In his first official speech as minister responsible for the GCSB and NZSIS, Hon Andrew Little highlights progress in intelligence agency oversight and reform, and identifies terrorism – including Daesh activity in southern Philippines – and cyber attacks as key ongoing threats to national security.
Tēna koutou, tēna koutou, tēna koutou katoa.
Although this is my first official speech as the Minister with responsibility for the GSCB and NZSIS – this is not my first interaction with the topic.
When yo’re the Leader of the Opposition you receive regular briefings on intelligence matters relating to national security because of the statutory duty on the agencies to keep that office informed. This is critical to ensure a bipartisan approach to these important matters. As a result, I came to the role with a useful foundation of information and I have been quick to build on that.
That bi-partisanship illustrates the kind of country we are, New Zealand enjoys an enviable way of life and we have highly cherished values and ideals: open and democratic government; observance of the rule of law; freedom of the individual, including freedom to act collectively and freedom to dissent; freedom of information and freedom of trade across our borders. These things not only define our character as a nation; they also underpin our economic and social wellbeing.
Our connectedness to each other and the rest of the world, especially via the internet is a source of great opportunity, but it also brings threats. New Zealanders’ safety and prosperity benefit from having a strong and effective intelligence and security sector.
The role of good intelligence
The world is challenging and uncertain.
Strong, timely and robust intelligence and advice enables the Government to make informed decisions and set appropriate policy. This ensures New Zealanders are safe both here and abroad, and contributes to international relations and the economic wellbeing of the country.
New Zealand’s intelligence agencies collect, assess and report on the intelligence in accordance with priorities set by the Government and in line with New Zealand’s laws and its human rights obligations. They also provide protective services, such as cyber-security and physical and personal security advice.
To achieve these objectives, the GCSB and NZSIS must be focused on the core national interests they are there to serve, and they must be collaborative.
Enjoying this article? Consider a subscription to the print edition of Line of Defence.
In this respect, the agencies have come a long way since their recent reviews.
Just a few years ago it was apparent their organisational cultures were internally focused, defensive to external bodies, including to other parts of the government, and lacking in rigour in complying with some parts of their legal framework. It did not help that the oversight and accountability architecture around them was inadequate.
Democratic government requires openness and transparency. They are values which have been instilled in me from a young age and go to the heart of public trust and confidence. It is important that the government – both the elected representatives and government departments – conduct themselves with appropriate accountability. This poses a predictable challenge for security and intelligence agencies. Much of the effectiveness of their work depends on their information, their methods and their people not being exposed. But accountability and oversight is important even in this sector.
To maintain public confidence, as much as to maintain the social licence to function, we have to strike the balance very carefully when it comes to our security and intelligence agencies.
I expect both agencies to be as transparent as they can about the nature of the threats the country faces and their role in helping to manage these threats.
I would like to take this opportunity to acknowledge the steps both agencies have taken in recent years to be more open and transparent, and I encourage them to push ahead in this respect wherever possible.
It is a positive development that the heads of our agencies regularly communicate publicly about the issues facing those agencies.
But there is an obvious limit.
No one can expect our security and intelligence agencies to disclose operational details, targets of their work, methods deployed or the nature of their intelligence gathering.
We are entitled to – and should – look with great scepticism on those who make public demands for our agencies to pursue specific targets or to take particular actions against specified interests.
There is no credible public response to such calls.
What it is possible to say is that the total machinery around our services – whether Ministerial or Cabinet priority-setting, the agencies themselves and the oversight bodies, whether the Parliamentary committee or the Inspector-General – means we have services that are capable and responsive.
Our intelligence and security agencies seldom get to boast of their successes. Their failures risk being well-known.
The Intelligence and Security Act 2017
As well as being the Minister responsible for the NZSIS and the GCSB, I am also the Justice Minister. As such it would be no surprise that I have a particular focus on the law, and the way in which the law interacts with the everyday needs of New Zealand and New Zealanders.
It is an absolute bottom line that the agencies must act within the law at all times. The rule of law demands nothing less.
The NZSIS and the GCSB are now operating under a new single Act – the Intelligence and Security Act 2017. The Act provides that everything they do must be lawful, necessary, reasonable and proportionate.
