NZ Institute of Intelligence Professional Annual Conference
Good morning, welcome, and thank you to the organisers for this opportunity.
I am keen to engage more through forums like this, and others.
It is pleasing to see so many people here today, from right across the full span of what “intelligence” means in New Zealand. These conferences are an important element in helping build New Zealand’s intelligence community for the future. They provide a valuable opportunity for us all to see each other, to spend some time getting to know each other.
I’ve had a look at the programme for today, and it’s both broad and engaging. What a great range of speakers, and topics.
I am a new intelligence professional myself. This is my first public engagement as Director. Being so new means that I have a lot to learn, but it also means I have some first impressions of the GCSB and the wider New Zealand Intelligence that I am happy to share.
Firstly we need to look at our operating environment:
- We need a well-functioning and connected intelligence community and professionals now more than ever
- We work in an increasingly complex and demanding operation environment
- Our prosperity depends on New Zealand being open, democratic and well connected
- We need a free flow of people, information and trade across our boarders
- The world is increasingly interconnected and this connectedness increase risk of foreign sourced threats, including radicalisation and espionage/cyber attacks
The intelligence community has an important role to play in protecting New Zealand, our people and our economy from these threats.
We need to ensure Government is well informed about the activities and intentions of foreign parties.
We need to protect our nationally significant organisations and information from cyber threats.
Topics I'll be covering in this speech
- The role of the Bureau
- My focus areas as Director
- Our priorities and activities in information assurance/cyber security
- The role of the New Zealand Intelligence Community, and
- The people and resourcing challenge we all face.
I also want to ensure there is time to be more interactive and to respond to your questions.
But before going further, I want to congratulate the participants in last night’s inaugural intelligence community awards.
I know my colleague Rebecca Kitteridge, Director of the NZSIS, spoke to you last night, and I share her view on the real value in being able to share and celebrate the great work this community does.
By necessity much of the work of our community needs to stay in the classified domain, however, these awards are an opportunity to show case outstanding work and be recognised by our peers. They provide a platform for demonstrating the value we provide to our customers and wider stakeholders.
Within my own organisation I am actively encouraging our leadership to look at our own activities from the perspective of awards such as these, other sector based awards and the broader Public Sector Excellence awards
The Bureau has three key functions:
- collecting and assessing foreign intelligence in accordance with Government’s National Intelligence Priorities (both with assistance from our Five Eyes partners and through our own legally authorised capabilities)
- providing cyber security and information assurance services for nationally significant organisations, which I will return to shortly
- assisting Defence Forces, NZ Police and NZSIS to undertake their lawful functions (this includes counter terrorism and support to military operations).
The GCSB leadership team is currently working on a new detailed plan on how we deliver these against the background our strategic priorities:
- impenetrable infrastructure – protecting New Zealand’s important information and systems from advanced cyber threats, and
- indispensable intelligence – providing valuable intelligence information to support government decision making and help protect our people, our boarders and our economy.
Everything we do needs to be in accordance with the law and our international human rights obligations. It also needs to be proportionate, necessary and reasonable.
We do our work under an umbrella of a very strong legal compliance and oversight system. We are subject to a higher level of oversight than most of the State Sector agencies:
- We have a dedicated parliamentary oversight committee
- An Inspector General of Intelligence and Security – with Commission of Inquiry Powers
- Strong authorising regime for our intelligence cyber security functions
- Our cyber security support is provided to organisations with their consent.
I want to ensure the Bureau is well positioned to respond to the contemporary threat scape and to deliver real value to the Government, our customers and the public of New Zealand.
To help achieve this I am focussing on:
Building public trust and confidence – talking more publically, and through the media about what we do, why it is important and how we are held accountable
Ensuring the Bureau and the wider NZIC effectively implement the new legislation (to be introduced later this year) and deliver on the capability we have just received new funding for
Increasing customer centricity – we will put the customer more at the centre of everything we do. Asking them what they want and involving customers in the design, delivery and evaluation of our products and services
Improving effectiveness by working with others – whether that is within the NZIC, other government agencies, private sector customers or our Five Eyes Partners
Building people capability - identifying, developing and deploying the people and leadership capability the GCSB needs, to ensure it is fit for the future in a very competitive and specialist labour market.
