NCSC Implements Key Improvements Following IPAC Review of Cyber Threats

NCSC Implements Key Improvements Following IPAC Review of Cyber Threats

/in

Cyble-Blogs-NCSC

Overview

The New Zealand’s Government Communications Security Bureau (GCSB), through its National Cyber Security Centre (NCSC), has implemented a series of measures to strengthen the country’s defenses against malicious cyber activity.

This follows a thorough review of practices concerning cyberattacks targeting members of the Inter-Parliamentary Alliance on China (IPAC), an organization committed to addressing the growing influence of China’s policies on global security and governance.

The review was initiated in May 2024 by Lisa Fong, the Deputy Director-General of Cyber Security at GCSB. Fong recognized a need for improvement after concerns arose over how the NCSC responded to a cyber incident involving IPAC members. These concerns were particularly focused on the NCSC’s handling of reports related to state-sponsored cyber activities and the broader implications of such incidents on national security.

IPAC members, who represent a coalition of lawmakers across various countries, were targeted in a large-scale cyberattack by APT31, a Chinese state-sponsored hacker group. The attack included over 1,000 emails sent to more than 400 IPAC-associated accounts, compromising the sensitive communications of numerous politicians. Despite the seriousness of the attack, many victims were not informed of the breach by their respective governments, prompting an outcry from international lawmakers.

To address these concerns and strengthen the NCSC’s cybersecurity protocols, a thorough review of the NCSC’s procedures was carried out, culminating in a report published in July 2024. The review focused on the NCSC’s handling of the cyberattack, assessing both the technical response and the broader implications for security and intelligence management.

Key Findings and Recommendations

The review highlighted several areas where the NCSC could improve its procedures. While the NCSC did not identify any successful compromises of classified information, it did detect numerous phishing attempts targeting the parliamentary email addresses of IPAC members. The review’s key recommendations included the following:

  1. Broader Consideration of Implications: The NCSC needed to expand its focus beyond the technical response to cyber incidents. It was recommended that the NCSC develop a more comprehensive approach, one that not only addresses immediate technical threats but also considers the wider geopolitical and societal impacts of cyberattacks.

  2. Enhanced Engagement with Targeted Individuals: The review called for greater engagement with individuals who had been targeted by foreign state-sponsored actors. This recommendation emphasized the need for a more proactive communication strategy to ensure that those affected by cyber threats are informed in a timely manner.

  3. Improved Briefing Procedures: The review also stressed the importance of enhancing the NCSC’s process for briefing the Minister Responsible for the GCSB and their office. Effective communication at all levels of government was seen as crucial for a coordinated and quick response to cyber threats.

  4. Public Guidance for High-Profile Individuals: As part of the review’s fourth recommendation, the NCSC developed and published new guidance on its website for New Zealanders considered “high-profile individuals.” This initiative was designed to offer advice on how to protect against cyberattacks, particularly for those in sensitive roles who might be more likely to become targets.

NCSC’s Response and Implementation

Following the review, the NCSC wasted no time in implementing the recommended changes. Lisa Fong confirmed that all identified improvements had been quickly actioned. “I’m pleased to confirm that we have put in place measures to address all recommendations outlined in the initial review,” said Fong in a statement.

The NCSC took several steps to strengthen its internal processes. These included updating procedures to ensure better alignment with international best practices, particularly in managing incidents involving foreign state-sponsored cyber activity. New internal guidance and standards were also established for NCSC staff to ensure that similar concerns do not arise in the future.

Ms. Fong further explained that while these improvements completed the review’s immediate actions, the NCSC remained committed to continuously enhancing its cybersecurity practices. “We are committed to identifying opportunities for improvement in our practices and procedures and implementing these where we have the ability to do so,” she said.

International Reactions to the Attack

The attack on IPAC members was not an isolated incident but part of a broader pattern of state-sponsored cyber activities targeting global political figures and institutions. Following the attack, several countries with IPAC members took important steps to address the breach and secure their own digital infrastructures.

Canada was one of the countries most affected by the attack, with 18 parliamentarians targeted, including prominent figures such as Garnett Genuis MP and John McKay MP. In response, these members issued a joint statement demanding an explanation as to why they were not notified about the cyberattack sooner. Public debates, including a call for a privileged debate in the House of Commons, highlighted the urgency of addressing these security lapses.

In Belgium, lawmakers, including Representative Els van Hoof and former Prime Minister Guy Verhofstadt, were targeted. These individuals, along with others, rallied political leaders to pursue legal action, pushing for both a parliamentary inquiry and potential criminal proceedings against those responsible.

Meanwhile, in New Zealand, former IPAC co-chairs Simon O’Connor and Louisa Wall, along with other targeted figures such as academic Anne-Marie Brady, pressed the government to ensure that MPs would be informed of similar threats in the future. In response to these concerns, the GCSB initiated a public inquiry, promising to provide further assurances to the affected individuals.

Elsewhere, countries such as France, Germany, and Italy saw similar reactions from their political leaders, who demanded accountability from their respective security agencies and called for international sanctions against APT31. These coordinated international efforts reflect the growing recognition of the threat posed by foreign state-sponsored cyberattacks on democratic institutions.

Broader Cybersecurity Context

The NCSC’s actions come at a time of heightened global concern about the security of democratic institutions and their susceptibility to cyber threats. State-sponsored actors, particularly those associated with China, have increasingly targeted foreign governments, institutions, and political figures to advance geopolitical objectives. The focus on IPAC members is part of a larger trend of foreign interference in democratic processes through digital means, including espionage and disinformation campaigns.

To counter this growing threat, New Zealand’s NCSC has worked closely with international partners such as the National Cyber Security Centre (NCSC) in the United Kingdom and the Government Communications Security Bureau (GCSB) in New Zealand. These agencies have exchanged information and best practices to strengthen cyber defenses against these cyber threats.

Moreover, the NCSC is actively collaborating with the IPAC to enhance global cybersecurity cooperation, ensuring that targeted individuals and organizations receive timely and accurate information about potential threats. This international collaboration is essential to developing a unified, effective approach to defending against state-sponsored cyberattacks.

Conclusion

The review and subsequent improvements undertaken by the NCSC represent a significant step in enhancing New Zealand’s cybersecurity posture, particularly concerning foreign state-sponsored cyber activity. By acting swiftly on the recommendations of the IPAC review, the NCSC has not only addressed specific concerns raised by the targeted individuals but also ensured that its processes and practices are better aligned with international standards for cybersecurity.

As cyber threats continue to evolve, New Zealand’s commitment to continuous improvement and proactive engagement with global partners like the GCSB, NCSC, and IPAC will be an important factor in protecting the nation’s cybersecurity infrastructure and the integrity of its political institutions. As Lisa Fong emphasized, this is not the end of the journey but a part of the ongoing effort to protect New Zealand from emerging cyber risks.

References:

The post NCSC Implements Key Improvements Following IPAC Review of Cyber Threats appeared first on Cyble.

Blog – Cyble – ​Read More