Tēnā koutou katoa,
I’m Andrew Clark, Director-General of the GCSB. With me today are Andrew Hampton, Director-General of the NZSIS, and Nicky Haslem, CFO for both organisations.
This is my first time appearing before the Committee, having taken up the position of Director-General of the Government Communications Security Bureau in October.
Thank you for the opportunity to update you on the work of the GCSB.
We are New Zealand's lead organisation for signals intelligence and cyber security. We support our customers’ resilience and decision making to successfully navigate a disrupted and contested international environment.
It is the most challenging global security environment in a generation.
In recent years we have observed a sharp rise in geostrategic competition and global tensions – including armed conflict – which has driven supply chain disruption, global economic uncertainty, and the erosion of the rules-based order that is fundamental to a small trading nation such as New Zealand.
In this environment, security threats evolve quickly and cross borders flexibly – presenting challenges for both the Bureau and the Service.
Signals Intelligence
In the past year we provided signals intelligence to customers in 18 government agencies, and their ministers, to equip decision-makers with greater insight.
Our intelligence insights cover the entire range of National Security Intelligence Priorities set by Government.
Our SIGINT collection is primarily focussed offshore, including our own region, which has been an enduring focus. The geostrategic competition we see playing out globally, we are also witnessing in our neighbourhood, and it is our mission to understand what is happening.
At the same time, we are working more closely with our domestic partners at home, particularly Police and the NZSIS around counter-terrorism and violent extremism, in response to the Royal Commission of Inquiry into the Christchurch terror attacks.
Over the past year our intelligence has helped to disrupt foreign interference and espionage operations, transnational criminal endeavours, including drug smuggling, plus terrorist and violent extremist threats.
We also make a significant contribution to global counter-terrorism efforts, including disruption of attack planning.
GCSB intelligence plays an important role in ensuring the safety of New Zealanders offshore, including deployed members of the New Zealand Defence Force, some of whom are in conflict zones.
And while I’ve spoken mainly about our own intelligence insights, we are also the conduit for partner intelligence to our decision-makers, particularly from Five Eyes partners.
Cyber security
I’ll now move onto our cyber security mission, which is delivered through the National Cyber Security Centre. Under this function, the GCSB works to protect information systems critical to New Zealand’s national interests from sophisticated security threats.
In the last fiscal year the NCSC recorded 316 cyber security incidents involving New Zealand’s most nationally significant organisations. These incidents represent the most serious malicious cyber activity targeting New Zealand.
This figure is made up of a slightly higher proportion (at 28%) of financially motivated activity than that with links to state-sponsored cyber actors (at 23%), but broadly in line with previous years.
While criminal groups predominantly target victims for financial gain through ransomware attacks, state-sponsored cyber actors typically aim to maintain a covert presence on computer networks of high intelligence value.
Today, we publicly released information regarding intrusion into New Zealand’s parliamentary networks by cyber actors sponsored by the Peoples Republic of China.
This is the third time in the past year that we have publicly linked malicious state-backed cyber activity to the PRC. In the same timeframe we have also called out the Russian Federation on three occasions.
The type of state-backed techniques we are observing continue to evolve and test cyber security agencies the world over, including methods such as “living off the land”, which is the stealthy compromise of critical infrastructure using legitimate tools on victim devices and networks to maintain access to significant targets, without detection.
Defending ourselves against the rising tide of cyber threats
Our capability to defend New Zealand against these threats is expanding through the use of new capabilities and partnerships. On top of our CORTEX suite of services, the NCSC’s Malware Free Networks service provides real-time detection and disruption delivered through third-party cyber security providers, and it is significantly increasing New Zealand’s capability to disrupt malicious cyber activity.
The number of Kiwis protected by Malware Free Networks (or MFN) continues to grow, and today our partnerships with third-party providers mean the vast majority of New Zealanders and New Zealand organisations now have MFN cover.
That is a significant achievement, snowballing in success in a short time.
Since its formal launch in November 2021, MFN has disrupted more than 6.2 million malicious cyber events, and its positive impact was recognised with the Public Service Commission’s Spirit of Service Award and the overall Prime Minister’s Award last year, as well as industry recognition with the Best Security Product Award at the annual Information Security Awards (iSANZ) in 2022.
Overall, our combined cyber defences have helped mitigate an estimated $382 million worth of harm to New Zealand systems since 2016. Of course, the true value of our national cyber defence capability goes far beyond that dollar figure – with business continuity, investment confidence, and the protection of Kiwis’ data at the heart of our service.
CERT NZ integration into the GCSB
In July last year, the Government announced the integration of New Zealand’s Computer Emergency Response Team (or CERT NZ) with the NCSC to create a single lead operational cyber security agency for New Zealand.
Following the initial transfer of CERT functions to the GCSB, we are now working to provide a stronger cyber security system and improved customer service for all New Zealanders.
While the NCSC’s customers include government departments, key economic generators, research institutions and operators of critical national infrastructure, CERT supports a broader range of businesses, organisations and individuals who are affected by cyber security incidents.
CERT’s cyber security outreach also goes beyond our borders, through its Pacific Partnership Programme. CERT works with our close Pacific neighbours to build local cyber security resilience by providing advice and support.
GCISO
As Director-General, I am also the Government Chief Information Security Officer (or GCISO).
Last year Cabinet confirmed a refreshed GCISO mandate to strengthen public sector cyber standards and expand the GCISO mandate beyond the core public service to include crown agents.
As the cyber threats we face evolve, so too must the public sector’s approach to addressing those risks, as our critical infrastructure is increasingly digitised.
Datacentre
I would also like to provide an update on the construction of the $300 million all-of-government datacentre being built at RNZAF Base Auckland (Whenuapai).
The GCSB, as the government lead for information security, will operate this facility on behalf of the broad range of government agencies that will use it.
The facility will shore up the resilience of our secure data storage for the next quarter century. Work is on track, with the vertical infrastructure taking shape, and the facility is due to be switched on early next year.
Finally, we are an agency that must always stay one technological step ahead of those who would do us harm, and we need to be alert to what lies around the corner – which includes risks associated with emerging technologies such as artificial intelligence and quantum computing.
That is not something we can do alone. Our international partnerships, particularly the Five Eyes, are critical to our ability to adapt quickly.
But our greatest foundation for success lies with the talented people who make-up the GCSB, their specialist skills, and the diversity of thought they bring. They are a slice of New Zealand that enables us to make sense of the security environment around us. But they, along with many others, have also helped to build the more robust and trusted authorising environment that we now work within. We are acutely aware that we can only be as effective as the trust New Zealanders place in us.
Thank you.