- Posted March 24, 2021
- Director-General Speeches
GCSB acting Director-General Bridget White opening statement to Intelligence and Security Committee
Wednesday 24 March 2020
Open session
===
Kia ora koutou
Thank you for the opportunity to address the committee.
I am Bridget White, the acting Director-General of the GCSB.
Also with me is Lisa Fong, Director of the GCSB’s Information Assurance and Cyber Directorate, which includes the National Cyber Security Centre.
You may be aware that Andrew Hampton is currently on medical leave following surgery. I’m sure you will join me in wishing Andrew a speedy recovery, and we look forward to his return to the Bureau soon.
I know he will be watching the reporting of today’s committee hearing with keen interest, and I am sure he will be quick to send me feedback before the end of the day.
Threatscape/Post Covid-19 cyber security
I will start by outlining the GCSB’s work supporting the response to the Covid-19 pandemic.
GCSB has an important role in providing cyber-security advice and guidance to New Zealand’s nationally significant organisations.
Just what is nationally significant has shifted due to the pandemic with sectors including health services and health research, as well as transportation and food distribution taking on a new prominence for national security.
GCSB has worked to support the response in several ways.
Between March and June of last year we disseminated over 5000 Covid-19 intelligence reports to New Zealand customers, some from our own collection but by far the majority from our Five Eyes intelligence partners.
We have also provided cyber security advice on the development of the Government’s Covid-19 tracing app, and are currently supporting preparations for the national vaccine rollout.
The other impact of Covid-19 on the cyber threatscape has been new vulnerabilities and risk vectors arising from new work practices.
Working from home is an obvious example. Covid-19 required a widespread rapid shift to working remotely with the need to connect from dispersed locations into organisations’ central technology systems, as well as increased use of virtual meeting and communication tools.
These increase what we call the attack surface that malicious cyber actors can potentially exploit to gain access to systems.
The GCSB’s National Cyber Security Centre was focussed on helping ensure Government and private sector organisations could securely shift to new ways of working and implement new platforms and processes. This included specific security advice on the use of virtual meeting apps and remote working.
Organisations need to ensure they place a top priority on considering and actively managing the cyber-security risks of these work arrangements.
Other cyber security incidents
Turning now to other cyber security issues and, while not directly Covid-19 related, we have seen in recent months cyber security incidents impacting significant New Zealand organisations.
This includes high profile Denial of Service and ransomware attacks.
These attacks are showing levels of sophistication and capability previously seen only by well-resourced state-backed actors but are now being deployed by criminal actors motivated simply by financial gain.
In the 2019-20 year the National Cyber Security Centre recorded 352 incidents, up from 339 in the previous year. 30 percent of incidents were linked to state sponsored actors - down slightly from 38 percent in the previous year.
This reflects global trends in the behaviour and capability of malicious actors.
Attacks seeking to disrupt the availability of systems can be just as damaging as those which seek to steal information, and organisations need to respond accordingly and work with their service providers to ensure they have protections in place.
National Cyber Security Centre
The GCSB’s National Cyber Security Centre operates our cyber defence capabilities, and leads engagement with organisations of national significance to protect their systems from high impact, and advanced cyber threats.
Our CORTEX cyber defence capability is a key tool to support nationally significant organisations to protect their networks from malicious, advanced persistent and sophisticated cyber security threats. In 2019-20 CORTEX is estimated to have helped New Zealand’s nationally significant organisations avoid $70million in harm.
The National Cyber Security Centre continued to improve the use of CORTEX data and tools to more effectively defend New Zealand and identify vulnerabilities being exploited by foreign threat actors to compromise networks.
As well as CORTEX, the National Cyber Security Centre has continued to develop its Malware Free Networks product, which enables the GCSB to significantly scale its cyber defence effort across a broad range of New Zealand organisations.
In delivering this product the National Cyber Security Centre is working with a range of private sector partners.
Initial work with several network operators has proven the value this cyber threat intelligence feed can provide. Work is underway to complete agreements and partnership models with a range of operators and security service providers, enabling delivery the service to be scaled more broadly.
Response to Royal Commission of Inquiry into the terrorist attack on Christchurch masjidain
Now turning to our response to the Royal Commission of Inquiry into the terrorist attack on Christchurch mosques.
The Royal Commission made no specific recommendations in relation to the GCSB.
As the Royal Commission points out, the primary counter terrorism effort of the GCSB is foreign focussed. We have made, and are continuing to make, valuable contributions to global counter terrorism efforts, including to the disruption of terrorist activities offshore. I am however unable to talk in this open forum about specifics of this activity without putting at risk highly sensitive intelligence equities and capabilities.
I would like to point out that the GCSB has in place, and did so prior to the 2019 Christchurch attacks, warrants that do not distinguish between different forms of violent extremism. This enables us to respond to requests for assistance from other agencies and to contribute to global efforts against the full spectrum of violent extremism.
The Royal Commission did note that the GCSB can, and should, play a more active role in domestic counter terrorism, and that we should take a more proactive approach to better understand our customer’s requirements and how our capabilities can complement their work.
The Royal Commission also observed that other agencies in the counter terrorism system did not always have sufficient understanding of our signals intelligence capabilities.
The GCSB is committed to making our role and capabilities more widely understood and utilised by domestic partner agencies. We are already working to achieve this, in line with the priorities set by Government and in accordance with New Zealand law.
As an example we are already working more closely with New Zealand Police to support investigations into specific threats since the Royal Commission’s report.
Election protection
Finally turning to our major events work.
A key focus in this area has been supporting New Zealand’s General Election in October 2020.
Maintaining the integrity of the electoral process is a vital part of safeguarding New Zealand’s democratic society.
The National Cyber Security Centre monitored for malicious cyber activity involving key organisations, to look for activity that may have impacted on delivery of the election.
I am pleased to say that the National Cyber Security Centre did not observe activity suggesting a network compromise or sophisticated malicious cyber activity associated with the General Election, or indications of attempts to alter the results or otherwise disrupt the electoral processes.
In addition the National Cyber Security Centre also worked in partnership with our NZSIS colleagues to provide protective security briefings to Members of Parliament and at-risk candidates on cyber and foreign interference risks.
I am now happy to take questions from the Committee.
END