Our objectives
We work to enable the protection, wellbeing and prosperity of Aotearoa New Zealand by providing trusted cyber security services. Our strategic objectives are to:
- Defend national security
- Raise cyber resilience
- Facilitate digital transformation.
We fulfil our objectives through four functional activities: providing preventative advice, and deterring, detecting and disrupting the types of malicious cyber activity that could affect the country’s national security and economic wellbeing.
Our strategy
The NCSC supports nationally significant organisations to improve their cyber security, and we respond to national-level harm and advanced threats.
Our mission is to protect Aotearoa New Zealand’s wellbeing and prosperity through trusted cyber security services.
Our strategy to 2024 guides the delivery of these services.
We detect and disrupt
We work with the consent of nationally significant organisations to detect and disrupt high-impact cyber threats that are typically beyond the capability of commercially available products and services.
Our defensive technologies find indications of malicious cyber activity. These technologies detect anomalies and signs of compromise on consenting customer networks. The range of threats is large and growing – both in New Zealand and internationally.
To deal with these threats, we:
- Supply advanced threat detection and disruption capabilities to nationally significant organisations
- Respond to high-impact cyber incidents at a national level.
Our incident responders help organisations evict malicious cyber actors from their networks, restore services, and recover. We disrupt malicious cyber activity by:
- Sharing threat information across our customer base
- Intervening when a threat is detected
- Blocking specific threats to customer networks
- Deploying our incident response team if necessary.
We advise
We work closely with hundreds of nationally significant organisations to improve their cyber resilience and reduce their vulnerability to attack. We provide organisations with advice, support and threat alerts to help them raise their cyber resilience.
We work with organisations such as:
- Government departments
- Key economic generators
- Niche exporters
- Research institutions
- Operators of critical national infrastructure.
We guide and equip our customers to protect their valuable information and manage risks. We act as trusted, independent advisors, reducing the cost across the system by providing assurance, mitigating risk, enabling innovation, and supporting our customers through security issues.
As part of the Government Communications Security Bureau (GCSB), we contribute to New Zealand’s overall security resilience. We report to the Director-General of the GCSB, who is the Government Chief Information Security Officer (GCISO).
We share our cyber threat analyses with our customers and partners, and we foster a mature security culture based on the Government Protective Security Requirements (PSR) and the New Zealand Information Security Manual.
Learn more about the PSR on the Protective Security Requirements website
Learn more about the New Zealand Information Security Manual
We deter
We discourage malicious cyber attackers from targeting New Zealand by making it harder for them to operate here. We achieve this by providing best-practice and world-leading information security services.
- We administer the network security provisions of the Telecommunications Interception Capability and Security Act 2013 (or TICSA). We engage with network operators to identify security risks in network changes they propose under TICSA.
- We conduct risk assessments relating to New Zealand’s growing space industry, under the Outer Space and High-altitude Activities Act 2017.
- We also help scrutinise certain foreign investment proposals from a national security perspective, under the Overseas Investment (urgent measures) Amendment Act 2021.
We help to secure New Zealand Government’s most sensitive information and communications by providing high-grade encryption capabilities and ensuring that government facilities and systems are protected against technical threats.
Our legislation
The Intelligence and Security Act 2017 sets out our functions, powers and duties, and provides a legislative framework that allows us to conduct activities necessary to protect New Zealand and New Zealand's interests while acting in accordance with New Zealand law and human rights obligations.
Learn more about our legislation on the GCSB website
The NCSC and GCSB’s functions form part of the 2019 New Zealand Cyber Security Strategy.
Further information
We respond to high-impact cyber incidents and threats to nationally significant organisations.
If you’re a nationally significant organisation, you can report a suspected incident to us.
If you suspect a cyber security incident and you’re not sure what to do, you can contact us.
Contact us about a suspected cyber security incident
If you need general help or information about cyber security topics and services, check our Resources section.
If your enquiry or suspected incident is outside our area of responsibility, we can refer you to CERT NZ or another appropriate organisation. (CERT is an acronym for Computer Emergency Response Team.)
We work with a broad range of partner organisations to build our cyber defences.
Our domestic partners
Our domestic partners include CERT NZ, which provides general support to businesses, organisations and individuals affected by cyber security incidents. Another partner, New Zealand Police, is responsible for crimes that happen online.
We also work closely with technology and investment advisors including the Ministry of Business, Innovation and Employment, The New Zealand Treasury, the Department of Internal Affairs, and the Overseas Investment Office.
Our partnerships with New Zealand’s private sector
Cyber security resilience is centrally important to ordinary business operations. During incidents, we often work with the suppliers to the affected organisations as they restore their services.
We work with a range of local partners to deliver our Malware Free Networks service, and we work with nationally significant private-sector organisations to help them raise their cyber resilience.
Learn more about Malware Free Networks
Our international cyber security partners
Our primary international partners include the Australian Cyber Security Centre (within the Australian Signals Directorate), the Canadian Centre for Cyber Security (within the Communications Security Establishment), the United Kingdom’s National Cyber Security Centre (within the Government Communications Headquarters), and the National Security Agency in the United States.
We support the Government’s wider digital and data goals for aiding our country’s economic recovery and wellbeing. Our work contributes to some key strategies:
- The Digital Strategy for Aotearoa(external link), led by the Department of Internal Affairs
- The Strategy for a Digital Public Service(external link), led by the Ministry of Business, Innovation and Employment
- The Government's Data Investment Plan(external link), led by Stats NZ
- The Cyber Security Strategy(external link), led by the National Cyber Policy Office.