29 Sep 2015

Is NZ cybercrime's soft underbelly?

4:56 pm on 29 September 2015

Foreign hackers sometimes view New Zealand as the soft underbelly of cyber defence, the acting head of the Government's electronic spy agency says.

Una Jagose has for the first time revealed operational details on the Cortex cyber security programme used by government agencies and some large New Zealand companies.

Acting Director of GCSB

Una Jagose, acting director of GCSB. Photo: RNZ / Alexander Robertson

Ms Jagose delivered an address to a Privacy Commission technology forum in Wellington today, after her original speech was cancelled earlier this month due to an anti-GCSB protest.

Ms Jagose said each month the programme identifies about 900 new cyber threats - with some foreign hackers viewing New Zealand as a soft touch on cyber defence.

She said the agency has heeded public calls for greater transparency - and she was attempting to dispel some of the myths surrounding it.

"We're not listening to you, we're not following your online searches and we're not looking at what you do on your computer - so feel free to continue doing what you were doing."

That included data gathered in the bureau's cyber security programme Cortex.

Ms Jagose would not detail which companies or departments were involved, but she did detail how Cortex works, how it's controlled and how the GCSB looks at the privacy interests.

Cortex was mostly automated, with machines looking for indicators of malicious cyber activity.

"Using information about previous or attempted cyber attacks. We use also active defence capabilities.

"That includes putting in place a system that identifies and then disrupts sophisticated cyber threats in real time.

"Those systems are given fingerprints - or patterns of data that identify known threats."

Those fingerprints are then used to distinguish between benign and malicious internet traffic. The malicious traffic is then prevented from reaching its intended destination.

About 0.5 percent of the data analysed by Cortex is some form of cyber threat. Less than 0.005 percent of that data has to be reviewed by a human analyst.

Ms Jagose said that would be when the machine analysis throws up an unidentified malicious cyber activity.

Ms Jagose said Cortex focused only on defending the country's computer systems - not finding out where the attacks were coming from.

She said some of those attacks directly target businesses and organisations, while others used New Zealand's computer systems as a backdoor to target other countries.

So what does it mean for the privacy of the companies and organisations - and those that interact with them?

Ms Jagose said the programme had extraordinary controls on the storage, use and retention of data analysed.

"We cannot and don't use it for any other purpose."