This article was accepted into the corpus but its outbound wikilinks were never NER-processed — typical at the deepest BFS hop or when the run's entity cap was reached. No expansion funnel to show.
| National Cyber Security Centre (New Zealand) | |
|---|---|
| Name | National Cyber Security Centre (New Zealand) |
| Formed | 2019 |
| Jurisdiction | New Zealand |
| Parent agency | Department of the Prime Minister and Cabinet |
| Headquarters | Wellington |
| Minister | Prime Minister of New Zealand |
National Cyber Security Centre (New Zealand) is a New Zealand entity responsible for cyber security advice, incident response, and national resilience. The centre operates within the Department of the Prime Minister and Cabinet and coordinates with New Zealand agencies such as New Zealand Police, Government Communications Security Bureau, and New Zealand Defence Force to protect public and private sector networks. It engages with international partners including United States Department of Homeland Security, Australian Cyber Security Centre, and United Kingdom National Cyber Security Centre to address transnational threats.
The centre provides threat intelligence, risk assessments, and guidance to entities including Ministry of Health (New Zealand), Ministry of Education (New Zealand), Auckland Council, Wellington City, Inland Revenue Department (New Zealand), and corporate actors such as Spark New Zealand, Telecom New Zealand, Air New Zealand, Fisher & Paykel, Fonterra, ANZ Bank New Zealand, and Bank of New Zealand. It liaises with regulatory bodies like Commerce Commission (New Zealand), Privacy Commissioner (New Zealand), and Financial Markets Authority (New Zealand). The centre synthesises inputs from standards bodies such as Standards New Zealand and industry groups like New Zealand Bankers' Association and New Zealand Telecommunications Forum.
The centre was announced amid events involving cyber incidents affecting entities including Wellington Electricity, Oranga Tamariki, and international incidents linked to actors monitored by National Security Agency (United States), Australian Signals Directorate, and Five Eyes. Its creation followed reviews such as those by Royal Commission of Inquiry into the Pike River Mine disaster-style inquiries into systemic risk and drew on recommendations from reports by New Zealand Law Commission, Reserve Bank of New Zealand, and parliamentary committees including the Finance and Expenditure Committee (New Zealand Parliament). Founding leadership included senior officials from Department of the Prime Minister and Cabinet and secondees from Ministry of Business, Innovation and Employment (New Zealand) and Crown Research Institutes. The establishment paralleled moves in European Union states and agencies like ENISA to centralise cyber resilience.
Governance structures reference the Cabinet of New Zealand, oversight via ministers such as the Prime Minister of New Zealand and interaction with statutory authorities including State Services Commission (New Zealand). The centre employs specialists from sectors represented by University of Canterbury, University of Auckland, Victoria University of Wellington, and vocational institutes like Western Institute of Technology at Taranaki. Organizational units mirror models used by National Cyber Security Centre (United Kingdom), Australian Cyber Security Centre, and Cybersecurity and Infrastructure Security Agency with divisions for operations, intelligence, policy, and outreach. Corporate governance draws on frameworks from ISO/IEC 27001, NIST Cybersecurity Framework, and compliance regimes under laws such as the Privacy Act 2020 (New Zealand).
Primary roles include national incident response coordination, threat intelligence sharing, public advice and awareness, and capability building for sectors such as healthcare, energy companies like Transpower, telecommunications firms like Vodafone New Zealand, and critical infrastructure operators including Ports of Auckland and Airports Company New Zealand. The centre supports compliance with standards promulgated by International Organization for Standardization members and engages with procurement and resilience work in ministries such as Ministry of Business, Innovation and Employment (New Zealand) and Te Puni Kōkiri. It also provides guidance aligned with international agreements like those negotiated at the United Nations General Assembly and bilateral engagements with Japan and Canada.
Operational programs include national Computer Emergency Response Team functions akin to CERT-UK, vulnerability disclosure processes influenced by Microsoft and Google vulnerability reward practices, and public campaigns modelled on StaySafeOnline and Stop.Think.Connect.. Initiatives target supply chain security with references to companies such as Cisco Systems, Fortinet, and Kaspersky Lab; training programs partner with CERT NZ-style teams, universities including Massey University, and private sector firms such as Datacom Group and Orion Health. Exercises and simulations are conducted with partners like Auckland District Health Board and Ministry of Transport (New Zealand) and draw from scenarios used by NATO and ANZUS exercises.
The centre operates within the Five Eyes intelligence partnership alongside United States, Australia, United Kingdom, and Canada agencies including NSA, ASD, GCHQ, and CSE (Canada). It participates in multilateral forums such as APEC, ASEAN Regional Forum, Interpol, and Council of Europe initiatives on cybercrime like those under the Budapest Convention on Cybercrime. Bilateral cooperation includes memoranda with Australia, United States Department of Defense, and regional partners such as Fiji and Samoa. It collaborates with international non-governmental organizations such as Internet Society and ICANN for infrastructure resilience.
The centre publishes advisories referencing malware families and threat actors tracked by entities like Mandiant, CrowdStrike, Kaspersky Lab, and Trend Micro. It has issued guidance during incidents affecting sectors including Auckland District Health Board, Canterbury District Health Board, and utilities like Mercury NZ. Advisories coordinate with law enforcement investigations by New Zealand Police and cross-border actions involving Europol and FBI (Federal Bureau of Investigation). Public communications echo best practices promoted by CERT-EU and ENISA during large-scale campaigns.
Critiques involve debates over transparency, civil liberties, and oversight raised by groups such as Privacy Commissioner (New Zealand), Human Rights Commission (New Zealand), digital rights advocates linked to Electronic Frontier Foundation, and academic commentators from University of Otago. Legal foundations derive from statutes including the Official Information Act 1982, Privacy Act 2020 (New Zealand), and security provisions associated with agencies like Government Communications Security Bureau Act 2003. Ongoing discourse references parliamentary reviews by the Justice Committee (New Zealand Parliament) and submissions from organisations such as InternetNZ and NZTech.
Category:Computer security in New Zealand