The Government Communications Security Bureau (GCSB) is partnering with private-sector cyber security providers in an
initiative that has the potential to prevent millions of dollars of cyber harm.
A new cyber defence capability launched today by the GCSB’s National Cyber Security Centre (NCSC) will make the Centre’s
cyber threat intelligence available to commercial cyber security providers to help defend their customers’ networks.
GCSB Director-General Andrew Hampton said the key to scaling the benefits from NCSC cyber defence capabilities is to
work in partnership with other cyber security providers.
“The Malware Free Networks (MFN) capability makes that possible, providing a platform for us to share indicators of
malicious activity with security service providers so they can detect and disrupt that activity on their customers’
networks.”
There have been more than 40,000 indicators of compromise deployed to MFN since the new service was piloted and went
live in September last year.
Andrew Hampton said these indicators are derived from a range of our sources, including the operation of the NCSC’s
cyber defence capabilities, through our incident response work, and from international partners.
“Already with an initial customer trial of MFN up to this point we are achieving real impact. As of yesterday (November
30, 2021) MFN has disrupted more than 10,000 threats.
“We know that already MFN is preventing real harm. As the span of capability grows, and more partners include MFN in
their services the, benefit for New Zealand organisations both public and private will increase exponentially,” Andrew
Hampton said.
The NCSC reported earlier this month that the operation of its cyber defence capabilities helped reduce harm to New
Zealand organisations by $119m in the last financial year, and more than $284m since these capabilities became
operational in 2016.
Andrew Hampton said the MFN capability was first piloted as part of the rollout of those capabilities.
“While the pilot showed it has significant potential, it also highlighted a range of technical challenges.
“Since the pilot, the NCSC has worked extensively with a range of local partners to address technical challenges and
deliver a technology platform which can take our cyber threat information and very quickly turn it into actionable
threat intelligence which partners can deploy.
The NCSC currently has agreements with nine MFN partner organisations: Cassini, Cyber Research NZ, Datacom, DEFEND,
InPhySec, Kordia, SSS IT Security Specialists, Spark NZ, and Vodafone NZ. These partners are progressively offering the
MFN service as part of their managed security products.
Andrew Hampton said the achievement in developing those partnership relationships and delivering the MFN service
platform is a reflection of the commitment and considerable technical capability of the NCSC staff.
“I am really proud of their efforts, the partnerships we have established, and the service we are making available. I
know it will make a real contribution to the future of New Zealand’s cyber defence.”
“Responding to the ever-evolving threatscape facing New Zealand organisations today has increasingly required
partnership, collaboration and team work across the public and private sectors. The delivery and scaling of our Malware
Free Networks capability is a great example of that,” Andrew Hampton said.
“However, no single cyber security capability is a silver bullet. We still need organisations to ensure they have
effective cyber security governance, understand their critical systems and risks – particularly across their supply
chain and to have a plan for how they would respond to a cyber security incident.”
“The NCSC has resources which can help organisations address all these areas,” he said.