GCSB's Cortex cyber defence seen saving $40M from cost of cyber threats in 2017
By Paul McBeth
Nov. 23 (BusinessDesk) - The Government Communications Security Bureau's Cortex malware disruption defence is thought to have saved almost $40 million from the cost of various online attacks in the 2017 fiscal year.
The intelligence agency's National Cyber Security Centre (NCSC) recorded 396 cyber threats in the year ended June 30, up from 338 a year earlier, according to its unclassified cyber threat report, although a change in incident reporting meant it wasn't necessarily a like-for-like comparison. Not every cyber attack comes to the NCSC's attention, which is focused on nationally significant organisations and those threats with the potential to have a high impact, and of those that came to its attention, 31 received a hands-on intensive response, with another 239 leading to a report or advisory to customers to mitigate the risk to their networks.
The GCSB branch provides malware detection and disruption services to nationally significant organisations, and says the potential cost of harm caused by cyber threats to those entities is in the realm of $640 million. To that end, it estimates the Cortex malware disruption prevented about $39.5 million of harm from those attacks by avoiding things such as theft of intellectual property, copyright and patent infringement and espionage.
"The economic harm avoided through the operations of these capabilities is significant," NSCS director Lisa Fong said in a statement. "The benefits of the capabilities are felt beyond the direct recipients of cyber defence services, as we are able to share the cyber threat information we obtain from their operation to a wider group of nationally significant operations."
GCSB has been running a pilot with Vodafone New Zealand rolling out the Cortex system, which uses top-of-the-line technology, to a small number of the internet service provider's commercial customers. The intelligence agency is waiting for Cabinet to respond to its report on the trial, which showed the system could significantly dent malicious software incursions.
The report is part of a shift in the GCSB's attitude to keeping the public informed of what it does, and Fong said in her foreword it's hoped the document "will promote informed discussion of cyber security and contribute to increased resilience across the broad range of New Zealand's networks and systems". That's coincided with a greater recognition of the impact of cyber security, leading to the launch of the government's Computer Emergency Response Team (Cert NZ) this year.
"The trend towards greater adoption and expansion of digital services creates more targets, while the ability to purchase cyber threat capabilities enables greater numbers of actors, with a lower level of technical skill, to threaten systems and create cyber harm," the report said.
The report said 122 incidents had indicators that have been linked to state-sponsored groups in the past. Most cyber attacks go under the radar, and avoiding attention is a guiding principle for the most advanced and state-backed cyber actors, it said.
"The process of attribution can be costly and is only performed in its full extent in the most serious incidents," the report said.