Our intelligence community was on a multi-year timetable to fix security gaps when Brenton Tarrant allegedly murdered 50 people in two Christchurch mosques, documents reveal.
Declassified secret briefing papers say there were "significant unfunded pressures" in our lead intelligence agencies, the NZ Security Intelligence Service and Government Communications Bureau.
The documents warned in 2015 the intelligence agencies had "a resource problem" dealing with "the threat environment".
One document warned: "It will take time to build this capability."
The project is not due to be finished until 2021 at least with documents spelling out the huge task intelligence agencies after problems were identified in the wake of the illegal spying on Kim Dotcom and the Edward Snowden leaks.
• David Fisher: Just how bad were our spies?
• The Big Read: How our spies wound up getting Kiwi data 'unlawfully
• Exclusive: Spies disarmed by legal blunder amid 'high threat operations'
• New oversight report critical of spies and highlights legal 'gap' in GCSB practices
The combination of the two events triggered inquiries which identified issues needing a $179m funding boost in 2016 for the NZSIS and GCSB, to be spent over four years.
It left NZSIS director general Rebecca Kitteridge - whose GCSB review and NZSIS appointment identified many of the issues - driving a massive change programme to keep New Zealand safe, even while dealing with new legislation in 2017 and a beefed up oversight office.
From a national security perspective, the scale of the issues suggested years of underfunding had left New Zealand exposed.
One document also showed the intelligence agencies anticipated change would take years - at least until 2020 and likely longer - to fix the problems.
The agencies pitched for extra funding in 2015 raising concerns about security gaps identified through a 15,000 hour review process, according to documents released through the Official Information Act.
They were told funding "wasn't available" in that year's Budget and were instead given $5m each to start covering gaps including for "NZSIS operations".
"The increase has been allocated to the highest priority areas but does not cover all of the known risks," a later briefing paper said.
Another 2015 document said: "Significant unfunded pressures still exist across all years."
The planning document said the intelligence community had a "resource challenge" in dealing with the "threat environment".
"The level of threat in New Zealand is a reflection of the changing nature of terrorism, escalating cyber threats, and an apparent growth in espionage activity."
The agencies were told to prepare another pitch for 2016 which would show "the impact (of additional funding) on the business of all other change projects under way".
It would also "ensure a logical and sustainable growth path that enables core business to be maintained".
The agencies prepared five timeframes over which the changes would be introduced, ranging from four years to eight years.
The fastest scenario was considered "difficult to achieve without … significant risk".
It recommended a five-year growth plan to achieve "balanced growth while maintaining business as usual".
It is unclear which option Cabinet opted for but the papers show the agencies were aiming to complete the project between 2020 and 2021.
It said "trade-offs" in the different timeframes included the need to properly recruit and train staff, meeting National Intelligence Priorities and "becoming more agile to deal with an ever evolving threatscape".
The intelligence agencies got $179m to improve capability in 2016 which - among other areas - was for "additional investigators and collection staff to increase coverage of domestic security threats, including counter-terrorism, counter-espionage and counter-intelligence".
Cabinet was told the funding would deliver the objective of "significantly increased coverage of domestic security threats including counter-terrorism, counter-espionage and counter-intelligence".
While the Cabinet paper warned "no government can prevent all risks", it said there would be a "step-change in the ability of the NZIC to help protect New Zealand and advance its interests".
Cabinet was told: "The national security threats New Zealand faces - such as the risks of violent extremist attacks and the increasing sophistication of cyber-attacks - are complex and evolving."
The NZSIS went from having about 240 fulltime staff in 2014/2015 to 335 fulltime staff in 2017/2018. It is understood it aims to add even more staff as part of its change programme.
The increase is dramatic considering it had 111 staff in 2002 and 221 staff a decade later.
In terms of domestic threats, it is the job of the NZSIS - working with police - to identify threats to New Zealand's national security.
The NZSIS is also known by its te reo name, Te Pā Whakamarumaru, which translates to The Sheltering Citadel.
The most recent annual report focuses on threats from foreign espionage and domestic terrorism related to the online radicalisation linked to Islamic State of Iraq and the Levant (ISIL).
In identifying "emerging terrorism threats", the annual report stated: "One trend that continues to be prevalent is the online proliferation of extremist content and ideologies. Despite ISIL's territorial losses, its online influence remains and terrorist propaganda is readily accessible."
It said "the majority of leads" in the past year "were linked to ISIL".
The NZSIS gave an overview of "the threat landscape", with its narrative focusing on Islamic-linked terror.
It stated it was "possible for someone who is not known to security and intelligence agencies to move from radicalised to undertaking a terrorist attack or other action in a short timeframe".
There could be little warning, the warned.
Despite best efforts, it said "it is possible that an isolated individual, unknown to these agencies, could be inspired to carry out a terrorist act in New Zealand".
The NZSIS has been approached for comment.
David Fisher is a member of a Reference Group set up by the Inspector General of Intelligence and Security to hear views on developments possibly relevant to the work of the oversight office. The group has a one-way function in offering views to the IGIS and receives no classified or special information.