This compares with 190 for the twelve months ending 30 June 2015.
In a typical month GCSB:
Over the last 12 months the requests have been as much from private sector firms as government agencies. The organisations in question have included financial institutions, ISPs and tertiary institutions.
Examples of recent cyber incidents reported to NCSC include:
I mentioned the CERT earlier. Part of the New Zealand Government response to cyber threat is the establishment of a Computer Emergency Response Team.
The proposal to establish a CERT was announced by the Minister for Communications, Amy Adams, in December last year. At the Cyber Security Summit in May the Prime Minister announced the Government’s investment of $22.2 million over the next four years to establish a national CERT and the Minister for Communications provided an outline of the CERT NZ functions. The CERT will be a central part of New Zealand’s cyber security architecture.
CERT NZ will initially be housed as a branded unit within the Ministry for Business Innovation and Employment, but it will develop beyond that over time.
The CERT will provide an initial point of advice and contact for people and organisations who have been, or could be, affected by cyber harm.
While NCSC provides this support for significant national infrastructure and organisations affected by advanced malware, the CERT will “fill the gap” for other victims of cyber threat, from individuals and families to SMEs and larger organisations.
CERT NZ will also act as a point of contact and information sharing with similar overseas based organisations, and maintain close links with Police, the NCSC, the Department of Internal Affairs, NGO organisations, private sector and academic institutions.
The work of the CERT will be complementary to that undertaken by the National Cyber Security Centre and the relationships and capabilities operated under the CORTEX banner.
Current plans are that CERT NZ will be operational in the first quarter of 2017.
The CORTEX initiative and the work of the National Cyber Security Centre is just one aspect of the GCSB’s broad information assurance role.
The IACD does more than just cyber security in the generally accepted sense of the term.
Some of the other things you might not know about include:
All this work requires highly skilled and talented people – people whose skills and experience are in high demand across both government and the private sector.
We also do our work in an increasingly “joined up” way – working with other Government organisations and particularly the intelligence community.
We have just recently completed a New Zealand Intelligence Community four year plan (2016 – 2020) – an unclassified version of this is already in the public domain through the release of the 2016 budget documents.
The plan is a reflection of how we are taking a more joined up approach to national security
It sets our collective goal to be - an agile, customer-focussed community that can sustainably meet the Government’s protective security and intelligence priorities
We have committed to achieving this through a focus on our key customers – Ministers, Government Agencies, Business and New Zealanders.
The plan focusses on delivery in three areas:
While the Bureau, Service and the Security & Intelligence Group of DPMC each have separate goals within the plan we have jointly committed to a range of outcomes.
I want to close by talking about our people and the common interests and challenges we have across the intelligence and information assurance community to recruit and retain the bright talented people whose skills are in much demand across both government and the private sector.
I know Rebecca mentioned to you last night our NZIC recruitment proposition – Beyond Ordinary. We are at a very early point in our development and use of this “Brand Proposition” which plays on the point that we do things in our community which go beyond ordinary roles, and that we are seeking extraordinary people to fill those roles.
The proposition recognises that while we may not necessarily be able to compete with the market in some areas, there are aspects of our work which provide a different “value proposition” which will appeal to some people.
While there is a “competitive” aspect to this – as there is across the recruitment and employment market there is also real potential for those of us in the sector with a common interest in security to explore ways we can collaborate to ensure talent is attracted and retained.
This could be around working together to encourage our schools and tertiary institutions encourage more students into science, technology, engineering and mathematic related (STEM) courses and to promote greater diversity in our organisations, so we better reflect the communities we service and to foster better decision making through more diverse perspectives.
Or, it might be about looking at increasing mobility and capacity within our workforces – providing opportunities for staff (with the right level of clearance) to move between positions within the broader security sector and the intelligence community – helping improve the understanding of both groups along the way.
These are interesting challenges and I look forward working with my colleagues in the intelligence community to engage more broadly with the sector to find innovative responses to them.