Download original attachment
(PDF file)
This is an HTML version of an attachment to the Official Information request 'Cyber security briefings'.

under the Official Information Act 1982
Released 

under the Official Information Act 1982
Released 

under the Official Information Act 1982
Released 

under the Official Information Act 1982
Released 

under the Official Information Act 1982
Released 

under the Official Information Act 1982
Released 

under the Official Information Act 1982
Released 

under the Official Information Act 1982
Released 

under the Official Information Act 1982
Released 

under the Official Information Act 1982
Released 

under the Official Information Act 1982
Released 

under the Official Information Act 1982
Released 

under the Official Information Act 1982
Released 

under the Official Information Act 1982
Released 
s6(a)
under the Official Information Act 1982
Released 
s6(a)
under the Official Information Act 1982
Released 

under the Official Information Act 1982
Released 
IN CONFIDENCE 
Projects funded under the strategy to date 
8.  The  following  items  have  been  funded  from  the  Cyber  Security  Strategy  appropriation  in 
2020/21.  Lead agencies are listed in brackets. 
 
Project 
Cost NZD 
(year to date Mar 21) 
Trade Smart campaign contribution (CERT NZ) 
200,000 
Women in Cyber international workshop contribution 
42,000 
(MFAT) 
GPAI Secretariat contribution (DPMC) 
85,390 
Salaries and other operating costs (DPMC) 
513,714 
Total 
841,104 
9.  The salaries currently funded under the appropriation are: 
a.  Cyber Coordinator / Prime Minister’s Special Representative on Cyber and Digital 1.0 FTE 
b.  Principal Advisor (to deliver Budapest Convention) 1 0 FTE 
c.  Principal Advisor (cyber security workforce) 0.4 FTE 
d.  Senior Advisor (programme and project expertise) 1.0 FTE 
 
Planned projects for 2020/21 and 2021/22 
10. The  following  items  are  projected  to  be  funded  from  the  appropriation  in  2020/21  and 
2021/2022.  Lead agencies are listed in brackets.  
 
Proposed project 
Estimated Cost NZD 
s9(2)(f)(iv)
under the Official Information Act 1982
Released 
DPMC: 4372098 
Page 2 of 3 
IN CONFIDENCE 

under the Official Information Act 1982
Released 




RESTRICTED 
____________
Document 4
BRIEFING 
5G Security: Introduction 
Date: 
25 November 2020 
Priority: 
Low 
Security 
classification:  Restricted 
Tracking 
number: 
2021-1429 
Action sought 
Action sought 
Deadline 
Hon Andrew Little 
Note the contents of this briefing.  No deadline 
Minister Responsible for the GCSB 
Hon Nanaia Mahuta 
Note the contents of this briefing.  No deadline 
Minister of Foreign Affairs 
Hon Damien O’Connor 
Note the contents of this briefing.  No deadline 
Minister for Trade and Export 
Growth 
Hon Dr David Clark 
Note the contents of this briefing.  No deadline 
Minister for the Digital Economy and 
Communications  
Name 
Position 
Telephone 
S9(2)(a)
James Hartley 
General Manager, Commerce, Consumers and 
Communications, MBIE 
Sophie Vickers 
Manager, NCPO, DPMC 
Cecile Hillyer 
Divisional Manager, International Security and 
Disarmament Division, MFAT 
Andrew Hampton 
Director-General of the GCSB 
Released under the Official Information Act 1982
The following departments/agencies have been consulted (if required) 
Minister’s office to complete: 
 Approved 
 Declined 
 Noted 
 Needs change 
 Seen 
 Overtaken by Events 
 See Minister’s Notes 
 Withdrawn 

____________
Released under the Official Information Act 1982
____________
RESTRICTED 
____________
Recommended action 
The Ministry of Business, Innovation and Employment, the Department of the Prime Minister and 
Cabinet, the GCSB and the Ministry of Foreign Affairs and Trade recommend that you: 
a  Note the contents of this briefing. 
Noted 
S9(2)(a)
James Hartley 
Hon Andrew Little 
General Manager, Commerce, Consumers and 
Minister Responsible for the GCSB 
Communications 
Ministry of Business, Innovation and 
..... / ...... / ...... 
Employment 
25 November 2020 
S9(2)(a)
Andrew Hampton  
Hon Nanaia Mahuta 
Director-General of the GCSB 
Minister of Foreign Affairs 
25/11/2020 
..... / ...... / ...... 
S9(2)(a)
Tony Lynch  
Hon Damien O’Connor 
Deputy Chief Executive, National Security Group  Minister for Trade and Export Growth 
Department of the Prime Minister and Cabinet 
.... / ...... / ..... 
..... / ...... / ...... 
S9(2)(a)
Ben King 
Hon Dr David Clark  
For Secretary of Foreign Affairs and Trade 
Minister for the Digital Economy and 
Communications 
Released under the Official Information Act 1982
.... / ...... / ...... 
..... / ...... / ...... 
2021-1429
____________
 
RESTRICTED 





RESTRICTED 
____________
Introductory Briefing on 5G 
Security 
Briefing prepared for the Minister Responsible for 
the GCSB, Minister of Foreign Affairs, Minister of 
Trade and Export Growth and the Minister for the 
Digital Economy and Communications 
Released under the Official Information Act 1982
November 2020 
2021-1429
____________
 
RESTRICTED 

RESTRICTED 
____________
Purpose 
S6(a)
 
1.
 
