• Our Vision

    To be the trusted guardian of
    New Zealand's
    Information Assets

  • Our Mission

    To provide IA & Cyber Security support to Agencies & Critical Infrastructure operators in order to secure networks and provide monitoring, analysis & response capability to combat APT


Connect Smart

Connect Smart

Connect Smart is a Government led initiative to raise awareness of the importance of online security.  Connect Smart week runs from Monday 16 June to Friday20 June, and has been organised by the National Cyber Policy Office. 

The National Cyber Security Centre (NCSC) is a supporting partner of Connect Smart Week.

The NCSC encourages home and small to medium enterprise computer users to participate in these Connect Smart events and activities, and to ensure they are adopting the best possible information security practices.

Details of Connect Smart events and activities can be found at www.connectsmart.govt.nz

 

 

read more

Cyber threats continue to rise

The number of cyber incidents recorded by the National Cyber Security Centre (NCSC) increased by more than 60% in 2013.

The NCSC, part of the Government Communications Security Bureau (GCSB), has seen an increase in recorded incidents from 134 in 2012 to 219 in 2013.

GCSB Director Ian Fletcher says, “This increase can be attributed in part to greater awareness of the importance of reporting incidents among New Zealand government agencies and critical infrastructure providers, and also awareness of the role and functions of the NCSC.”

The NCSC focuses on the protection of core government networks, the systems that support our critical national infrastructure, and engagement with industry and business to protect our intellectual property and economic assets.

Mr Fletcher says, “The New Zealand experience is broadly in line with international trends for cyber incidents. The majority of those reported in 2013 were targeted towards the private sector (68%), followed by government (20%).”

“The techniques used in cyber incidents make it difficult to identify the instigators.”

Scam and spam related incidents were the largest category of reported incidents at 30%. Denial of Service (DoS) attacks and Botnet/Malware activity were the second largest categories, making up 22% and 12% of incidents respectively.

Incidents reported to NCSC are recorded by NCSC personnel once it has been determined that a true security threat has occurred, differentiating them from other common online events.

A copy of the NCSC 2013 Incident Summary is available here.

 

 

Media Contact

Cherie Blithe
04 819 8226

 

read more

Vulnerability in Internet Explorer Could Allow Remote Code Execution

On 27 April 2014 Microsoft disclosed a vulnerability that affects Internet Explorer versions 6 -11, for which a patch is now available.

The vulnerability can be used to  install malicious software if a user were to visit a site containing the exploit using an affected version of Internet Explorer.    An attacker who successfully exploited this vulnerability could gain the same user rights as the current user.

Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

The full NCSC advisory is available here

read more

Reporting an Incident


If you are a New Zealand government institution or a Critical National Infrastructure (CNI) organisation and you have encountered or suspect the presence of a cyber threat, please complete and return an Incident Reporting Form. If required, you can speak with us directly on (04) 498-7654. All incident reports provided to the NCSC are treated in the strictest of confidence.

Some Interesting Stats


Some interesting stats

In its third year of operation, the NCSC saw an increase in the number of cyber security incidents reported, from a total of 134 in 2012, to a total of 219 in 2013. Scam and spam related incidents were the largest category of reported incidents at 30%. Denial of Service (DoS) attacks and Botnet/Malware activity were the second largest categories, making up 22% and 12% of incidents respectively.

The median number of days a cyber threat was present in victims system before being detected was 299 according to Mandiant’s 2013 MTrends report.  The report says 67 percent of victims were notified of the threat by an external entity. The report is available here.  

Security software provider McAfee log 200 new cyber threats every minute according to their by security software provide McAffee according to their 4th quarter, 2013 threats report. The report is available here.