Some customers of an internet provider will soon be involved in a new "next generation" cyber security programme being piloted by New Zealand's foreign intelligence agency.

Andrew Hampton, the new director of the Government Communications Security Bureau, has outlined further details about the new "malware free networks" pilot ahead of an official announcement of its launch.

He said it was a next generation cyber security programme that was a sister programme to the existing Cortex - a cyber shield designed to protect government agencies and other organisations, such as power companies, from particularly advanced cyber attacks.

What organisations are protected by Cortex is secret, but significant economic targets and vital network utilities are likely to be included.


The difference with the upcoming pilot was that the GCSB would only provide information about known malware threats to the internet service provider, which would then scan its own system.

"It takes the GCSB right out of the screening business. There will always be a role with some agencies for us to do that, but getting the ISP using the information we provide to do it themselves has some real benefits," Mr Hampton said.

"Whereas Cortex is a series of services which involve us essentially screening email traffic, this involves us providing information about threats...directly to an internet service provider, so they can screen a particular group of their customers directly."

The malware free networks pilot would cover only some of the ISP's customers, who would be aware of its existence. If it worked well, it could be extended to other internet companies.

The GCSB, often through information-sharing with its Five Eyes partners - the US, UK, Canada and Australia - knew of about 900 signatures of different threats, ranging from ransomware to denial of service attacks.

Mr Hampton cited an attack last year when hackers stole 5.6 million biometric identifiers from United States federal employees as an example of a more serious threat.

Cortex was focussed on "high end" and persistent attacks, that was normally "foreign sourced", Mr Hampton said. Some hackers were agents of foreign governments, but attribution was difficult.

"You may not know if it is a state or non-state actor who is behind a particular attack. You may have people who have worked in government who are now out by themselves as a hired gun.


"What we are finding is the entry point into the cyber attack world has reduced - more people can play in that high-end space than could even a short time ago."