2.
5G in context 
What is 5G and why is it different to previous networks? 
3.
5G is the next generation of mobile (wireless) technology. It will deliver faster mobile connections
and data processing, better coverage, significantly increased capacity, and reductions in the delay
between devices responding to each other over the wireless network (referred to as ‘low latency’).
4.
While previous generations of wireless technology have largely focused on data and voice services,
5G represents a fundamental shift in how mobile technology is used. Access to massive amounts of
data at significantly faster speeds will have numerous practical applications which are expected to lift
productivity, enhance individuals’ lives, and improve environmental quality.
5.
5G will enable further advances in artificial intelligence (AI) technology for a broad array of new
business processes and applications and underpin the so-cal ed ‘Internet of Things’ (IoT).1 It will
provide for applications such as enhanced augmented and virtual reality, autonomous vehicles, and
remote surgical operations.
6.
5G will enable a diverse range of applications in part due to changes to the technological architecture
of telecommunications networks. With previous mobile networks, the ‘core’ functions (i.e. where
data is sorted and processed) and the ‘edge’ (i.e. the cellular radio functions) of the network have
been largely separate. With 5G, these are effectively combined, with more processing functions at
the ‘edge’ of the network, closer to the connected mobile devices.
New Zealand’s roll out of 5G 
7.
As New Zealand’s mobile market is primarily private sector-led, commercial decisions will affect the
time it takes for the full range of 5G deployment cases to be realised. In New Zealand, Spark and
Vodafone have commenced the rol  out of their 5G networks in some regional towns (fixed wireless)
and urban centres (mobile services) and 2degrees has announced it wil  commence the rol  out of 5G
in 2021. While 5G roll out will be led by the commercial sector, the Government has an interest in
this technology due to the critical function it will play across the economy and society.
Released under the Official Information Act 1982
1 Internet of Things refers to the network of devices and objects that are embedded with sensors, software and other technologies for 
the purpose of connecting and exchanging data with other devices and systems over the internet. 
2021-1429
____________
 
RESTRICTED 

RESTRICTED 
____________
5G security 
5G and new security risks 
 
8.
As with previous mobile generations, 5G presents security risks. However, the risks 5G presents are 
not limited to just the configuration of the network, but also include the range and scale of 
interactions that 5G wil  enable. 
S6(a)
S6(a)
 
9.
S6(a)
S6(a)
 
10.
S6(a)
 
11.
New Zealand’s approach to 5G security risk 
Released under the Official Information Act 1982
12.
The New Zealand Government has a range of legislative, policy and other programmes that
contribute to mitigating and managing the risk associated with communications infrastructure,
including 5G.
2021-1429
____________
 
RESTRICTED 

RESTRICTED 
____________
Addressing network security through the Telecommunications (Interception 
Capability and Security) Act 2013 
 
13.
Since 2014, New Zealand has managed its public telecommunication network security (including 5G) 
through the Telecommunications (Interception Capability and Security) Act 2013 (TICSA). 
14.
The purpose of Part 3 of TICSA is to prevent, sufficiently mitigate, or remove security risks arising
from the design, build, or operation of public telecommunications networks, and from the
interconnections of public telecommunications networks in New Zealand, or to networks overseas.
MBIE is responsible for administering TICSA and associated policy. GCSB operationalises the network
security provision of TICSA.
15.
Under TICSA, network operators are required to notify the GCSB of planned changes to their
networks within certain areas of specified security interest (notifiable changes could include the
acquisition of equipment or services, changes to network architecture or changes in ownership or
control). The GCSB assesses each notification for potential network security risk on a case-by-case
basis (i.e. there are no ‘bans’ – TICSA is vendor and country agnostic). Only factors that impact on
network security can be taken into account in these assessments.
16.
If a network operator’s proposal raises a significant network security risk, and the network operator
is unable to prevent or sufficiently mitigate this risk, the Director-General of the GCSB may refer the
matter to the Minister Responsible for the GCSB for a direction to prevent, reduce or mitigate the
identified network security risk.
17.
TICSA sets out a process for the Minister to make a direction that requires consideration of a range of
factors in addition to network security, including the potential consequences of the direction on
competition and innovation in the telecommunications market and the potential impact on the
direction of trade. This process also includes consultation with the Minister for Communications
(now the Digital Economy and Communications portfolio) and the Minister of Trade.
18.
The majority of notifications raise minimal or no network security risk
S6(a)
S6(a)
 
19.
S6(a)
S6(a)
 
20.
S6(a)
Released under the Official Information Act 1982
2021-1429
____________
 
RESTRICTED 

RESTRICTED 
____________
S6(a)
 
36.
 
37.
 
38.
S6(a)
 
39.
S6(a)
 
40.
Portfolio responsibilities 
41.
Telecommunications network security issues sits across several portfolios:
• Digital Economy and Communications
• Foreign Affairs
• Trade
• GCSB
• National Security and Intel igence.
42.
The Minister for the Digital Economy and Communications has responsibility for administering TICSA.
43.
The Minister Responsible for the GCSB has decision making responsibilities under TICSA related to
Released under the Official Information Act 1982
network security. In making those decisions the Minister Responsible for the GCSB is required to take
into account factors relating to the Digital Economy and Communications and the Trade portfolios.
S6(a)
 
44.
S6(a)
2021-1429
____________
 
RESTRICTED 

RESTRICTED 
____________
S6(a)
 
45.
S6(a)
 
46.
Released under the Official Information Act 1982
2021-1429
____________
 
RESTRICTED 
10 

under the Official Information Act 1982
Released 

under the Official Information Act 1982
Released 

under the Official Information Act 1982
Released 

under the Official Information Act 1982
Released 

under the Official Information Act 1982
Released 

under the Official Information Act 1982
Released 

under the Official Information Act 1982
Released 

under the Official Information Act 1982
Released 

under the Official Information Act 1982
Released 

under the Official Information Act 1982
Released 

under the Official Information Act 1982
Released 

under the Official Information Act 1982
Released 

Document Outline