Keeping Five Eyes on NZ's cybersecurity
New Zealand's GCSB is using the nation's membership in the Five Eyes alliance to help safeguard nationally significant organisations.
The New Zealand Government is leveraging its position as a member of the Five Eyes intelligence alliance to better safeguard the cybersecurity of its nationally significant organisations. During a speech to the Aspen Institute Cyber Summit Forum in early November, the Director-General of New Zealand’s Government Cyber Security Bureau (GCSB), Andrew Hampton, provided an overview of his agency’s CORTEX cyber defence initiative.
CORTEX is a suite of cyber defence capabilities developed by the GCSB that can be deployed at different points on a user’s network depending on their network configuration and risk profile.
The services range from providing simple alerts when specific activity is discovered on a network to services that actively disrupt malicious activity.
Hampton said the CORTEX suite is designed to take advantage of the unique capabilities afforded to New Zealand as a member of Five Eyes, the intelligence and surveillance partnership between Australia, New Zealand, the UK, the US and Canada.
“We took a range of standard products and combined them with the unique cyber threat insights available to us through our Five Eyes relationships. This allows us to deliver cyber threat detection and disruption capabilities typically not available through commercial providers,” he said.
“We also contribute unique insights to our Five Eyes partners about the malicious activity we are seeing on New Zealand networks.”
When the CORTEX initiative was launched in 2013, the GCSB began the task of convincing public and nationally significant private sector organisations to use the bureau’s cyber defence capabilities.
This was no mean feat, Hampton said, as it was around the time that Edward Snowden’s NSA leaks blew the lid on the existence of numerous global surveillance programs run by Five Eyes. This triggered a vigorous debate about the role of national intelligence agencies and the Five Eyes partnership.
“In spite of this, we received strong support and now a broad reach of New Zealand’s most important organisations receive our CORTEX services,” he said.
An independent assessment commissioned by the bureau found that the value generated by CORTEX in terms of harm prevented is significantly greater than the cost of developing and deploying it. This led to the government’s decision in May to expand one component of the CORTEX system — its Malware Free Networks initiative — to even more nationally significant organisations.
“The concept behind CORTEX is more than just direct cyber threat detection and disruption. If we know activity is targeting a customer’s network, we can make that cyber threat information available to a much wider group — not directly protected by CORTEX capabilities — and enable them to mitigate the threat also,” Hampton added.
Work on CORTEX is ongoing, and the GCSB recently asked 250 users to self-assess their cybersecurity maturity and preparedness to respond to cyber threats.
Hampton said the assessment showed a broad range of maturity and preparedness levels. It uncovered a range of issues including uneven engagement about cybersecurity at a governance level, limited readiness to respond to incidents, insufficient investment in people and skills, and substantial supply chain risk.
“The survey has given us and our customers a solid basis from which to determine where to best focus our ongoing cyber defence efforts,” he said.
The CORTEX initiative has drawn acclaim at local awards ceremonies. In November, CORTEX was named Best Security Project or Initiative at the 2018 Information Security Awards NZ. In July, the project also received the Institute of Public Administration (IPANZ) Excellence Award for Building Trust and Confidence in Government.
Meanwhile, Hampton noted that nearly a third of the cyber incidents investigated by the GCSB contained indicators that could be linked to state sponsored attackers.
“A number of times in the past year the GCSB, on behalf of the New Zealand Government, has joined other like-minded nations in calling out North Korea and Russia in particular for undertaking global campaigns of malicious cyber activity that served no legitimate national security purpose,” he said.
“New Zealand sees this type of activity as unacceptable. It is counter to our vision for an open, safe and secure cyberspace, and we will continue to use public attribution as one of the tools available to deter such threats.”
Complicating matters, as the global threat landscape continues to evolve the line between state and non-state actors is getting blurrier, Hampton said.
As well as its cybersecurity mandate, the GCSB is also responsible for securing New Zealand’s telecommunications networks by working with network operators to identify and mitigate risks to national security.
Hampton said that while the bureau has managed to perform this role effectively to date, the advent of 5G and other emerging communications technologies has the potential to increase the security risk by making it more difficult to isolate potentially vulnerable equipment.
This is reminiscent of the justification used by the Australian Government to ban Chinese vendors including Huawei and ZTE from providing equipment for Australia’s 5G rollouts. When the ban was announced in August, the government asserted that 5G networks will be designed in such a way as to blur the distinction between the core and access components of the mobile network. As a result, the government is concerned that traditional security controls protecting the network core could be circumvented by exploiting equipment in the edge of a network.
But despite the looming challenges, Hampton said the GCSB will continue to work to fulfil its mandate of “[doing] anything necessary or desirable to protect information infrastructures of importance to the New Zealand Government”.
The director-general of New Zealand's GCSB has denied reports the bureau faced US pressure to...
The suspected nation state attackers of the Parliament House computer network also compromised...
The Department of Parliamentary Services is investigating a "sophisticated" attack on...