NCSC’s advanced cyber threat protection saves organisations millions

The National Cyber Security Centre (NCSC) has estimated the advanced cyber defensive capabilities and services it provides to a range of New Zealand’s nationally significant organisations have provided benefits worth about $40m in the 12 months to June 2017.

However it notes that these services are provided to only “a small subset of our nationally significant organisations.”

Its advanced cyber defensive capabilities, known as Cortex, have been developed over three years, specifically to protect nationally significant organisations against advanced malware. Cortex has a particular focus on countering technically sophisticated foreign-sourced malware that is adequately mitigated by commercially available tools.

The names of the organisations protected are not divulged but the Cortex FAQs say: “Some are public sector organisations and some are businesses. The organisations include government departments, key economic generators, niche exporters, research institutions, and operators of critical national infrastructure.”

NCSC says, in its Unclassified Cyber Threat Report for 2016/17 that it passed a milestone in June 2017 by completing Cortex after three years of intensive development.

“Deploying the NCSC’s capabilities to consenting organisations has taken considerable resource and effort. However, as this report will outline, the variety and seriousness of cyber threats from state-sponsored and other malicious actors continues to evolve and the NCSC will continue to adapt to meet them,” NCSC says.

The report saysit was difficult to assess the financial benefits from Cortex but “an independent ‘cost avoidance’ model developed at the NCSC’s request estimated that [Cortex] capabilities resulted in a benefit dividend to a subset of nationally significant organisations of nearly $40m in the 12 months to 30 June 2017.”

The NCSC is an operational branch of the Government Communications Security Bureau (GCSB) that provides a range of advanced malware detection and disruption services to consenting nationally significant organisations. It also produces threat prevention and mitigation advice, provides incident response capabilities and acts as a point of contact for organisations that are victims of cyber incidents.

The report says Cortex uses threat information from a range of sources, including New Zealand’s ‘Five Eyes’ partners, to detect and disrupt malware.

Cortex, it says, “Operates with the explicit consent of the organisations that are protected, and [is] subject to independent oversight from the Inspector-General of Intelligence and Security.”

NCSC says the research to estimate saving focussed on a specific part of the advanced cyber threat problem, ”the impacts of advanced, mostly foreign-sourced, often state-sponsored cyber threats targeting the information assets of nationally significant organisations.”

“The threats in scope were of the type the organisations receiving cyber threat detection and disruption protection were unlikely to be able to stop or detect themselves using commercially available tools. … The types of harm considered were theft of intellectual property, copyright and patent infringement and espionage.”

NCSC says that in the year to June 217 it found 122 incidents with “indicators that had been linked to state-sponsored computer network exploitation groups.”