The GCSB’s National Cyber Security Centre, which protects organisations of national significance from cyber threats, is expanding its coverage through partnerships.
Yesterday, minister for the SIS and GCSB Andrew Little told an audience at Victoria University's Centre for Strategy Studies the GCSB's National Cyber Security Centre (NCSC) had prevented over $284 million of harm to designated organisations.
The intelligence agency's new Malware Free Networks service was also partnering with the private sector to extend its malware detection and disruption capabilities to help protect many more organisations.
The COVID-19 pandemic dramatically accelerated changes to the ways New Zealanders work using connected technologies, but the cyber threats they faced were growing, Little said.
Cyber attacks were increasing in frequency and magnitude and critically important organisations were frequently the targets. A large District Health Board had been forced offline earlier in the year, Little said, referring to the Waikato DHB ransomware attack. An earlier denial of service attack on the NZ Stock Exchange showed private organisations were just as vulnerable.
"The ability to ‘hack’ or disrupt critical services might once have only been within the capabilities of states, and some states do engage in malicious cyber activities" Little said. "But every day new tools and methods are developed and exploited by criminals seeking financial gain, as well as those who might consider extreme disruption is justified in pursuit of ideological goals, or by ‘hackers’ who simply see disruption as a game without thinking about the real world effects."
New Zealand had what Little described as "robust conversations" with states who attempted to carry out malicious activities against New Zealand's interests or protected those who do and sometimes we have called them out publicly.
The annual review of the intelligence agencies before Parliament in March revealed more detail on some of the NCSC's developments and its changing focus.
Bridget White, acting director-general of GCSB, told Parliament's intelligence and security committee that Cortex was estimated to have helped New Zealand’s nationally significant organisations avoid $70 million worth of harm in 2019/20.
"Just what is nationally significant has shifted due to the pandemic, with sectors including health services and health research as well as transportation and food distribution taking on new prominence for national security," White told the committee.
The shift to working from and the use of new communications applications had also increased the potential "attack surface" attackers could target.
The NCSC was focused on supporting government and private sector organisations shifting securely to new ways of working and implementing new platforms and processes.
"Organisations need to ensure that they place a top priority on considering and actively managing cyber-security risks of these work arrangements," White said.
Lisa Fong, director, information assurance and cyber security at GCSB, said the NCSC had provided advice to the public sector in the very initial phase of the work transition, pushing out advice around specific platforms that were being used.
"There was a rapid uptake of both cloud services as well as remote working," she said. "In the phase after that initial alert level 4 and 3, when we moved back to 2, we revoked some of that advice and reissued standard advice that we’d recommend that all nationally significant organisations apply with respect to both hardware and software and governance of those additional risks presented."
Recent attacks were showing levels of sophistication and capability previously seen only by well-resourced state-backed actors being deployed by criminal actors motivated simply by financial gain, the committee heard.
Thirty per cent of the 352 reported incidents in 2019/20 were linked to state-sponsored actors, down from 38 per cent the previous year.
"The National Cyber Security Centre has continued to improve its Cortex data and tools to more effectively defend New Zealand and identify vulnerabilities being exploited by foreign threat actors to compromised networks," White said.
Further development of Malware-Free Networks had enabled the GCSB to significantly scale its cyber-defence efforts across a broad range of New Zealand organisations.
"Initial work with several network operators has proven the value of this cyber threat feed, and work is under way to complete arrangements and partnership models with a range of operators and security service providers, enabling the delivery of the service to be scaled more broadly."
In April, the NCSC provided guidance on managing the emerging class of "supply chain" attacks on vendor supplied software systems, the kind of attack that successfully penetrated the Reserve Bank of New Zealand.