NCSC/CCIP Incident Report Statistics

Joshua Grainger made this Official Information request to Government Communications Security Bureau

The request was partially successful.

From: Joshua Grainger

Dear Government Communications Security Bureau,

This is a request under the Official Information Act regarding your suborganization, the New Zealand National Cyber Security Center, and its predecessor, the Center for Critical Infrastructure Protection. I would like to request any statistics held by both organizations regarding the reporting of cybersecurity "incidents" to either organization. Can this include, but not be limited to:
* the amount of incidents reported
* the "type" of incident (eg DoS attack, virus infection, data theft)
* the suspected attacker or motivations of attacker
* the type of system effected
* the amount of incidents referred to another organization, such as the SIS or Police, and a breakdown by organization
* a breakdown of incidents per CNI sector or Government Department

If statistics are not readily held, can this information please be collated from records since the NCSC's foundation and for the last year of operation of the CCIP?

I look forward to receiving your reply by the deadline of the 15th of February.

Yours faithfully,

Joshua Grainger

Link to this

From: FYI Requests


Attachment OIA JOSHUA GRAINGER.pdf
609K Download View as HTML


__________ Information from ESET NOD32 Antivirus, version of virus
signature database 6851 (20120202)

show quoted sections

Link to this

From: FYI Requests


Attachment Grainger Complaint response to Complainant May 12.docx
63K Download View as HTML


Good afternoon Dr Grainger,

 

Please find attached a response to your Official Information Act request,
which I am sending on behalf of Hugh Wolfensohn.

 

Please confirm receipt of this email.

 

Regards,

Sarah

 

Sarah Manning

Executive Assistant to Deputy Directors

DDI - 04 463 1639

 

__________ Information from ESET NOD32 Antivirus, version of virus
signature database 7106 (20120503)

show quoted sections

Link to this

From: Joshua Grainger

Dear Sarah,

Yes: I have received your reply. Thank you very much for it.

Yours sincerely,

Joshua Grainger

Link to this

Joshua Grainger left an annotation ()

This information was voluntarily released by the GCSB after a complaint to the Ombudsmen. However, as you can see, I didn't receive all of what I asked for, so I just sent the below follow up to the Ombudsmen:

I'm afraid the extra information I received from the GCSB doesn't resolve my complaint. This is because:

1) The numbers I received do not reveal the total number of incidents, as noted in note one, numbers have been held back for classified incidents. I believe the proper test for a national security decline of information is not simply that they are classified and that is the end of it, but rather that (according to the practise guidelines) it has to be shown that releasing the number of incidents "would be likely" to compromise national security.

2) I have not received an answer to my question of the amount of incidents referred to another organization, such as the SIS or Police.

3) On the form that is available on the website of the NCSC for reporting incidents is a section for "suspected motivations." I requested this and did not receive back any information.

4) Again, on the form is a section for the type of system effected (Unix, Windows, mainframe, etc) and I have not received any information about this.

As such, I would like to continue with my complaint.

Link to this

From: FYI Requests


Attachment Letter to Dr GRAINGER re OIA Complaint 19.07.12.pdf
786K Download View as HTML


Good afternoon Dr Grainger,

 

Please find attached a letter from Hugh Wolfensohn, Deputy Director, in
relation to your Official Information Act complaint.

 

Please confirm receipt of this email.

 

Regards,

Sarah

 

Sarah Manning

Executive Assistant to Deputy Directors

DDI - 04 463 1639

 

__________ Information from ESET NOD32 Antivirus, version of virus
signature database 7310 (20120718)

show quoted sections

Link to this

From: Joshua Grainger

Dear Sarah,

This is just an email to confirm receipt of your email, as requested. Thank you very much for the additional information.

Yours sincerely,

Joshua Grainger

Link to this

Joshua Grainger left an annotation ()

I've appealed this to the Ombudsmen again on the grounds that my particular query over '* the amount of incidents referred to another organization, such as
the SIS or Police, and a breakdown by organization' has not been answered.

The response from the GCSB simply states that they work with a number of agencies, without disclosing who they are or the number of incidents referred, and they have have referred no complaints to the Police.

Link to this

Joshua Grainger left an annotation ()

I have received a reply from the Ombudsmen's Office clarifying my response:

"Your question asked for the number of incidents referred to another organisation. The GCSB does not refer incidents to any other organisations. It may advise affected parties that there are other organisations whom they may wish to contact such as the Police, the DIA (Anti-spam unit) or Netsafe. It does work with other organisations on classified investigations."

Link to this

Things to do with this request

Anyone:
Government Communications Security Bureau only: