GCSB's Cortex cyber defence seen saving $40M from cost of cyber threats in 2017
By Paul McBeth
Nov. 23 (BusinessDesk) - The Government Communications Security Bureau's Cortex malware disruption defence is thought to
have saved almost $40 million from the cost of various online attacks in the 2017 fiscal year.
The intelligence agency's National Cyber Security Centre (NCSC) recorded 396 cyber threats in the year ended June 30, up
from 338 a year earlier, according to its unclassified cyber threat report, although a change in incident reporting
meant it wasn't necessarily a like-for-like comparison. Not every cyber attack comes to the NCSC's attention, which is
focused on nationally significant organisations and those threats with the potential to have a high impact, and of those
that came to its attention, 31 received a hands-on intensive response, with another 239 leading to a report or advisory
to customers to mitigate the risk to their networks.
The GCSB branch provides malware detection and disruption services to nationally significant organisations, and says the
potential cost of harm caused by cyber threats to those entities is in the realm of $640 million. To that end, it
estimates the Cortex malware disruption prevented about $39.5 million of harm from those attacks by avoiding things such
as theft of intellectual property, copyright and patent infringement and espionage.
"The economic harm avoided through the operations of these capabilities is significant," NSCS director Lisa Fong said in
a statement. "The benefits of the capabilities are felt beyond the direct recipients of cyber defence services, as we
are able to share the cyber threat information we obtain from their operation to a wider group of nationally significant
operations."
GCSB has been running a pilot with Vodafone New Zealand rolling out the Cortex system, which uses top-of-the-line
technology, to a small number of the internet service provider's commercial customers. The intelligence agency is
waiting for Cabinet to respond to its report on the trial, which showed the system could significantly dent malicious
software incursions.
The report is part of a shift in the GCSB's attitude to keeping the public informed of what it does, and Fong said in
her foreword it's hoped the document "will promote informed discussion of cyber security and contribute to increased
resilience across the broad range of New Zealand's networks and systems". That's coincided with a greater recognition of
the impact of cyber security, leading to the launch of the government's Computer Emergency Response Team (Cert NZ) this
year.
"The trend towards greater adoption and expansion of digital services creates more targets, while the ability to
purchase cyber threat capabilities enables greater numbers of actors, with a lower level of technical skill, to threaten
systems and create cyber harm," the report said.
The report said 122 incidents had indicators that have been linked to state-sponsored groups in the past. Most cyber
attacks go under the radar, and avoiding attention is a guiding principle for the most advanced and state-backed cyber
actors, it said.
"The process of attribution can be costly and is only performed in its full extent in the most serious incidents," the
report said.
(BusinessDesk)