PM raises prospect of Cortex rollout for small businesses

Prime Minister John Key raised the prospect of rolling out the Government Communications Security Bureau's malware disruption programme 'Project Cortex' to small businesses at a hearing of the security and intelligence select committee in Parliament.

In a "hypothetical” question to the GCSB's acting director, Una Jagose, Mr Key said there were many small companies who in his view were likely to be subject to online attack but who would never be able to access Cortex, and pondered whether the original idea of protecting all users in New Zealand should be reconsidered. The prospect was ditched because of public concerns about mass surveillance.

New Zealanders now understand the threat of cyber crime far more, Ms Jagose said.

"One of our great advantages as a country is that we are small and we are surrounded by water and we have limited inputs for the international internet traffic to come," she said. "That is an opportunity for the future I would say that this country should think about very seriously because there is an opportunity to protect everybody, not just Cortex customers. I think on a future day we might have that discussion again, certainly in my engagement with boards and executive teams, I'm getting the feedback, ‘why are you not doing more, why are you not doing this for everybody’."

Cortex aims to disrupt advanced cyber threats to organisations of national significance in both the public and the private sector. When it was still in development, GCSB had wanted to include a private internet service provider as a pilot project, with a view to a wider deployment. That was turned down by the cabinet, though the agency was to report back to ministers by September this year on whether to embark on the pilot, something Ms Jagose has previously said was still under consideration.

Jagose said many business groups were now beginning to realise that cyber security was not just an issue for IT departments but something for discussion right at the top of a company.

"There have been such celebrated examples of cyber threats becoming real for people, the Sony hack of course, but also the Institute of Directors has started an engagement with its boards and its executive teams about how we need to be thinking about cyber," she said. "It needs to be on board agendas."

In the year ended June 30, Ms Jagose said that the GCSB had recorded 190 incidents of cyber attack, 114 targeting government networks, 56 in the private sector and 20 where the target had not been determined. The largest type of attack was 'spear-fishing' where an attachment containing damaging software had been sent by email.

Security Intelligence Service director Rebecca Kitteridge told the hearing that operations to protect New Zealand from cyber attack from foreign states had picked up speed in the last year.

"Their success threatens New Zealand defence, intelligence, scientific and technical research and development, and the intellectual property associated with New Zealand cutting edge industries as well as trade and international relations," Ms Kitteredge said.

(BusinessDesk)