The Government Communications Security Bureau (GCSB) ensures the integrity and confidentiality of government information, and investigates and analyses cyber incidents against New Zealand’s critical infrastructure. The GCSB also collects foreign intelligence bearing on New Zealand’s interests, and assists other New Zealand government agencies to discharge their legislatively mandated functions.
The GCSB is a public service department with its head office in Wellington, a station at Tangimoana, near Palmerston North, and another station at Waihopai, near Blenheim. The Director of the GCSB, since January 2012, is Ian Fletcher. The Director reports directly to the Minister responsible for the GCSB, traditionally the Prime Minister.
GCSB has approximately 300 staff in a wide range of disciplines, including foreign language experts, communications and cryptography specialists, engineers, technicians, and support staff.
GCSB contributes to New Zealand’s national security by providing:
- Information assurance and cyber security
- Foreign intelligence
- Cooperation and assistance to other New Zealand government agencies.
The GCSB has two communications collection or interception stations: the high frequency radio interception and direction-finding station at Tangimoana, near Palmerston North, and the satellite communications interception station at Waihopai, near Blenheim.
The National Cyber Security Centre (NCSC) has been located within the GCSB since its establishment in 2011. The NCSC provides enhanced services and advice to government agencies and critical infrastructure providers to help them to defend against cyber-borne threats.
The New Zealand Government has had a signals intelligence (SIGINT) capability since the Second World War. It has also long recognised the need to ensure that government agencies were protected from “bugging” (technical security, or TECSEC) and that its sensitive messages could not be read by third parties (communications security, or COMSEC). Until the establishment of the GCSB, these services were provided by bodies such as the New Zealand Defence Force and the NZSIS. In 1977, the then Prime Minister, Robert Muldoon, approved the formation of the GCSB, but its functions and activities were secret.
In 1980 it was decided that the existence of the GCSB could be disclosed on a limited basis, leading to the first briefings of the Cabinet and the Leader of the Opposition. These briefings only acknowledged the GCSB’s TECSEC and COMSEC functions, but not its SIGINT functions. Prime Minister Muldoon publicly acknowledged the existence of the GCSB and its SIGINT function in 1984.
In early 2000, it was decided that the GCSB should be placed on a statutory footing similar to that of the NZSIS and a legislative process, including public consultation, began.
Meanwhile, in 2001, the Centre for Critical Infrastructure Protection (CCIP) was established to work with the New Zealand Government and critical national infrastructure agencies to improve their awareness and understanding of cyber security in New Zealand, provide them with watch and warn advice in relation to cyber incidents, and investigate any such incidents that occurred against them.
On 2 April 2003, the GCSB Act took effect. In June 2003, Cabinet formalised the role of the GCSB as the national authority for signals intelligence and information systems security.
In 2010, the GCSB began advertising for geospatial and imagery foreign intelligence (GEOINT) analysts to join a new area of analytic discipline for the GCSB, complementing its SIGINT mission. The GEOINT area is closely aligned with similar units within the New Zealand Defence Force. In 2012, the NZDF became the national authority for geospatial intelligence and formed GEOINT NZ.
In June 2011, New Zealand’s Cyber Security Strategy was published and allocated responsibility for cyber security. As part of the NZCSS, a National Cyber Security Centre (NCSC) was established within the GCSB in September 2011, and absorbed the functions of the CCIP.