Who we are
The National Cyber Security Centre (NCSC) was established in 2011 within the Government Communications Security Bureau (GCSB) to support nationally significant organisations in improving their cyber security and resilience.
In July 2024, New Zealand’s Computer Emergency Response Team (CERT NZ), formerly a part of the Ministry of Business, Innovation and Employment (MBIE), was integrated into the NCSC’s organisational structure to form the New Zealand Government’s lead operational cyber security agency.
The NCSC now provides cyber security services to all New Zealanders - from individuals to small and medium businesses and organisations, large enterprises, government, and nationally significant organisations.
We work with government, critical infrastructure and other nationally significant organisations, as well as the digital supply chain, to offer technical protections, detection and disruption, including incident response for national-level harm.
We work to improve New Zealand’s resilience to cyber security threats. The services we deliver include:
- providing cyber security information and educational resources;
- receiving reports of - and responding to - cyber security incidents;
- collating information about the cyber threat landscape to share with partners;
- disrupting cyber security attacks;
- hosting the Government Chief Information Security Officer (GCISO) function and providing system stewardship of public service information security;
- delivering cyber security uplift to Pacific Islands nations, and
- supporting government agencies and nationally significant organisations with tailored services and advice.
The NCSC makes use of its domestic and international networks to facilitate information exchanges within sectors, share information with trusted partners, and to support our cyber security work in New Zealand.
Our vision and tohu
The NCSC’s vision is a New Zealand where good cyber security happens everywhere, all the time, by everyone.
Cyber security is a complex and evolving area. What is needed to combat cyber threats today will look different from what is needed in future.
The NCSC uses tohu (signs or symbols) to describe the New Zealand that the NCSC will navigate towards. These provide direction, while maintaining enough flexibility to adapt as the environment changes.
The NCSC tohu are:
- People act on informed decisions: New Zealanders have sufficient information to decide which cyber security measures are best for them and then act.
- The basics are basic: The foundations of cyber security are easier for New Zealanders to implement, and, where possible, are implemented through the digital supply chain.
- Security that only we can provide is in place: The NCSC will be ready for tomorrow; its mandate, relationships and classified capabilities continually evolve to understand and counter the most serious potential cyber security harms New Zealand faces.
Our functional areas
The NCSC has five functional areas to achieve its objectives: Guide and Govern, Identify and Understand, Prevent and Protect, Detect and Contain, and Respond and Recover.
-
Guide and Govern: We support New Zealand’s cyber security system by setting expectations about what good practice looks like through policies and standards, coordinating information-sharing between organisations, and providing advice to the New Zealand Government on settings for critical infrastructure, cyber security procurement, and communications security material.
-
Identify and Understand: We identify, understand, and improve information security issues. We work to monitor, measure, and analyse issues, and provide advice to mitigate vulnerabilities. The NCSC has unique insight and understanding of the cyber landscape and can use this to inform policy and operational decision-making, aided by our GCISO function.
-
Prevent and Protect: We protect New Zealand’s information and prevent malicious cyber activity. We do this by maintaining New Zealand’s classified information and cryptographic systems, providing national security advice to inform regulatory decision-making on technology investment, and pre-emptively acting to disrupt threats to New Zealand.
-
Detect and Contain: One of the NCSC’s core functions is to detect threats on New Zealand systems (where we have visibility), and to block these threats before they can cause impact.
-
Respond and Recover: We help New Zealanders to respond and recover once threats are found. The NCSC assists with incident responses, especially when incidents are of national significance.
Our legislation
The Intelligence and Security Act 2017 sets out our functions, powers and duties, and provides a legislative framework that allows us to conduct activities necessary to protect New Zealand and New Zealand's interests while acting in accordance with New Zealand law and human rights obligations.
The NCSC and GCSB’s functions form part of the 2019 New Zealand Cyber Security Strategy.
National Cyber Security Centre
The NCSC responds to high-impact cyber incidents and threats to nationally significant organisations.
If you represent a nationally significant organisation or you are an information security practitioner, the NCSC has information and guidance designed for you in our Resources section.
You can also report nationally significant cyber security incidents to the NCSC.
Visit the NCSC Resources section(external link)
CERT NZ
CERT NZ responds to cyber security threats impacting individuals and small to medium enterprises. If you are in one of these categories, please visit the CERT NZ website, which contains information, advice, research, and insights for New Zealand businesses. You may also report an incident at the CERT website.
Please note: this information will be transferred to a new NCSC website in 2025.
Own Your Online
Own Your Online is a part of the New Zealand Government's work to raise understanding of cyber security issues for individuals and businesses. Cyber security might sound complex, but through Own Your Online, we can help you get started with the basics. Then you can add extra layers of protection, depending on what your risks are.
We work with organisations such as:
- Government departments
- Key economic generators
- Niche exporters
- Research institutions
- Operators of critical national infrastructure.
We guide and equip our customers to protect their valuable information and manage risks. We act as trusted, independent advisors, reducing the cost across the system by providing assurance, mitigating risk, enabling innovation, and supporting our customers through security issues.
As part of the Government Communications Security Bureau (GCSB), we contribute to New Zealand’s overall security resilience. We report to the Director-General of the GCSB, who is the Government Chief Information Security Officer (GCISO).
Our domestic partners
We work closely with other government agencies in New Zealand. One of our key partners is the New Zealand Police, who is responsible for crimes that happen online. Another partner is the Department of Internal Affairs, who house the Government Chief Digital Officer. .
We also work closely with technology and investment advisors including the Ministry of Business, Innovation and Employment(external link) (MBIE), The New Zealand Treasury(external link), and we maintain partnerships with New Zealand’s private sector.
Cyber security resilience is centrally important to ordinary business operations. During incidents, we often work with the suppliers to the affected organisations as they restore their services.
We work with a range of partners to deliver our Malware Free Networks service, and with nationally significant private-sector organisations to help them raise their cyber resilience.
Our international cyber security partners
Our primary international partners include the Australian Cyber Security Centre(external link) (within the Australian Signals Directorate), the Canadian Centre for Cyber Security(external link) (within the Communications Security Establishment), the United Kingdom’s National Cyber Security Centre(external link) (within the Government Communications Headquarters), and the National Security Agency(external link) and the Cybersecurity and Infrastructure Agency(external link) (CISA) in the United States.
We support the Government’s wider digital and data goals for aiding our country’s economic recovery and wellbeing. Our work contributes to some key strategies:
- The Digital Strategy for Aotearoa(external link), led by the Department of Internal Affairs
- The Strategy for a Digital Public Service(external link), led by the Ministry of Business, Innovation and Employment
- The Government's Data Investment Plan(external link), led by Stats NZ
- The Cyber Security Strategy(external link), led by the National Cyber Policy Office.