Gordon Campbell | Parliament TV | Parliament Today | News Video | Crime | Employers | Housing | Immigration | Legal | Local Govt. | Maori | Welfare | Unions | Youth | Search


Patrick Gower interviews GCSB acting director Una Jagose

On The Nation:

Patrick Gower interviews GCSB acting director Una Jagose

Jagose says GCSB doesn’t focus on who is responsible for cyber attacks on NZ companies & government departments but on protecting networks and systems instead.

“It is apparently a very technical and difficult thing to work out where did that come from, who’s doing it and why are they doing it. We spend our energy on defence.”

Says companies using Cortex cyber-security defence system would notify people that their communications could be screened

Gower: Yeah, but I would be told, would I, by the company that they’ve now put Cortex on?

Jagose: You’ll be told that your communications will be screened or may be screened for cyber-defence purposes.

Gower: Right. How do you get told that?

Jagose: In terms and conditions of use, for example.

Says that in their cyber defence work, GCSB analysts only look at private internet traffic in 0.005% of cases.

Lisa Owen: Welcome back. Over the past few years the GCSB has been at the centre of a series of spy scandals. Now the new acting director, Una Jagose, says she's on a campaign to bring more transparency to the organisation. While talk that we spy on our Pacific neighbours and are part of America's "full-take collection" network is still largely off-limits, Jagose this week gave a speech about Project Cortex, designed to detect and stop cyber-attacks. In the past six months New Zealand has been hit by more cyber-attacks than the whole of 2014. Political editor Patrick Gower sat down with her and asked just who is under attack.

Una Jagose: We focus our attention on New Zealand companies that are holders of information, assets of importance to New Zealand, so nationally important infrastructure companies and some key government departments. So, yes, we’re definitely seeing attacks there.

Patrick Gower: So what you’re talking about – banks, telecom companies, those kinds of things?

Well, those parts of the infrastructure, the nationally important, those sorts of things. We actually don’t talk about who they are or specifically what types of organisations they are, because revealing that also reveals to an adversary where we might have our best and richest sources of data that they might be interested.

Yeah, and when you talk about an adversary, who is trying to get this information? Is it individual criminal organisations, or is it countries? What use is that information to someone?

Well, information is valuable. It can be used and added to other data sets and sold, or it can be manipulated or destroyed in order to have an impact on a company or on a network. At best it’s criminals. It’s often foreign-sourced sophisticated malware that we’re seeing. We don’t spend too much of our time trying to track down who did that, because, in fact, we want to use our time and our technology protecting networks and systems.

Yeah, and would some of it be what would be called industrial espionage, I guess, getting these secrets of Kiwi businesses?

Yes, it could be industrial espionage. It could be IP theft. It could be just having an in to important sovereign communications or discussions by government agencies, policies, positions governments might take, positions companies might take. If you can imagine yourself being able to get into someone’s computer, imagine what you could reveal to yourself about what they were planning.

Sure, and, I guess, in terms of adversaries, one thing that is said is that a lot of these attacks come from China and, indeed, from the Chinese military or the Chinese government. Is that what you’re finding?

Well, again, I say we don’t spend our energy looking at— attribution is really difficult. It is apparently a very technical and difficult thing to work out where did that come from, who’s doing it and why are they doing it? We spend our energy on defence.

In terms of getting to the broader issues of the GCSB, mass surveillance versus mass collection is something that people have often talked about. What’s your take on it? Is it just playing with words to say mass surveillance and mass collection are different?

Well, mass surveillance – we don’t use that term, because nobody has the same view about what it means. It gives an image of collection without purpose, collection without control, collection just for the hell of it, and we certainly don’t do that. So it’s not a concept that we use.

Can you guarantee, though, that in this sweeping up of information or whatever that Kiwis have not been accidentally spied on or snooped on unwillingly?

Well, using words like ‘spy’ and ‘snoop’ are other words that we don’t use either. But the process for collection of information— for cyber-defence purposes, are you talking?


That is used for cyber-defence purposes, so it is used to defend networks.

So, say, for instance, my personal information could somehow get taken up and used for cyber defence purposes?

Let’s say that you are in communication with a company that has deployed a Cortex service that is protecting its network. The way it does that is by identifying fingerprints or signatures of malware in the internet traffic, and so your internet traffic, if it is infected by malware, will have the fingerprint associated with it, and we will be able to, usually by a mechanised means, either identify that and tell the company or block it.

And at that point, my personal information that is in that email or what have you, can the GCSB see that? What does it do with it? How is my privacy protected at that point?

