Returning foreign fighters remains a concern for the SIS and number of people on its counter-terrorism risk register remains at between 30 and 40 people, SIS director Rebecca Kitteridge told the Intelligence and Security Committee at Parliament tonight.

The number fluctuated a little but has basically stayed within the 30 to 40 number, although some moved off and new ones moved on to the register, the Security Intelligence Service director said.

"Sometimes those people are more serious and sometimes they are less but it has basically remained reasonably steady over time.

"Some of them grow up and get married and you know, settle down, and other ones arrive – I don't mean they arrive from elsewhere – they emerge and then we are on to new ones."


Kitteridge appeared before the committee, chaired by Prime Minister Jacinda Ardern, along with the director of Government Communications Security Bureau, Andrew Hampton.

After the hearing in public – to discuss their respective annual reports which have not yet been made public - the MPs on the committee adjourned to a secure room in the Beehive to hear a briefing in closed session.

Kitteridge said that despite the diminishing extent of Isil's caliphate in Syria and Iraq," the counter-terrorism environment in New Zealand is still dominated by the influence of Isil messaging.

"Foreign fighters taking part in, or returning from any sort of conflict zone are a concern for many countries, including New Zealand."

Those on the risk register were assessed to represent a potential threat to New Zealand, related to terrorism.

"Here in new Zealand we have seen a small number of individuals charged for offences committed in support of their extremist ideology."

In her opening comment Kitteridge spoke about a plot that was disrupted last year to plant an explosive device on a passenger plane departing from Sydney.

It was already public knowledge that critical intelligence about the plot was provided to Australia by Israel.

"I raise this for a couple of reasons: the plot highlights that aviation targets are still of interest to terrorist groups and that incidents can happen close to home and this example highlights how critical intelligence can come from non-traditional partners."

MPs present, besides Ardern, were Deputy Prime Minister Winston Peters who asked no questions, Green Party leader James Shaw, National deputy leader Paula Bennett, and former National ministers Amy Adams and Christopher Finlayson.

Kitteridge said that New Zealand had not seen the kind of interference in elections that other countries had experienced.

"However over the past year foreign state actors have tried to access sensitive government and private sector information.

"They have attempted to interfere with expatriate communities, and to prevent them from exercising their human rights, such as the right to protest and freedom of association."

Speaking to reporters afterwards, Kitteridge would not confirm she had been talking about China in that regard, although such criticisms are increasingly made against China by Australia.

Andrew Hampton talked to the MPs about the GCSB's work with the Cortex programme – including a pilot with Vodafone - which helped state and important private sector infrastructure to fight cyber attacks.

In the 12 months to June 2017, it was believed that Cortex had led to the avoidance of $40 million of harm to public and private sector organisations. Amy Adams asked him about plans to expand the use of Cortex beyond its current 66 customers for greater protection.

Hampton talked about a pilot programme last year that had been undertaken with Vodafone as an internet service provider.

"I can talk in the closed session on the detailed findings but what was key that came from that was it was very effective. It ended up by us making threat information available to the ISP directly. They were able to block about five or six times more malware than they would than with their own capability."

A proposal was before Government to implement the next phase of Cortex.

"The proposal if implemented would increase the coverage quite significantly."

Hampton also talked about cyber security threats and said New Zealand infrastructure was being used as a staging point by threat actors to target systems in other countries.

"Motive varies from espionage to revenue generation and seeking to secure political advantage.

"Last month I added New Zealand's voice to the international condemnation of the NotPetya cyber-attack which international partners have now attributed to the Russian Government," he said.

"It targeted Ukraine, but had a global impact – including affecting supply chains in New Zealand."

In December he had also joined international partners to express concern about international reports which linked North Korea to the WannaCry ransomware campaign.

"While New Zealand was not significantly impacted by NotPetya or WannaCry, we are not immune from this type of threat, which is why New Zealand called out these instances of reckless and malicious cyber activity."