• United States



Samira Sarraf
Regional Editor for Australia and New Zealand

New Zealand amalgamates cyber agencies to align with Five Eyes partners

News Analysis
Sep 06, 20233 mins
CybercrimeSecuritySecurity Practices

CERT NZ and NCSC come together as New Zealand prepares to create a lead operational cybersecurity agency.

The amalgamation of New Zealand's Computer Emergency Response Team (CERT NZ) with the National Cyber Security Centre (NCSC)--which holds hosts the Government Chief Information Security Officer (GCISO) function--has started after it was first announced in July. In what is expected to be a first step to creating a lead operational cybersecurity agency, this is also a move to create a similar cybersecurity agency structure to those operated by other Five Eyes nations--Australia, the UK and Canada that have single agencies with a wide span of responsibilities and customers.

"Having a single agency to provide authoritative advice and respond to incidents across every threat level is international best practice," Minister for the Public Service Andrew Little said in a statement in July.

The amalgamation of both agencies is part of "a strong evolution and dealing with what is a clear threat," according to Alexander Gillespie, professor of Law at the University of Waikato. He explained that for New Zealand the threat of cybersecurity has become more prominent once the Russia-Ukraine war started. "And the international black hole of law has forced some countries to rethink [things] like there’s no international treaty on cybersecurity and cyber threats in the military way. There should be a treaty but there is not," he tells CSO.

Gillespie says that the amalgamation of these two key parties is New Zealand's response to the increasing cybersecurity threat. This may also facilitate better synchronisation with the Five Eyes nations. "The more that the agencies are interlinked, the better the cooperation will be between them," he adds.

Next steps for CERT NZ and NCSC

The first step towards creating a lead operational cybersecurity agency will see the transfer of CERT NZ operations and staff from the Ministry of Business, Innovation and Employment to the NCSC. Work to redesign a new integrated operating model that uses both agencies enhanced scale and capability to provide a stronger cybersecurity system and improved customer service for New Zealanders will begin "shortly," head of NCSC Lisa Fong said in a statement. But until that happens both agencies will remain providing their existing functions separately.

"While it will take significant time to complete the integration, we hope to find opportunities along the way to leverage the expertise of both CERT NZ and NCSC in the services we provide," CERT NZ director Rob Pope said in a statement.

Samira Sarraf
Regional Editor for Australia and New Zealand

With years of experience covering technology and business across the IT channel, Samira Sarraf then managed and wrote enterprise IT content for the, CSO Online, and Computerworld editions in Australia and New Zealand. She is now an editor with CSO Online global.

More from this author