NCSC/CCIP Incident Report Statistics
Joshua Grainger made this Official Information request to Government Communications Security Bureau
The request was partially successful.
From: Joshua Grainger
Dear Government Communications Security Bureau,
This is a request under the Official Information Act regarding your suborganization, the New Zealand National Cyber Security Center, and its predecessor, the Center for Critical Infrastructure Protection. I would like to request any statistics held by both organizations regarding the reporting of cybersecurity "incidents" to either organization. Can this include, but not be limited to:
* the amount of incidents reported
* the "type" of incident (eg DoS attack, virus infection, data theft)
* the suspected attacker or motivations of attacker
* the type of system effected
* the amount of incidents referred to another organization, such as the SIS or Police, and a breakdown by organization
* a breakdown of incidents per CNI sector or Government Department
If statistics are not readily held, can this information please be collated from records since the NCSC's foundation and for the last year of operation of the CCIP?
I look forward to receiving your reply by the deadline of the 15th of February.
Yours faithfully,
Joshua Grainger
From: FYI Requests
__________ Information from ESET NOD32 Antivirus, version of virus
signature database 6851 (20120202) __________
The message was checked by ESET NOD32 Antivirus.
[1]http://www.eset.com
--------------------------------------------------------------------------
The information contained in this e-mail message is intended for the
addressee(s) only and does not represent official GCSB policy unless
otherwise stated. If you are not the intended recipient you must not use,
disclose, copy or distribute this message or the information which it
contains. If you have received this message in error, please destroy it
and advise the GCSB Helpdesk ([2][email address]).
--------------------------------------------------------------------------
References
Visible links
1. http://www.eset.com/
2. mailto:[email address]
hide quoted sections
From: FYI Requests
Good afternoon Dr Grainger,
Please find attached a response to your Official Information Act request,
which I am sending on behalf of Hugh Wolfensohn.
Please confirm receipt of this email.
Regards,
Sarah
Sarah Manning
Executive Assistant to Deputy Directors
DDI - 04 463 1639
__________ Information from ESET NOD32 Antivirus, version of virus
signature database 7106 (20120503) __________
The message was checked by ESET NOD32 Antivirus.
[1]http://www.eset.com
--------------------------------------------------------------------------
The information contained in this e-mail message is intended for the
addressee(s) only and does not represent official GCSB policy unless
otherwise stated. If you are not the intended recipient you must not use,
disclose, copy or distribute this message or the information which it
contains. If you have received this message in error, please destroy it
and advise the GCSB Helpdesk ([2][email address]).
--------------------------------------------------------------------------
References
Visible links
1. http://www.eset.com/
2. mailto:[email address]
hide quoted sections
From: Joshua Grainger
Dear Sarah,
Yes: I have received your reply. Thank you very much for it.
Yours sincerely,
Joshua Grainger
From: FYI Requests
Good afternoon Dr Grainger,
Please find attached a letter from Hugh Wolfensohn, Deputy Director, in
relation to your Official Information Act complaint.
Please confirm receipt of this email.
Regards,
Sarah
Sarah Manning
Executive Assistant to Deputy Directors
DDI - 04 463 1639
__________ Information from ESET NOD32 Antivirus, version of virus
signature database 7310 (20120718) __________
The message was checked by ESET NOD32 Antivirus.
[1]http://www.eset.com
--------------------------------------------------------------------------
The information contained in this e-mail message is intended for the
addressee(s) only and does not represent official GCSB policy unless
otherwise stated. If you are not the intended recipient you must not use,
disclose, copy or distribute this message or the information which it
contains. If you have received this message in error, please destroy it
and advise the GCSB Helpdesk ([2][email address]).
--------------------------------------------------------------------------
References
Visible links
1. http://www.eset.com/
2. mailto:[email address]
hide quoted sections
From: Joshua Grainger
Dear Sarah,
This is just an email to confirm receipt of your email, as requested. Thank you very much for the additional information.
Yours sincerely,
Joshua Grainger
Joshua Grainger left an annotation ()
I've appealed this to the Ombudsmen again on the grounds that my particular query over '* the amount of incidents referred to another organization, such as
the SIS or Police, and a breakdown by organization' has not been answered.
The response from the GCSB simply states that they work with a number of agencies, without disclosing who they are or the number of incidents referred, and they have have referred no complaints to the Police.
Joshua Grainger left an annotation ()
I have received a reply from the Ombudsmen's Office clarifying my response:
"Your question asked for the number of incidents referred to another organisation. The GCSB does not refer incidents to any other organisations. It may advise affected parties that there are other organisations whom they may wish to contact such as the Police, the DIA (Anti-spam unit) or Netsafe. It does work with other organisations on classified investigations."
Things to do with this request
- Add an annotation (to help the requester or others)
- Download a zip file of all correspondence
Joshua Grainger left an annotation ()
This information was voluntarily released by the GCSB after a complaint to the Ombudsmen. However, as you can see, I didn't receive all of what I asked for, so I just sent the below follow up to the Ombudsmen:
I'm afraid the extra information I received from the GCSB doesn't resolve my complaint. This is because:
1) The numbers I received do not reveal the total number of incidents, as noted in note one, numbers have been held back for classified incidents. I believe the proper test for a national security decline of information is not simply that they are classified and that is the end of it, but rather that (according to the practise guidelines) it has to be shown that releasing the number of incidents "would be likely" to compromise national security.
2) I have not received an answer to my question of the amount of incidents referred to another organization, such as the SIS or Police.
3) On the form that is available on the website of the NCSC for reporting incidents is a section for "suspected motivations." I requested this and did not receive back any information.
4) Again, on the form is a section for the type of system effected (Unix, Windows, mainframe, etc) and I have not received any information about this.
As such, I would like to continue with my complaint.
Link to this