- Posted February 12, 2020
- Director-General Speeches
GCSB Director-General Andrew Hampton
ISC Opening Statement - Wednesday 12 February 2020
Open session
---
Kia ora koutou
Thank you for the opportunity to update the Committee about the work of the GCSB since I last appeared before you.
First I will touch briefly on our response to the Christchurch attacks on March 15 last year.
The NZSIS and the New Zealand Police are the lead agencies for domestic counter-terrorism, and you have already heard from Rebecca about the NZSIS response. The role of the GCSB is to provide support to these agencies in their work. This support is primarily through our technical capabilities, and our access to foreign intelligence. Like the NZSIS, the Bureau immediately stood-up a 24/7 response team who worked tirelessly to support the investigation and wider response.
Over the three years prior to the attacks the GCSB took a series of deliberate steps to enable us to respond effectively to assistance requests on domestic counter-terrorism, within our legislative framework and resourcing. This involved establishing capabilities, accesses and legal authority that do not distinguish between different forms of violent extremism and can be deployed quickly and flexibly. As a result we were well placed to respond to requests from our NZSIS and Police partners in the aftermath of the Christchurch attacks.
Like Rebecca I absolutely support the Royal Commission of Inquiry. It is vital that we know if there is anything that could have been done to prevent the attacks, and identify any lessons to be learned for the future.
Cyber security
2018 to 2019 was also a very busy period for the GCSB’s other functions, including our cyber security and regulatory role.
Cyber security incidents impacting on New Zealand’s nationally significant organisations have increased in their severity, particularly from sophisticated state-sponsored actors. In particular the National Cyber Security Centre – or NCSC - within the GCSB continues to see malicious cyber actors exploiting known, unpatched vulnerabilities to gain access to systems.
The NCSC recorded 339 cyber security incidents in the 12 months to 30 June 2019, compared with 347 incidents in the previous year. 39 percent of these incidents had links to state sponsored actors, which are generally more sophisticated than criminal or non-state activity given the greater resources and motivations of states. While these are similar numbers to the previous reporting period, more incidents were detected in the post-compromise phase. In other words they were detected after they’d happened, and when actors have had more opportunity to cause harm.
During this period the GCSB has, on behalf of the New Zealand Government, added its voice to international condemnation of malicious cyber activity, and joined our partners in attributing two such campaigns to foreign actors.
In 2019 we also found ourselves responding to several significant incidents arising from inadequate information management rather than cyber-intrusion. Such incidents highlight the continual need for good information management practices and data hygiene, regardless of what organisation you are.
CORTEX
We have continued to improve and advance our CORTEX cyber-defence capabilities, which we calculate have prevented almost $100m of harm to nationally significant organisations since June 2016.
Our cyber defence capabilities include the Malware-Free Networks initiative, which the Government has approved for expansion to a much larger number of nationally significant organisations than currently receive CORTEX services. We are currently implementing this expansion which will enable significantly more organisations to benefit from our specialist capabilities.
5G
Another key function of the GCSB is regulatory oversight to protect New Zealand’s telecommunications infrastructure. This infrastructure is critical to the daily lives and wellbeing of New Zealanders, as well as our economic strength and national security.
We do this through our administration of the network security provisions of the Telecommunications (Interception Capability and Security) Act 2013, better known as TICSA. In 2018/19 the GCSB received 158 network change notifications, up from 123 in the previous year.
You will doubtless be aware that during this period the GCSB received its first 5G notification. The outcome of that has been the subject of a significant amount of public discussion, most recently in the context of the UK’s decision making on 5G.
It may be helpful to restate the Bureau’s position for the benefit of the Committee.
Our role is to assess network security risks, which includes considering the likelihood that a network operator’s proposal could lead to the compromise or degrading of the public telecommunications network. We make our own, independent assessment of network security risks, on a case-by-case basis. There are no ‘bans’ on any telecommunications vendors – we make an informed assessment based on the information provided in the notification and New Zealand’s legislation and policy.
This is a well-established process which is serving New Zealand well, and it allows us to be responsive to ongoing developments in network security.
I would also like to make clear that the majority of TICSA notifications received did not raise network security risks. With those that did, network operators either mitigated the risk or withdrew their notification.
Intelligence Collection
Another key function of the GCSB is intelligence collection and analysis, which is largely foreign focused.
The Government’s National Security and Intelligence Priorities, or NSIP’s, direct the GCSB’s priorities in this area. These priorities assist us and other agencies with a national security role to make informed, joined up decisions and define key areas of focus.
There are limits on what I can say about our intelligence mission in an open forum like this.
I can say that during 2018/2019 the GCSB provided valuable intelligence to a range of Ministers and Government agencies in accordance with the NSIP’s. This included intelligence on countering transnational organised crime, regional peace and security and support for NZDF operations overseas.
The NSIP’s are also highly relevant to our international partnerships. As well as our support to the New Zealand Police and the NZSIS on domestic terrorism issues, the GCSB for example makes a unique and highly valued contribution to the international efforts on global terrorism.
All information sharing is in accordance with our own legislation, policies and oversight. I will be able to talk more about our intelligence collecting in the closed session.
Oversight
This has been a significant year regarding the Bureau’s oversight requirements, including the Royal Commission of Inquiry into the Attack on Christchurch Mosques, the Inquiry into Operation Burnham and various reviews by the Inspector General of Intelligence and Security (IGIS).
Such oversight is vital, and we welcome independent scrutiny of our work.
Ongoing engagement with the IGIS and Crown Law has provided valuable clarification around certain aspects of our legislation, particularly the application of Type 1 and Type 2 warrants. This provided much needed certainty for everyone. GCSB has not had to change its fundamental approach to when it seeks Type 1 intelligence warrants.
Elections
Finally I will briefly touch on our work regarding election security.
The integrity of New Zealand’s electoral process is at the heart of our democratic society and elections must be free and fair.
As we get closer to the general election in September we will be focussed on providing support to the Electoral Commission, including standing up a dedicated team to manage surge work.
This support includes working directly with the Electoral Commission to help them protect their systems, most of which are fortunately not connected to the internet which limits points of vulnerability.
We have provided updated guidance for political parties and candidates on how to protect themselves from cyber threats, which has been circulated by the Electoral Commission.
We have also assisted with protective security briefings to Members of Parliament in conjunction with the NZSIS.
During the election period we will be responsive to reporting from our security partners, political parties or the public regarding suggestions of state sponsored disinformation campaigns.
I stress however that we have no role in monitoring political discussion in New Zealand.
Robust political debate and freedom of expression are fundamental to our democratic process and our role is supporting efforts which ensure that there is no attempt to covertly influence the election by a state actor.
I am now happy to take questions from the Committee.
END