Ō mātou hoa patui Our partners

The world of cyber security is fast-moving and complex. The more our personal, work and business lives are conducted online, the more opportunities are created for cyber attacks. Boosting New Zealand’s cyber resilience requires a collaborative, multi-pronged approach. A number of agencies make up New Zealand’s cyber security eco-system.

CERT NZ’s functions have been integrated into the National Cyber Security Centre (NCSC) which sits within the Government Communications Security Bureau (GCSB).

New Zealand National Cyber Security Centre (NCSC)

logo of National Cyber Security Centre

In addition to the CERT functions, NCSC has a role protecting New Zealand’s nationally significant organisations from cyber security threats. We focus on providing specialist information security advice and support to these organisations. This includes:

  • government departments
  • key economic generators
  • niche exporters
  • research institutions, and
  • operators of critical national infrastructure.

NCSC helps these organisations protect their networks from the type of threats that are typically beyond the capability of commercially available tools. They also help protect them from any threats that could impact the effective functioning of government administration or key economic sectors.

With CERT NZ now part of NCSC, the combined agency can now work in close cooperation with other agencies to protect New Zealand from advanced cyber threats. This includes cyber threat reporting, and a coordination role in threat response, including leading the response to significant cyber events — particularly those which may impact on national security, and our nationally significant systems and information.

The functions of the NCSC and the GCSB form part of New Zealand’s Cyber Security Strategy 2019.

New Zealand National Cyber Security Centre External Link

NCSC works in partnership with the following government agencies and organisations to respond to cyber security threats in New Zealand.

Department of Internal Affairs (DIA)

Department of Internal Affairs logo with a crown crest graphic and the words Te Tari Taiwhenua Internal Affairs

DIA investigates complaints about spam in New Zealand, and is responsible for enforcing the Unsolicited Electronic Messages Act 2007. The Act:

  • sets requirements that encourage good marketing practices,
  • prohibits sending unsolicited messages of a commercial nature (‘spam’),
  • sets out the requirements for commercial electronic messages that businesses must meet,
  • prohibits the use of software to harvest email addresses and create address lists for sending spam, and
  • works as a deterrent against the use of spam.

CERT NZ refers any reports of spam directly to the Electronic Messaging Compliance Unit at DIA. The unit investigates and takes action against any organisation, business or individual who breaches the Act. DIA also:

  • promotes education and awareness of the Act,
  • provides information to businesses on how to comply with the legislation,
  • tracks emerging technologies and spam threats,
  • reports on, and provide warnings about, current scams in NZ, and
  • works with international agencies to tackle spam.

Anti-spam at DIA External Link

Unsolicited Electronic Messages Act 2007 External Link

DIA’s Censorship Compliance Unit (CCU) team investigates and prosecutes offences against the Film, Videos, and Publications Classification Act 1993. The Act makes it an offence to possess or trade in objectionable publications. CCU’s focus is on material depicting the sexual abuse or exploitation of children.

CERT NZ redirects any reports of objectionable material online directly to the CCU team for investigation.

The Censorship Compliance Unit (CCU) External Link

Film, Videos, and Publications Classification Act 1993 External Link

Film, Videos, and Publications Classification Amendment Act 2005 External Link

National Cyber Policy Office (NCPO)

The National Cyber Policy Office (NCPO) leads the development of cyber security policy advice for the New Zealand government.

In partnership with the private sector and government agencies, NCPO provides advice on the strategic direction for addressing cyber security. They’re responsible for providing advice on investment in cyber security initiatives, including CERT NZ.

NCPO also has a coordinating role. They make sure that the operational and policy agencies responsible for cyber security initiatives work together to respond to issues and ensure that these agencies focus their activities on the government’s desired outcomes. They oversee the development, implementation and review of New Zealand’s Cyber Security Strategy 2019, and assesses the progress of the Strategy’s Action Plan.

NCPO works closely with the Ministry of Foreign Affairs and Trade (MFAT) to lead engagement on cyber security policy internationally.

NCPO is part of the Department of Prime Minister and Cabinet.

National Cyber Policy Office External Link

New Zealand’s Cyber Security Strategy 2019 External Link

Netsafe

Netsafe is an independent, non-profit New Zealand organisation focused on online safety. 

To achieve this, Netsafe:

  • operates a free and confidential helpline that’s available seven days a week,
  • provides education, guidance and incident management advice to individuals, schools, community organisations and businesses, and
  • collaborates with government, non-government and industry, both locally and internationally.

Netsafe investigates complaints of online bullying, abuse and harassment under the Harmful Digital Communications Act 2015. The Act provides quick and efficient ways for people to get help if they’re experiencing serious or repeated harmful digital communications. This includes:

  • sending or publishing threatening or offensive material,
  • spreading damaging rumours,
  • sending or publishing sensitive personal information such as embarrassing photos and videos, and
  • any other form of harassment online.

Netsafe can provide advice on what to do and may contact the person responsible for the harassment to get them to stop. If Netsafe can’t resolve an issue, the District Court may be able to help.

Complaints made to CERT NZ about online abuse or harassment are redirected to Netsafe for investigation. Netsafe may also refer any relevant reports to other organisations for further investigation.

Netsafe External Link

Harmful Digital Communications Act 2015 External Link

New Zealand Police

New Zealand Police logo

New Zealand Police works to prevent, investigate and prosecute crime within our communities. 

The Cybercrime Unit within Police focuses on:

  • malware,
  • account compromises,
  • computer system attacks, and
  • criminal networks online.

CERT NZ takes reports of these types of cybercrimes. In cases where a criminal offence has been committed, CERT NZ will – with the consent of the person reporting – pass the details of the report to the Cybercrime Unit for assessment. Where appropriate, Police will investigate a report and act against an offender when an offence has been identified.

Police also has a separate team working to protect children from online child abuse, known as the Online Child Exploitation Across New Zealand (OCEANZ) team. CERT NZ redirects any reports of online child abuse directly to the OCEANZ team for assessment and, where appropriate, further investigation.

New Zealand Police External Link

OCEANZ External Link