Video | Agriculture | Confidence | Economy | Energy | Employment | Finance | Media | Property | RBNZ | Science | SOEs | Tax | Technology | Telecoms | Tourism | Transport | Search


GCSB's 'Cortex' sought tie-up with ISP

GCSB's 'Cortex' sought tie-up with ISP

By Paul McBeth

Sept. 17 (BusinessDesk) - The Government Communications Security Bureau may expand its 'Project Cortex' to sharing malware-disrupting technology with local internet service providers, according to Cabinet papers declassified by Prime Minister John Key.

The project is described as countering advanced cyber threats and would see the communications-focused spy agency deliver advanced malware detection services to an undisclosed number of entities including government agencies and "organisations of high economic and/or operating critical national infrastructure", including niche exporters and research institutions. Those services would be an "active disruption" of foreign-sourced advanced malicious software, known as malware, reducing vulnerability to attack and mitigating harm by technical countermeasures acting before the fact by blocking the ability of malware to target organisations.

The GCSB recommended the extension of the 'active' programme to an internet service provider under pilot conditions, to see how it would work in a commercial context.

"If the pilot is successful, a proposal will be prepared for Ministerial consideration outlining the costs and benefits of wider deployment," according to an undated document entitled 'Project Cortex Business Case' that appears to have been written in late June or early July, based on dates on other documents. "This wider deployment would be led by industry, on a cost-recovery/profit basis, not by GCSB."

Spark New Zealand, the country's biggest ISP with about 49 percent of the market, hasn't had formal discussions with the GCSB about the project, according to a spokesman, while Vodafone New Zealand, which has about 32 percent of the market, declined to comment.

The GCSB met with an undisclosed number of major private sector firms deemed to be of national importance, all of whom "confirmed interest in engaging further on the proposals in the event that funding is secured." It considered charging users, but rejected that in the short-term as it would need an amendment to legislation.

The spy agency's business case focuses on "cyber-borne threats that are foreign-sourced and particularly advanced in terms of technical sophistication and/or persistence," said the document.

Under threat are intellectual property and damage to IT systems that can't be countered by commercial available tools, and malware had already targeted "key economic generators", including a large New Zealand firm, niche exporters in knowledge-intensive industries, major IT service providers and government agencies, the documents say.

"The economic harm caused by advanced malware is significant, although hard to quantify at the macroeconomic level or even for individual organisations. It is hard to quantify because, for example, in the case of loss of intellectual property (IP) - often the most immediate target of a successful malware attack - there is no widely accepted means of valuing IP prospectively."

A key plank of last year's legislative amendment governing the GCSB was splitting its information assurance activities from its cyber-security and cooperation functions to let the agency play a major role in the wider cyber-security domain, as host of the National Cyber Security Centre and sharing its capabilities and expertise with other agencies.

The GCSB won't procure or develop bespoke systems, instead integrating and components already available and tested over several years, including widely available commercial off-the-shelf systems, single source systems, and some available only through government-to-government agreement.

Key released the declassified papers yesterday in response to claims by Intercept journalist Glenn Greenwald and former US National Security Agency contractor-turned-whistleblower fugitive Edward Snowden, that New Zealand's GCSB embarked on plans to implement mass metadata surveillance, including the tapping of the Southern Cross Cable, in 2012 and 2013, in an initiative called 'Speargun'.

Key has insisted that the GCSB hasn't undertaken mass surveillance of New Zealanders or collects their metadata, and said the highest form of protection considered by the agency was never completed nor put to Cabinet.

Project Cortex wasn't seen as causing material privacy issues, with controls including how data is access, stored, shared and disposed of. The business plan said there will be no mass surveillance, and that data will be accessed by GCSB only with the consent of owners of relevant networks or systems.

According to a minute to a July 28, 2014 meeting, Cabinet decided against pursuing the GCSB's recommended option, which included the pilot ISP sharing programme. Instead, it directed the spy agency to consult with the Minister for Communications and Information Technology, currently Amy Adams, on plans to involve an ISP, and to report to Key, the Minister responsible for the GCSB, and the IT minister on the implications of including an ISP in the project.