Labour supported the new Act through the House as we recognised the need to ensure the agencies had a modern and appropriate legislative framework, which balances the need for operational effectiveness with improved transparency.
I am pleased that the new Act sets out the NZSIS and GCSB’s objectives and functions in a more transparent way. Importantly, the new Act also states far more clearly what the agencies can do under a warrant.
Work associated with the implementation of the Act is now largely complete.
Ministerial Policy Statements are a unique instrument under the Act – these are publicly available and add another layer of transparency designed to give the public understanding and reassurance about what the two agencies do and the standards of conduct they are expected to meet.
Oversight of the intelligence agencies
“Who watches the watchers” is an age-old question which has particular relevance here.
When it comes to the NZSIS and the GCSB high public trust in the system comes from having in place the right checks and balances and oversight of the agencies. I am certain that the measures in place today are far more rigorous than they were five or ten years ago.
The main, but not the only, independent oversight body is the Inspector-General of Intelligence and Security, and this role has been further strengthened in the new Act. The present Inspector-General, working under the new legislation and with a better resourced office, has proven the office to be robustly independent. This is vital for public confidence.
I am pleased with the strong compliance regimes the GCSB and NZSIS have developed. A key part of this is having meaningful engagement with the Inspector-General. Examples of this in action could be her oversight of new processes the agencies have developed, or working to ensure their compliance framework is effective.
Achieving sound compliance systems and processes is critical to maintaining public trust and confidence.
I was pleased to note that the Inspector-General found both the GCSB and the NZIS have compliant systems and processes in her Annual Report.
The threats New Zealand faces
I’d like to finish by touching on the national security threatscape, focusing particularly on counter-terrorism and cyber threats. I raise these examples partly to highlight the work the NZSIS and GCSB do, but also as these are two threats that for me are front of mind.
The threat of terrorism remains a reality today. The continued instability in Syria and other parts of the Middle East is still a cause of threats worldwide, especially as radical extremist messages are easy to propagate through social media. Those messages now easily reach into otherwise benign communities like New Zealand.
We are not immune to the possibility of extremist action here.
Countering the threat of terrorism remains a significant focus for the NZSIS (with the GCSB’s assistance where required).
At any one time there are between 30 and 40 people on NZSIS’s counter-terrorism risk register. These individuals are assessed to represent a potential threat to New Zealand related to terrorism.
Internationally, the number of individuals travelling to support Daesh in the Middle East conflict zone is believed to have decreased significantly.
It is possible foreign terrorist fighters in Iraq and Syria may seek to leave, either returning to their country of origin or to other countries.
Events last year in the southern Philippines city of Marawi gave raise to concerns of Daesh strengthening its footprint in South East Asia. This is a concern that the Government is aware of and something we are keeping an eye on.
Cyber threat scape
In terms of cyber threats, the GCSB noted a 15 per cent increase in serious incidents affecting New Zealand in the year to June 2017.
Incredibly nearly a third of these had indicators of connection to foreign intelligence agencies.
New Zealand organisations were subject to both direct and indirect threats, and New Zealand infrastructure is being used as staging points by threat actors to target systems in other countries.
Motivation varies from espionage to revenue generation and seeking to secure political outcomes.
In February, the Government added New Zealand’s voice to the international condemnation of the NotPetya cyber-attack which international partners have now attributed to the Russian Government. It targeted Ukraine but had a global impact – including affecting supply chains in New Zealand. In December New Zealand also expressed concern about international reports which link North Korea to the major WannaCry ransomware campaign.
While New Zealand was not significantly impacted by NotPetya or WannaCry, we are not immune from this type of threat, which is why New Zealand called out these instances of reckless and malicious cyber activity.
A key means through which the GCSB helps protect New Zealand organisations of national significance from these threats is the CORTEX malware detection and disruption programme.
An independent review assessed that in the 12 months to June 2017, CORTEX led to the avoidance of $40 million of harm to public and private sector organisations.
The Government has recently considered how best to extend CORTEX services beyond the current 66 nationally significant public and private sector organisations who receive them.
I will have more to say publicly in this space in the coming weeks.
In closing, thank you for the opportunity to speak this morning. You have a fantastic line up of speakers and I have no doubts that you will find the next two days incredibly engaging.