Scoop has an Ethical Paywall
Licence needed for work use Learn More

Gordon Campbell | Parliament TV | Parliament Today | News Video | Crime | Employers | Housing | Immigration | Legal | Local Govt. | Maori | Welfare | Unions | Youth | Search

 

NCSC Review Of Response To IPAC Incident Released

A review of the GCSB’s National Cyber Security Centre’s (NCSC’s) practices and procedures arising out of reported malicious cyber activity targeting members of the Inter-Parliamentary Alliance on China (IPAC) has found the NCSC needs to give more consideration to the wider implications of cyber security incidents, beyond the technical response.

The review examined the NCSC's procedures and practices when it receives reports of malicious cyber activity involving foreign state-sponsored actors targeting identified New Zealand individuals.

The review was prompted by concern at the NCSC’s handling of reports of malicious cyber activity targeting IPAC members.

Lisa Fong, Deputy Director-General Cyber Security, GCSB said she initiated the review to identify areas for improvement, including where current NCSC procedures and practices could be updated. The review was broader than the specific incident.

The review was conducted by senior staff from the NCSC’s Cyber Defence Operations branch. It included reviewing written procedures and guidance and sought input from the New Zealand Security Intelligence Service, New Zealand Police and Parliamentary Service.

The review considered the views shared by IPAC members and the Minister Responsible for the GCSB. It examined written procedures and guidance and sought input from other agencies.

Ms Fong said the review showed there were aspects of the NCSC’s practice that could be improved.

Advertisement - scroll to continue reading

“The NCSC did not identify any information to indicate the activity resulted in a successful cyber security compromise but did identify a number of phishing emails sent to parliamentary email addresses,” Ms Fong said.

The review recommended that the NCSC’s response to incidents needs to ensure it considers the wider implications of cyber security incidents, and not focus solely on the technical response to such incidents.

It also recommended that the NCSC consider engagement with individuals targeted by foreign state-sponsored actors, and that it reconfirms its approach to briefing incidents to the Minister Responsible for the GCSB and the Minister’s office.

A copy of the review report has been provided to the GCSB Director-General GCSB, Minister Responsible for the GCSB and Inspector-General of Intelligence and Security. An unclassified version has been provided to past and present New Zealand IPAC members. An unclassified version of the report has also been made publicly available on the NCSC’s website.

© Scoop Media

Advertisement - scroll to continue reading
 
 
 
Parliament Headlines | Politics Headlines | Regional Headlines

 
 
 
 
 
 
 

LATEST HEADLINES

  • PARLIAMENT
  • POLITICS
  • REGIONAL
 
 

Featured News Channels


 
 
 
 

Join Our Free Newsletter

Subscribe to Scoop’s 'The Catch Up' our free weekly newsletter sent to your inbox every Monday with stories from across our network.