The 'active' option backed by Cabinet would be 10 percent cheaper than the 'proactive' option preferred by GCSB, and would forgo a third of the benefits with "far fewer" organisations receiving the malware disruption service. That in turn would reduce security risk as GCSB technology wouldn't be shared with an ISP.

The GCSB is to report back to ministers with an option to embark on the pilot by September 2015, and a funding contingency was extended to Jan. 31, 2016.

The business case was reviewed in May and June of this year by Key as GCSB minister, Adams as IT minister, Finance Minister Bill English, Economic Development Minister Steven Joyce, Foreign Affairs Minister Murray McCully, Defence Minister Jonathan Coleman and Attorney-General Chris Finlayson.


© Scoop Media

Business Headlines | Sci-Tech Headlines


Auckland Transport: Successful Bridge Repair Opens Two Additional Lanes To Traffic

The opening of two additional lanes on the Auckland Harbour Bridge this morning will help relieve some motorway congestion for motorists heading home to the North Shore tonight. More>>


Statistics New Zealand: COVID-19 Sees Record 12.2 Percent Fall In New Zealand’s Economy

Gross domestic product (GDP) fell by 12.2 percent in the June 2020 quarter, the largest quarterly fall recorded since the current series began in 1987, as the COVID-19 restrictions in place through the quarter impacted economic activity, Stats NZ said ... More>>


Climate: Scientists Release ‘Blueprint’ To Save Critical Ecosystems And Stabilize The Earth’s Climate

A group of scientists and experts produced the first comprehensive global-scale analysis of terrestrial areas essential for biodiversity and climate resilience, totaling 50.4% of the Earth's land. The report was published in Science Advances ... More>>


MPI: Independent Review Launched Into Assurances For Safe Transport Of Livestock By Sea

The Ministry for Primary Industries (MPI) has launched an independent review of the assurances it receives for the safe transport of livestock by sea. MPI Director-General Ray Smith says Mike Heron QC has been appointed to lead the review, which is expected ... More>>


Computers: New Zealand PC Market Grows Nearly 40% Due To Work From Home Demand

COVID-19 had large impacts on demand for PCs as businesses prepared for lockdowns by purchasing notebooks to mobilise their workforce. In the second quarter of 2020, New Zealand's Traditional PC market experienced a 39.7% year-on-year (YoY) growth ... More>>


University Of Auckland: Whale-Watching By Satellite – Follow Their Travels Online

Scientists have successfully attached satellite tracking tags to six New Zealand southern right whales, or tohorā, and are inviting the public to follow the whales’ travels online. Part of a major research project involving the University of Auckland ... More>>

Commerce Commission: Kiwibank Admits System Failures And Agrees To Pay Customers $5.2 Million

Kiwibank has entered into a settlement agreement with the Commerce Commission after reporting that it failed to have in place robust home loan variation disclosure policies, procedures and systems. In a settlement dated 27 August 2020, Kiwibank admitted that ... More>>

Ministry of Health: Public Transport Distancing Requirements Relaxed

Physical distancing requirements on public transport have been reviewed by the Ministry of Health to determine whether they are still required at Alert Level 2 (or below). The Ministry’s assessment is that mandatory face covering and individuals tracking ... More>>


NZHIA: New Zealand Hemp Industry Set To Generate $2 Billion Per Annum And Create 20,000 Jobs

A new report says a fully enabled hemp industry could generate $2 billion in income for New Zealand by 2030, while also creating thousands of new jobs. Written by industry strategist Dr Nick Marsh, the report has prompted calls from the New Zealand Hemp ... More>>


Stats NZ: One In 14 Employed People Report High Risk Of Losing Jobs

About one in 14 workers say they expect to lose their job or business by mid-2021, Stats NZ said today. A survey of employed people in the June 2020 quarter showed 7 percent felt there was a high or almost certain chance of losing their job or business ... More>>

ASB Quarterly Economic Forecast: NZ Economy Doing Better Than Expected, But Challenges Remain

August lockdown estimated to have shaved 8% off NZ’s weekly GDP, and 0.5% off annual GDP Economy now expected to shrink 5% (year-on-year) by end of 2020 Unemployment rate now expected to peak at 7.2% The latest ASB Quarterly Economic Forecast is less ... More>>