New Zealand’s Security Program With Vodafone Dented malicious Software Attacks

GCSB Logo

Vodafone New Zealand’s security pilot program for the Government Communications Security Bureau has shown the technology could “significantly” dent malicious software attacks.

The country’s security agency launched the program called “Malware Free Networks” (referring to foreign sourced advanced malicious software), and allowed second-biggest internet service provider to use its cyber threat information and technology to mitigate those attacks for a small group of the ISP’s commercial customers. The GCSB had been keen to test its Cortex technology with an ISP since 2014, however Cabinet wanted the intelligence agency to report back before signing off on such a deal.

The Cortex system became public when former Prime Minister John Key declassified some documents in response to claims by Intercept journalist Glenn Greenwald and former US National Security Agency contractor-turned-whistleblower Edward Snowden that New Zealand’s GCSB embarked on plans to implement mass metadata surveillance, including the tapping of the Southern Cross Cable, in 2012 and 2013, in an initiative called ‘Speargun’.

The Five Eyes

The GCSB was scheduled to report back to Cabinet in the first quarter of this year with options for the future of program, with any extension needing ministerial approval.

“GCSB has provided a report to Cabinet on the Malware-Free Networks pilot indicating its potential to disrupt a significant volume of malicious activity,” a spokesman said.

“We are continuing to work with Vodafone to maintain the Malware-Free Networks capability until a decision has been made about post-pilot options, and will provide a further report back to Cabinet.”

Malware threats accounted for about 17 per cent of the government’s Computer Emergency Response Team direct responses in the pilot’s three months of operation, the second most common category behind phishing.

Any potential extension will now fall to the new government, with Prime Minister-elect Jacinda Ardern indicating she planned to take the intelligence portfolio, and ministers are expected to get their warrants on Thursday.

The GCSB had been keen to test its Cortex technology with an ISP since 2014.

However, Cabinet wanted the intelligence agency to report back before signing off on such a deal.

Project Cortex wasn’t seen as causing material privacy issues, with controls including how data is access, stored, shared and disposed of.

The business plan said there will be no mass surveillance, and that data will be accessed by GCSB only with the consent of owners of relevant networks or systems.

Vodafone though doesn’t bear any of the cost of the pilot, with the GCSB footing the bill

The cyber security strategy report said the next step for protecting New Zealand’s most important information infrastructures was to “complete the full deployment of Cortex capabilities to NCSC (National Cyber Security Centre) customers”.

The Government Communications Security Bureau (GCSB) is a public service department that provides information assurance and cyber security to the New Zealand Government and critical infrastructure organizations, collecting and analyzing intelligence in accordance with the Government’s priorities, and providing cooperation and assistance to other New Zealand government agencies.