In the first instance, most steps are taken in a mechanised way so the system itself can identify the malware, identify the fingerprint and either block or defend— block or identify. Our assessment or our experience tells us that in about 0.005% of instances of data does the machinery throw up a question that can’t be answered by the system itself, and so an analyst will have to look at it in order to see what is this malware, is it new, is it something we haven’t identified yet? So in a very limited 0.005%, our experience to date tells us of data an analyst might have to look at a particular piece of internet traffic.

What does the analyst do if there’s a personal email there?

Well, the analyst is looking at it not for its content but for what the email and the traffic tells us about the fingerprint or the adverse attack that is occurring. So that’s what they do with it.

But the analyst can see the content if they want to?


And they ignore it, effectively? Is that the protection of privacy there?

Well, there are many controls that are in place to make sure that what is done with that information is what is entitled to be done or allowed to be done, which is about cyber defence in our example. The particular analyst that needs to look at it needs to record why they are doing something with it and what is happening with it, how it is being stored and what they found out when they looked at it. And all of that is auditable and reviewable by our systems, by the Inspector General. I’ve got great confidence in my people that they use that information for the purpose for which we’ve got it, which is to build up a good picture of cyber defence.

Is a warrant needed in the first place?

Yeah, there are two things, sort of a double-gated approach to the Cortex capabilities. First of all, there is a warrant, and it goes through the same process as set out in the legislation, by the Minister and the Commissioner of Security Warrants proving the capability. And the second gate is that the company that receives the service consents to that, and there are a number of preconditions that that company must meet, such as undertaking basic cyber-hygiene but, importantly, to your point, advising people that come into contact with that network, that their communications may be screened for cyber defence purposes.

Is there still a sort of way there that I’m sending an email and it’s seen by someone at the GCSB without my knowledge?

Well, you will know in advance that your communications will be screened for cyber-defence purposes if this is a Cortex product we’re talking about, so you’ll already know that in your engagement with whatever the company or agency is. And the reason that the analyst has to look at that communication is because it has an advanced form of malware attached to it.


They’re not interested in your personal communication, I can assure you.

Yeah, but I would be told, would I, by the company that they’ve now put Cortex on?

You’ll be told that your communications will be screened or may be screened for cyber-defence purposes.

Right. How do you get told that?

In terms and conditions of use, for example.

Transcript provided by Able. www.able.co.nz


The Nation on TV3, 9.30am Saturdays and 10am Sundays. Proudly brought to you by New Zealand on Air’s Platinum Fund.

© Scoop Media

Parliament Headlines | Politics Headlines | Regional Headlines

Gordon Campbell: On The Elusive Charms Of Christopher Luxon

Well, the first 36 hours of viewing the Christopher Luxon selfie were always going to be the best, before the repetitions set in. We get it, already. He’s an extroverted/big ego/high achieving/God fearing/country music lovin’/family man who is not at all averse to mansplaining to little ladies like RNZ’s Kathryn Ryan what “technical” words like “productivity” actually mean. But wait, there’s more. National is back! Mind you, that’s not the Bad National of recent experience, but the Good National of days gone by... More>>


Cancer Society: Hopes Final Pharmac Report Is Stronger

Today the delayed Interim Report was released by the Pharmac Review Panel. The performance of Pharmac and access to cancer drugs is a major concern for the Cancer Society... More>>

Defence: New Zealand Response To Assist Peace And Stability In Solomon Islands
The New Zealand government has announced that it will deploy Defence Force and Police personnel to Honiara to help restore peace and stability. “New Zealand is committed to its responsibilities and playing its part in upholding regional security,” Prime Minister Jacinda Ardern said.... More>>

Government: Delivers Reactivation Package As Aucklanders Reconnect For Summer
A new support package will help revive economic, social and cultural activities in our largest city over summer, and ensure those in hardship also get relief. The Social Development and Employment Minister Carmel Sepuloni and the Economic and Regional Development Minister Stuart Nash... More>>

National Party: Bridges Appointed Finance & Infrastructure Spokesperson

Hon Simon Bridges is the National Party’s new Finance and Infrastructure spokesperson, National Leader Christopher Luxon announced today. “Simon has prodigious skills, incredible talent and the intellectual heft needed to excel as National’s Finance spokesperson,” Mr Luxon says.... More>>

Waitangi National Trust: Waitangi Week
The Waitangi National Trust has decided there will be no in-person events at Waitangi Treaty Grounds during Waitangi Week 2022. Under the COVID-19 Protection Framework it would be practically impossible to safely proceed with the usual events of Waitangi commemorations... More>>

Freedom Camping: Making Sure People Are Up To Play With Changes
People interested in finding out how the proposed improvements to freedom camping might affect them are being invited to an information-sharing webinar... More>>




InfoPages News Channels