Delivering on major technology and change projects
Developing and maintaining effective relationships with key stakeholders including Ministers and my counterparts in overseas partner organisations.
GCSB Cyber Security/Information Assurance Role
Some of the Bureau’s activities are easier to talk about in a public forum than others. Cyber security is one of those, and we have a clear mandate to raise awareness across the Government and Private sectors of the importance of having an effective response to cyber threats.
Cyber security is an area where we are building capacity – both people and technical in delivering our information assurance and cyber security function.
Enhancing New Zealand’s cyber security is one of our key outcomes. It is reflected in our “Impenetrable Infrastructures” strategic outcome.
We do it against a backdrop which includes the National Cyber Security Strategy, the work of the Department of Internal Affairs and the Chief Government Information Officer, the National Cyber Policy Office and New Zealand Police. In the future there will also be the Computer Emergency Response Team (CERT) which is currently being worked on by MBIE
For the Bureau, particularly our National Cyber Security Centre, our focus is countering cyber-borne threats to organisations of national significance – e.g. to government departments, key economic generators, niche exporters, research institutions and operators of critical national infrastructure.
We assist others protect their own networks from the types of threats which are typically beyond the capability of commercially available tools.
As part of our cyber security function we are working across government and the private sector to implementing capabilities, namely CORTEX, to protect nationally significant organisations from advanced cyber threats.
CORTEX focuses on countering advanced foreign-sourced malware that is typically beyond the defensive capabilities of commercially available tools.
It helps protect against theft of intellectual property, loss of customer data, destruction or dissemination of private communications, holding data for ‘ransom’ and damage to IT networks and services.
CORTEX operates with the explicit agreement of the organisations that are protected.
Malware Free Networks
We will soon pilot an arrangement, called Malware Free Networks, whereby we share cyber threat information with an ISP so that the ISP can actively mitigate advanced malware that is targeting a small subset of its customers.
Under this pilot arrangement the benefiting ISP’s customers must be aware of GCSB’s support to the ISP.
GCSB will not receive the Internet traffic of the participating ISP or of any of its customers
It is useful to give some context to this by looking at the number and nature of the threats we are being made aware of.
We have a voluntary reporting regime and the threats recorded here are just those reported to us or detected by our own capabilities.
In the 12 months ending 1 April 2016, 316 cyber incidents were logged by the National Cyber Security Centre (NCSC), the part of GCSB that operates the CORTEX capabilities. This compares with 190 for the twelve months ending 30 June 2015.
In a typical month GCSB:
- detects through CORTEX seven cyber intrusions affecting one or more New Zealand organisations. For context: roughly 0.5% of internet traffic analysed by GCSB under CORTEX has a ‘signature’ of advanced malware associated with it; and each month about 900 new signatures of this type are identified either here in New Zealand or overseas
- receives 12 new incident reports which are unrelated to CORTEX monitoring. The incidents in this case are typically self-reported by the organisation dealing with them, and
- we receive five requests for some other form of concrete cyber security assistance.
Over the last 12 months the requests have been as much from private sector firms as government agencies. The organisations in question have included financial institutions, ISPs and tertiary institutions.
Examples of recent cyber incidents reported to NCSC include:
- crypto-locker ransomware attacks
- emails masquerading as official business to induce payments
- suspicious network activity
- criminal scams on two government agencies
- potential compromising of government agency’s mobile devices
I mentioned the CERT earlier. Part of the New Zealand Government response to cyber threat is the establishment of a Computer Emergency Response Team.
The proposal to establish a CERT was announced by the Minister for Communications, Amy Adams, in December last year. At the Cyber Security Summit in May the Prime Minister announced the Government’s investment of $22.2 million over the next four years to establish a national CERT and the Minister for Communications provided an outline of the CERT NZ functions. The CERT will be a central part of New Zealand’s cyber security architecture.
