- Posted March 27, 2023
- Director-General Speeches
Kia ora koutou,
Thank you for the opportunity to update the Committee about the work of the Government Communications Security Bureau in this public session.
Once again it has been an operationally demanding year in which the GCSB’s signals intelligence and cyber security missions have responded to significant and, at times, unprecedented challenges presented by the increasingly contested world that we live in.
We have in the past year, witnessed geostrategic competition intensifying right around the world, including in our Pacific region, while serious cyber incidents continue to threaten New Zealand organisations.
Aotearoa New Zealand’s interests are being challenged by this rise of geostrategic competition as some states are more readily pursuing objectives in ways that run contrary to the international rules-based order, including through malicious cyber means.
This year we have continued to provide signals intelligence insights to 19 government agencies, and their Ministers, as well as provide unique cybersecurity capabilities and resilience advice to nationally significant organisations through our National Cyber Security Centre (NCSC).
As the world becomes more complicated, one of our principal roles is to help inform our key decision-makers on a broad range of topics with signals intelligence in accordance with Aotearoa New Zealand’s National Security Intelligence Priorities.
Peace and stability in the Pacific has been an enduring intelligence focus for successive Governments. For the GCSB this includes intelligence relating to foreign interference in Pacific nations, economic stability and vulnerabilities, and transboundary issues such as climate change, resource exploitation, transnational organised crime, people smuggling, maritime issues, and the impact of COVID-19.
Moving now to Russia’s invasion of Ukraine. While the extreme low temperatures that froze the front lines over winter have thawed, opposing forces remain bogged down in an intense, high attrition confrontation along vast swathes of eastern and southern Ukraine. Russia has made small territorial gains in recent weeks, but this is being achieved with significant casualties. As we have previously highlighted, malicious cyber activity remains a feature of the conflict.
The role of GCSB has been to provide intelligence about the conflict to New Zealand government decision-makers. Most of this intelligence is sourced through New Zealand’s international partnerships, and is supplemented with GCSB’s own intelligence. We also set-up a dedicated cybersecurity effort to help protect New Zealand organisations from the ever-present threat of malicious cyber activity spanning from this conflict.
A unique feature of this conflict has been the unprecedented willingness on the part of our partners, particularly the United States, to provide information to inform the public narrative, including declassified intelligence. This played a significant role in informing and consolidating global support for Ukraine, and headed off various Russian false-flag and false-information activities.
Late last year our National Cyber Security Centre published its Annual Cyber Threat Report, in which we recorded 350 cyber security incidents, compared to the previous year’s 404 incidents. The cyber security incidents we focus on are those that target organisations of national significance or they have a nationally significant impact. This represents a drop in the overall number of significant incidents to levels we have seen in recent years.
Russia, along with other Eastern European states, are known states-of-origin, or safe-harbours, to those who conduct sophisticated malicious cyber campaigns – both state-sponsored and criminally-motivated. It is likely that a proportion of malicious actors whose activities typically impact New Zealand organisations have turned their attention elsewhere as a result of the Russia-Ukraine conflict.
Nonetheless, the cybersecurity threats we face continue to be more sophisticated and more impactful, and this reporting year has been no different with ransomware and supply chain exploitation the most frequently encountered malicious activity. At the same time, much of the malicious cyber activity we see can be prevented through relatively simple mitigations and good cyber hygiene.
State-sponsored cyber actors again feature significantly in recorded incidents, with the proportion that can be linked to state actors increasing slightly, at 118 incidents, or 34 percent, up from 28 percent the previous year.
This reporting year the NCSC contributed to the public attribution of two significant state-sponsored cyber campaigns; in July 2021 Minister Andrew Little publically condemned malicious activity targeting Microsoft Exchange by state actors from People’s Republic of China, and in July 2022 Minister Nanaia Mahuta publically condemned a campaign of destructive cyber activity against Ukraine by Russian-based malicious actors.
The NCSC’s cyber defence capabilities continue to help reduce the harm to New Zealand organisations from malicious cyber activity, with our cyber defences helping to prevent more than $33 million worth of harm to nationally significant organisations in the financial year, bringing the total harm reduced since 2016 to $317 million. In November 2021 we launched our award-winning Malware-Free Networks service, which has helped disrupt over 290,000 cyber threats.
As the Government Chief Information Security Officer, or GCISO, my focus is on understanding and helping mitigate the key information security threats and vulnerabilities facing the public sector. In the past year this has involved working with global cloud companies to ensure they build New Zealand’s information security standards into their products used by government agencies.
We have also been working alongside our overseas partners to counter the threat posed to the New Zealand Government’s cryptographic security by quantum computers, and their potential to break encryption and expose classified communications. We currently have a programme of work underway alongside the 19 government agencies that use classified systems to implement new encryption standards to stay ahead of these threats.
As I have talked about before, the GCSB continues to make a unique and valuable contribution to global efforts to counter terrorism and violent extremism. While the GCSB’s signals intelligence role is primarily focused offshore, we are working more proactively with our domestic partners, in line with the Royal Commission of Inquiry’s commentary.
Obviously our signals intelligence mission represents the more classified end of our function, but I will briefly touch on three examples of recent domestic counter-terrorism work that paint a good picture of how our unique capabilities and authorities can assist domestically-focussed agencies. This is not something we’ve talked about publicly before.
One operation involved an individual making bomb threats last year, with an implied ideological motivation. Another operation involved a New Zealand-based adherent to white-identity violent extremism who was displaying behaviour of increasing concern online. While, the third involved an individual claiming to be a white-identity violent extremist making threats to use firearms and explosives at a public event.
In all three operations the GCSB was able to combine lead information with our unique technical capabilities to help identify the individuals, who had each taken great care to anonymise themselves online. We were able to work with Police and NZSIS to develop a clearer picture of the real-world threat they posed, and in the case of the third operation – the gun and bomb threat to a public event – we were able to provide information that supported the appropriate action to be taken by Police.
The GCSB has maintained a high operational tempo over the past year against a backdrop of significant disruption. This has included not only the ongoing impact of COVID-19 and higher levels of staff turnover than previous years, but also having to significantly reduce the number of New Zealand Intelligence Community staff in our main building for earthquake remediation. While these disruptions have impacted some projects, the GCSB was able to maintain its core operational services throughout, and progress key initiatives.
We are currently finalising our new organisational strategy that will position us to continue to provide intelligence advantage and cyber resilience to successfully navigate an increasingly unpredictable world. The Bureau looks forward to briefing the Committee on this new strategy later in the year, as well as making an unclassified version public.
Finally, before I hand over to Phil, I will talk briefly about the people of the GCSB. Against the backdrop of ongoing disruptions, our workforce has continued to grow and change. A strong focus for me personally is striving towards a workforce that truly represents the community we serve, and a workplace that is inclusive, and which values the different perspectives diversity brings. Indeed this is something that has been recognised, jointly with the NZSIS, with a Diversity Works Awards category win last year.
Undoubtedly, the past year has presented its share of challenges, but the professional people of the GCSB have risen to meet them – and I have been proud to have lead them.
Ngā mihi nui