GCSB has sound compliance systems and processes

Director-General of the Government Communications Security Bureau (GCSB) Andrew Hampton welcomes the Inspector-General of Intelligence and Security finding it has sound compliance systems and processes for the fourth year in a row.

“The Inspector-General fulfils an important role. As our key oversight body she helps to give the public confidence that everything we do is in line with priorities set by the Government, and in accordance with New Zealand laws and human rights obligations,” Mr Hampton said.

“That is why I am pleased to say that for the fourth year in a row the Inspector-General has given the GCSB its compliance tick of approval in her Annual Report.

“This follows on from the Inspector-General’s report about GCSB’s intelligence activity in relation to New Zealand’s interests in the South Pacific region. The report found the GCSB conducted itself appropriately and did not deliberately target the communications of any of the complainants. The report did not make any recommendations.

“Another area GCSB has regularly engaged with the Inspector-General has been on the implementation of our new legislation, the Intelligence and Security Act 2017. Establishing the systems, policies and processes that support staff to undertake their roles and be compliant with the new legislation has been a major undertaking.

“As with any new legislation, there isn’t existing case law which means extra care is required when establishing a working understanding of the law. When issues arose, we carefully considered the Inspector-General’s recommendations and observations in developing the new policies and processes required.

“When there is a lack of clarity about the interpretation of the law, as with any government agency, the GCSB relies on Crown Law for a definitive view.

“It has also been a significant year for the GCSB’s cyber security functions.

“Our cyber defence services called CORTEX took out two top awards. The first was the Excellence Award for Building Trust and Confidence in Government at the Institute of Public Administration (IPANZ). The second was Best Security Project at the Information Security Awards.

“Earlier in the year the Government announced it would be expanding some CORTEX services to a much larger number of nationally significant organisations through a project called Malware-Free Networks (MFN). The expansion of MFN is a multi-year scale-up and will continue to keep us busy for some time to come.

“The GCSB published our first survey of cyber resilience in October, which continues our ongoing efforts to provide more information to the public about the threats New Zealand faces and our response.

“This year the GCSB supported the Government in calling out malicious cyber activity carried out by state sponsored actors. This included two attributions to Russia.”

Media contact: media@nzic.govt.nz or 04 819 7104