Video | Agriculture | Confidence | Economy | Energy | Employment | Finance | Media | Property | RBNZ | Science | SOEs | Tax | Technology | Telecoms | Tourism | Transport | Search

 

GCSB willing to extend cyber-attack programme to local ISPs

GCSB willing to extend cyber-attack Cortex programme to local ISPs

By Paul McBeth

Sept. 29 (BusinessDesk) - The Government Communications Security Bureau's 'Cortex' cyber-security programme has been successful in helping identify and mitigate a series of cyber attacks since its introduction and an extension to cover local internet service providers is still on the cards, said acting director Una Jagose, at a public event in Wellington.

Speaking at a privacy and technology forum hosted by the Office of the Privacy Commissioner after an earlier event was cancelled because of protest action, Jagose said the Cortex programme has successfully helped to identify and resolve those threats. While only certain public and private entities are covered by the system, any lessons can be fed back into the cyber-defence ecosphere, she said..

Cortex aims to counter advanced cyber threats, providing malware detection services to an undisclosed number of entities including government agencies and "organisations of high economic and/or operating critical national infrastructure", including niche exporters and research institutions. Those services are an "active disruption" of foreign-sourced advanced malicious software, known as malware, reducing vulnerability to attack and mitigating harm blocking the ability of malware to target organisations, according to a Cabinet paper released last year.

When the business plan for Cortex was still in development, GCSB had wanted to include a private internet service provider as a pilot project, with a view to a wider deployment. That was turned down by the Cabinet, though the agency was to report back to ministers by September this year on whether to embark on the pilot, and Jagose told reporters after her speech that the proposal is still under consideration.

The benefit of extending Cortex to ISPs would be in providing an additional layer of protection for identifying and mitigating cyber threats, Jagose said today.

Early successes for Cortex have included helping a government agency mitigate an attack on several officials' emails, aiding six significant organisations recover from a newly identified source of cyber attack and detecting large-scale targeting of a nationally significant entity as part of a global campaign by a foreign threat, Jagose said. It also helped an Auckland firm recover from overseas criminal attack, resolved a long-term compromise in a large information technology firm, helped a telecommunications provider respond and strengthen systems after suspicious activity on its network, and assisted private sector firms facing ransomware attacks.

"That information gathered is used for defending our networks, it's all about cyber-security - I think it's really going well," Jagose said. "In the first 10 weeks of this year we resolved more cyber-security incidents than we did in all of 2014. Does that mean things are getting worse or that we're getting better? We're not quite sure yet. It's possible that we're getting better at identifying cyber risks and dealing with them."

Declassified Cabinet papers released last year outlined the plans for the malware-disrupting programme, which Jagose today said were an important part in countering "serious high-end sophisticated threats to significant New Zealand entities and infrastructure."

Jagose told reporters after her speech that private sector companies she's spoken to are "very keen" on joining Cortex, seeing it as an extension of their own cyber-security initiatives, as it requires compliance with certain security and privacy criteria.

"It's not to replace available products, and not for them to save money, but for the technical ability to protect against advanced threats," Jagose said. "Private sector partners spend a huge amount of money on their own cyber protection and part of the Cortex offering requires them to go through those basic steps, so that they have to spend the money as well."

During her speech, Jagose took the opportunity to try to dispel some "myths" that the agency is involved in mass surveillance, saying legislative checks and balances provide a level of oversight that should provide some assurance for the public. Still, Jagose said the GCSB is trying to improve its transparency without giving away the country's vulnerabilities and capabilities to its adversaries.

(BusinessDesk)

© Scoop Media

 
 
 
Business Headlines | Sci-Tech Headlines

 

Up 0.5% In June Quarter: Services Lead GDP Growth

“Service industries, which represent about two-thirds of the economy, were the main contributor to GDP growth in the quarter, rising 0.7 percent off the back of a subdued result in the March 2019 quarter.” More>>

ALSO:

Pickers: Letter To Immigration Minister From Early Harvesting Growers

A group of horticultural growers are frustrated by many months of inaction by the Minister who has failed to announce additional immigrant workers from overseas will be allowed into New Zealand to assist with harvesting early stage crops such as asparagus and strawberries. More>>

ALSO:

Non-Giant Fossil Disoveries: Scientists Discover One Of World’s Oldest Bird Species

At 62 million-years-old, the newly-discovered Protodontopteryx ruthae, is one of the oldest named bird species in the world. It lived in New Zealand soon after the dinosaurs died out. More>>

Rural Employers Keen, Migrants Iffy: Employment Visa Changes Announced

“We are committed to ensuring that businesses are able to get the workers they need to fill critical skills shortages, while encouraging employers and regions to work together on long term workforce planning including supporting New Zealanders with the training they need to fill the gaps,” says Iain Lees-Galloway. More>>

ALSO:

Marsden Pipeline Rupture: Report Calls For Supply Improvements, Backs Digger Blame

The report makes several recommendations on how the sector can better prevent, prepare for, respond to, and recover from an incident. In particular, we consider it essential that government and industry work together to put in place and regularly practise sector-wide response plans, to improve the response to any future incident… More>>

ALSO: