NCSC Review Of Response To IPAC Incident Released
A review of the GCSB’s National Cyber Security Centre’s (NCSC’s) practices and procedures arising out of reported malicious cyber activity targeting members of the Inter-Parliamentary Alliance on China (IPAC) has found the NCSC needs to give more consideration to the wider implications of cyber security incidents, beyond the technical response.
The review examined the NCSC's procedures and practices when it receives reports of malicious cyber activity involving foreign state-sponsored actors targeting identified New Zealand individuals.
The review was prompted by concern at the NCSC’s handling of reports of malicious cyber activity targeting IPAC members.
Lisa Fong, Deputy Director-General Cyber Security, GCSB said she initiated the review to identify areas for improvement, including where current NCSC procedures and practices could be updated. The review was broader than the specific incident.
The review was conducted by senior staff from the NCSC’s Cyber Defence Operations branch. It included reviewing written procedures and guidance and sought input from the New Zealand Security Intelligence Service, New Zealand Police and Parliamentary Service.
The review considered the views shared by IPAC members and the Minister Responsible for the GCSB. It examined written procedures and guidance and sought input from other agencies.
Ms Fong said the review showed there were aspects of the NCSC’s practice that could be improved.
“The NCSC did not identify any information to indicate the activity resulted in a successful cyber security compromise but did identify a number of phishing emails sent to parliamentary email addresses,” Ms Fong said.
The review recommended that the NCSC’s response to incidents needs to ensure it considers the wider implications of cyber security incidents, and not focus solely on the technical response to such incidents.
It also recommended that the NCSC consider engagement with individuals targeted by foreign state-sponsored actors, and that it reconfirms its approach to briefing incidents to the Minister Responsible for the GCSB and the Minister’s office.
A copy of the review report has been provided to the GCSB Director-General GCSB, Minister Responsible for the GCSB and Inspector-General of Intelligence and Security. An unclassified version has been provided to past and present New Zealand IPAC members. An unclassified version of the report has also been made publicly available on the NCSC’s website.