GCSB willing to extend cyber-attack Cortex programme to local ISPs
The Government Communications Security Bureau's 'Cortex' cyber-security programme has been successful in helping identify and mitigate a series of cyber attacks since its introduction and an extension to cover local internet service providers is still on the cards, said acting director Una Jagose, at a public event in Wellington.
Speaking at a privacy and technology forum hosted by the Office of the Privacy Commissioner after an earlier event was cancelled because of protest action, Jagose said the Cortex programme has successfully helped to identify and resolve those threats. While only certain public and private entities are covered by the system, any lessons can be fed back into the cyber-defence ecosphere, she said..
Cortex aims to counter advanced cyber threats, providing malware detection services to an undisclosed number of entities including government agencies and "organisations of high economic and/or operating critical national infrastructure", including niche exporters and research institutions. Those services are an "active disruption" of foreign-sourced advanced malicious software, known as malware, reducing vulnerability to attack and mitigating harm blocking the ability of malware to target organisations, according to a Cabinet paper released last year.
When the business plan for Cortex was still in development, GCSB had wanted to include a private internet service provider as a pilot project, with a view to a wider deployment. That was turned down by the Cabinet, though the agency was to report back to ministers by September this year on whether to embark on the pilot, and Jagose told reporters after her speech that the proposal is still under consideration.
The benefit of extending Cortex to ISPs would be in providing an additional layer of protection for identifying and mitigating cyber threats, Jagose said today.
Early successes for Cortex have included helping a government agency mitigate an attack on several officials' emails, aiding six significant organisations recover from a newly identified source of cyber attack and detecting large-scale targeting of a nationally significant entity as part of a global campaign by a foreign threat, Jagose said. It also helped an Auckland firm recover from overseas criminal attack, resolved a long-term compromise in a large information technology firm, helped a telecommunications provider respond and strengthen systems after suspicious activity on its network, and assisted private sector firms facing ransomware attacks.
"That information gathered is used for defending our networks, it's all about cyber-security - I think it's really going well," Jagose said. "In the first 10 weeks of this year we resolved more cyber-security incidents than we did in all of 2014. Does that mean things are getting worse or that we're getting better? We're not quite sure yet. It's possible that we're getting better at identifying cyber risks and dealing with them."
Declassified Cabinet papers released last year outlined the plans for the malware-disrupting programme, which Jagose today said were an important part in countering "serious high-end sophisticated threats to significant New Zealand entities and infrastructure."
Jagose told reporters after her speech that private sector companies she's spoken to are "very keen" on joining Cortex, seeing it as an extension of their own cyber-security initiatives, as it requires compliance with certain security and privacy criteria.
"It's not to replace available products, and not for them to save money, but for the technical ability to protect against advanced threats," Jagose said. "Private sector partners spend a huge amount of money on their own cyber protection and part of the Cortex offering requires them to go through those basic steps, so that they have to spend the money as well."
During her speech, Jagose took the opportunity to try to dispel some "myths" that the agency is involved in mass surveillance, saying legislative checks and balances provide a level of oversight that should provide some assurance for the public. Still, Jagose said the GCSB is trying to improve its transparency without giving away the country's vulnerabilities and capabilities to its adversaries.