CERT NZ will initially be housed as a branded unit within the Ministry for Business Innovation and Employment, but it will develop beyond that over time.
The CERT will provide an initial point of advice and contact for people and organisations who have been, or could be, affected by cyber harm.
While NCSC provides this support for significant national infrastructure and organisations affected by advanced malware, the CERT will “fill the gap” for other victims of cyber threat, from individuals and families to SMEs and larger organisations.
CERT NZ will also act as a point of contact and information sharing with similar overseas based organisations, and maintain close links with Police, the NCSC, the Department of Internal Affairs, NGO organisations, private sector and academic institutions.
The work of the CERT will be complementary to that undertaken by the National Cyber Security Centre and the relationships and capabilities operated under the CORTEX banner.
Current plans are that CERT NZ will be operational in the first quarter of 2017.
Our Information Assurance Role
The CORTEX initiative and the work of the National Cyber Security Centre is just one aspect of the GCSB’s broad information assurance role.
The IACD does more than just cyber security in the generally accepted sense of the term.
Some of the other things you might not know about include:
- We provide high grade cryptologic services to protect critical data of national importance.
- We conduct technical inspections and accredit networks processing data of national importance.
- We provide information assurance and security guidelines via the government Protective Security Requirements and the New Zealand Information Security Manual, and we work across government with Government Chief Information Officer (GCIO) to develop and promote compliance with those standards.
- Our outreach and engagement team works closely with customers across the public and private sectors, helping convert our advice and inputs into actions to make networks more resilient.
- If the victim organisation is unable to respond to these threats themselves the NCSC has an Incident Response team who can go out and assist. There is a clear process of warrants and authorisations to enable us to provide this support.
All this work requires highly skilled and talented people – people whose skills and experience are in high demand across both government and the private sector.
Role of the NZIC
We also do our work in an increasingly “joined up” way – working with other Government organisations and particularly the intelligence community.
We have just recently completed a New Zealand Intelligence Community four year plan (2016 – 2020) – an unclassified version of this is already in the public domain through the release of the 2016 budget documents.
The plan is a reflection of how we are taking a more joined up approach to national security
It sets our collective goal to be - an agile, customer-focussed community that can sustainably meet the Government’s protective security and intelligence priorities
We have committed to achieving this through a focus on our key customers – Ministers, Government Agencies, Business and New Zealanders.
The plan focusses on delivery in three areas:
- Assist New Zealand decision making – this is about getting and understanding information for our national advantage,
- Reduce threats to New Zealanders – getting information to manage threats and understanding information so we can mitigate them, and
- Strengthen protective security – managing vulnerabilities presented by people and places, and protecting information and information systems.
While the Bureau, Service and the Security & Intelligence Group of DPMC each have separate goals within the plan we have jointly committed to a range of outcomes.
I want to close by talking about our people and the common interests and challenges we have across the intelligence and information assurance community to recruit and retain the bright talented people whose skills are in much demand across both government and the private sector.
I know Rebecca mentioned to you last night our NZIC recruitment proposition – Beyond Ordinary. We are at a very early point in our development and use of this “Brand Proposition” which plays on the point that we do things in our community which go beyond ordinary roles, and that we are seeking extraordinary people to fill those roles.
The proposition recognises that while we may not necessarily be able to compete with the market in some areas, there are aspects of our work which provide a different “value proposition” which will appeal to some people.
While there is a “competitive” aspect to this – as there is across the recruitment and employment market there is also real potential for those of us in the sector with a common interest in security to explore ways we can collaborate to ensure talent is attracted and retained.
This could be around working together to encourage our schools and tertiary institutions encourage more students into science, technology, engineering and mathematic related (STEM) courses and to promote greater diversity in our organisations, so we better reflect the communities we service and to foster better decision making through more diverse perspectives.
Or, it might be about looking at increasing mobility and capacity within our workforces – providing opportunities for staff (with the right level of clearance) to move between positions within the broader security sector and the intelligence community – helping improve the understanding of both groups along the way.
These are interesting challenges and I look forward working with my colleagues in the intelligence community to engage more broadly with the sector to find innovative responses to them.