In cybersecurity terms, there's good news and bad news about the Ukraine crisis.
The good news: GCSB director-general Andrew Hampton says while Russia has coupled its battlefield invasion of Ukraine with a cyber offensive, its online assault has been less ferocious than anticipated and seems to have been confined to cyber-attacks on Ukrainian infrastructure.
The bad news: Hampton says a number of hacker gangs sympathetic to Russia have promised to attack countries that support Ukraine. Critical infrastructure could be targeted.
Other online criminals were less political, but could still try to exploit global disruption to carry out opportunistic ransomware attacks on NZ organisations, such as ransomware heists.
"Some cyber-crime groups have recently publicly pledged support for the Russian government," Hampton said in a speech to the Wairarapa Branch of the New Zealand Institute of International Affairs yesterday.
"These groups have threatened to conduct retaliation attacks for perceived cyber offensives against the Russian government," the spy boss said.
"Some have also threatened cyber operations against countries and organisations providing material support to Ukraine, while others have attacked Ukrainian websites, likely in support of the Russian military offensive."
But while the threat from Putin-supporting cyber gangs lingers, Russia itself has so far been measured in its online offensive.
"It could be assumed Russia is being mindful not to miscalculate and escalate on the global cyber-front beyond Ukraine, the same as it is on the battlefield," Hampton said.
"In equal measure the heightened cyber-defensive posture of other nations is almost certainly successfully warding off attacks."
Hampton said the GCSB formed a dedicated unit in February to deal with cyber threats arising from the Russian invasion. And he noted that New Zealand has recently attributed two cyber campaigns to "malicious, state-sponsored" hackers: one Russian (the compromise of the SolarWinds Orion software used to protect networks at large organisations around the world), the other Chinese (exploitation of a vulnerability in Microsoft Exchange).
But to date, the GCSB - which protects both Government agencies and "organisations of national significance such as key exporters - "has not seen a significant change in the cyber landscape associated with the conflict," Hampton said.
Budget 2022 included $14.3 million over four years for the GCSB to expand its cyber-defence capability, although NZRise co-founder Don Christie - who saw underspending on IT and infrastructure across the board - said it paled next to efforts across the Tasman, which saw an extra A$1.3 billion for cyber-defence in Australia's 2020 budget.
While the Ministry of Defence had scoped out a new ship costing up to $600m to patrol our ocean borders, "There's no equivalent of a patrol vessel being built for cybersecurity, which has far more far-reaching economic implications," Christie told the Herald.
Not all initiatives are dependent on funding boosts, however.
The GCSB recently expanded a programme that sees it sharing threat intelligence with large NZ companies.
And it continues to work with its offshore peers.
Hampton noted a recent advisory from the Five Eyes (the US, Canada, UK, Australia and NZ) that "warns Russian state-sponsored cyber actors have demonstrated capabilities to compromise IT networks; develop mechanisms to maintain long-term, persistent access to IT networks; exfiltrate sensitive data from IT and operational technology networks; and disrupt critical industrial control systems by deploying destructive malware."
Hampton added, "We don't just work with our international intelligence partners. Several weeks ago Microsoft reported the cyber component of Russia's assault on Ukraine had been 'destructive and relentless', and included at least six Russian advanced persistent threat actors carrying out attacks and espionage operations while Russian military forces attacked Ukraine by land, sea and air."
Microsoft also reported that groups aligned to Russian military intelligence (GRU) have unleashed cyber attacks on Ukrainian networks at a rate of two to three incidents a week," Hampton said.
And more broadly, the director-general noted that the Ukraine crisis has seen large amounts of intelligence shared in the public domain - the better to combat fake news.
"At President Biden's direction, the US government has taken unprecedented steps to declassify intelligence and use it publicly to pre-empt the false narratives and false flag operations that Russia has used so often in the past," Hampton said.
Such moves could never be taken lightly, the spy boss said, but "they reflect the need for new thinking and new tactics, in this new and demanding era of intelligence."