NZ spy agency system saves $40m in damage from cyber-attacks this year

AUT's Brian Cusack isn't surprised at the number of state-sponsored attacks.
University of Waikato's Ryan Ko says CORTEX is proving relatively effective, given its resources.

AUT's Brian Cusack explains why the government has much more work to do on cyber-security.

0:00 0:10

The government’s flagship cyber-defence programme has saved New Zealand’s most critical organisations $40 million in the last year.

According to the National Cyber Security Centre (NCSC), from an estimated $640 million worth of cyber damage annually, the Government Communications Security Bureau (GCSB) and its CORTEX system have reduced the cyber harm by $39.47 million – or about 6% of the total estimate.

CORTEX is the umbrella term for the government’s cyberthreat detection and disruption capabilities and services. It protects “organisations of national significance” such as government departments, key economic generators, niche exporters, research institutions and operators of critical national infrastructure in both the private and public sectors.

The unclassified NCSC report shows from July 1, 2016 to June 30, 2017, a total of 396 cyber incidents against these organisations were detected, up from 190 incidents in 2014-15 when the programme was started.

Over the last year, the NCSC provided what it calls “hands-on intensive incident response” on 31 of these incidents, and on a further 239 occasions, the NCSC provided reports or advisories.

Improvement and understanding
A spokesperson for the GCSB says the results were investigated by an independent entity with “national and international experience in business and cyber-security,” but couldn’t disclose the name of the investigator.

NCSC director Lisa Fong says the continuing development of CORTEX has improved the understanding of the threats targeting New Zealand, but the increase of detected threats suggests the country is still seen as an attractive target for both cyber-criminals and state-sponsored attackers.

“We assess that more than one-third [122] of the incidents recorded in the past year involve indicators that have previously been linked to government-sponsored attackers.

“The economic harm avoided through the operation of these capabilities is significant,” she says.

Ms Fong says the threats detected by CORTEX often can’t be seen by commercial cyber-security products and services.

“We also analyse cyberthreat information obtained through the operation of our capabilities, and use it to provide security advice and updates to our wider customers. The benefit of this broader advice is not included in the harm reduction benefit calculation.”

University of Waikato Cyber Security Lab director Ryan Ko says the protected damage estimate of $40 million is a fair and good result, but he expects both threats and detection will continue to rise.

“To my best knowledge, there were no major cyber-security outages or catastrophes faced by New Zealand in the past two years. Hence, it would be fair to say that the defence is working to a certain extent.

“There are not many other studies with the same rigour, so this report has placed New Zealand as one of the global leaders from this perspective. It is a good foundational step which will lead to a better national awareness and readiness.”

How NZ sits globally
“You can't improve what you can't measure. It is also well aligned with our national focus and reputation on transparency,” Dr Ko says.

AUT professor of computer sciences Brian Cusack wonders if the success of the NCSC is too low and a lot more should be done.

“It’s a matter of capability. Perhaps the report is to convince the incoming GCSB minister, which will be the prime minister, to allocate a bit more money to fight the threats.”

But Dr Cusack isn’t surprised that many of the detected threats were from suspected state-sponsored sources.

“There’s a very large state-sponsored attack pool out there. And with New Zealand’s dairy and banking sectors, other nation-states want to get control of the dairy and financial sectors.  

He agrees with the report that 396 is not the total number of cyberthreats faced by New Zealand’s nationally important organisations, just the threats with the most potential for harm. This figure is “normal from a global perspective,” he says.

Although compared to the US, Israel, Estonia or China – all of which are major cyber incident targets and originators – this amount is average, he says. But it does highlight that no country, no matter its location or population size, is immune from state-sponsored attacks.

“To refresh ourselves, July 2016 to June 2017 was also the period where the Internet of Things-related and ransomware attacks started becoming 'prime time' – creating actual economic impact and availability issues to infrastructures globally.

“The NCSC figure tells us that the CORTEX programme is relatively effective given its resources,” Dr Ko says.

The NCSC report reiterates its strategic goal of creating an “impenetrable infrastructure” by 2020 by improving the CORTEX programme and increasing public and private sector awareness of cyber-security.

Dr Ko says more detection will come from an improvement of measurement technique or an increase of measurement factors.

“It’s great the NCSC has set this aspirational goal. Personally, I am very happy to see this target as it sets our cyber-defence on a pathway of excellence.”

All content copyright NBR. Do not reproduce in any form without permission, even if you have a paid subscription.

Got a question about this story? Leave it in Comments & Questions below.

This article is tagged with the following keywords. Find out more about MyNBR Tags

Comments & Questions

Commenter icon key: Subscriber Verified

Post New comment or question

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.