About us

Our objectives

We work to enable the protection, wellbeing and prosperity of Aotearoa New Zealand by providing trusted cyber security services. Our strategic objectives are to:

Defend national security
Raise cyber resilience
Facilitate digital transformation.

We fulfil our objectives through four functional activities: providing preventative advice, and deterring, detecting and disrupting the types of malicious cyber activity that could affect the country’s national security and economic wellbeing.

Our strategy

The NCSC supports nationally significant organisations to improve their cyber security, and we respond to national-level harm and advanced threats.

Our mission is to protect Aotearoa New Zealand’s wellbeing and prosperity through trusted cyber security services.

Our strategy to 2024 guides the delivery of these services.

Learn more about our strategy

We detect and disrupt

We work with the consent of nationally significant organisations to detect and disrupt high-impact cyber threats that are typically beyond the capability of commercially available products and services.

Our defensive technologies find indications of malicious cyber activity. These technologies detect anomalies and signs of compromise on consenting customer networks. The range of threats is large and growing – both in New Zealand and internationally.

To deal with these threats, we:

Supply advanced threat detection and disruption capabilities to nationally significant organisations
Respond to high-impact cyber incidents at a national level.

Our incident responders help organisations evict malicious cyber actors from their networks, restore services, and recover. We disrupt malicious cyber activity by:

Sharing threat information across our customer base
Intervening when a threat is detected
Blocking specific threats to customer networks
Deploying our incident response team if necessary.

We advise

We work closely with hundreds of nationally significant organisations to improve their cyber resilience and reduce their vulnerability to attack. We provide organisations with advice, support and threat alerts to help them raise their cyber resilience.

We work with organisations such as:

Government departments
Key economic generators
Niche exporters
Research institutions
Operators of critical national infrastructure.

We guide and equip our customers to protect their valuable information and manage risks. We act as trusted, independent advisors, reducing the cost across the system by providing assurance, mitigating risk, enabling innovation, and supporting our customers through security issues.

As part of the Government Communications Security Bureau (GCSB), we contribute to New Zealand’s overall security resilience. We report to the Director-General of the GCSB, who is the Government Chief Information Security Officer (GCISO).

We share our cyber threat analyses with our customers and partners, and we foster a mature security culture based on the Government Protective Security Requirements (PSR) and the New Zealand Information Security Manual.

Learn more about the PSR on the Protective Security Requirements website

Learn more about the New Zealand Information Security Manual

We deter

We discourage malicious cyber attackers from targeting New Zealand by making it harder for them to operate here. We achieve this by providing best-practice and world-leading information security services.

We administer the network security provisions of the Telecommunications Interception Capability and Security Act 2013 (or TICSA). We engage with network operators to identify security risks in network changes they propose under TICSA.
We conduct risk assessments relating to New Zealand’s growing space industry, under the Outer Space and High-altitude Activities Act 2017.
We also help scrutinise certain foreign investment proposals from a national security perspective, under the Overseas Investment (urgent measures) Amendment Act 2021.

Learn more about our regulatory functions

We help to secure New Zealand Government’s most sensitive information and communications by providing high-grade encryption capabilities and ensuring that government facilities and systems are protected against technical threats.

Our legislation

The Intelligence and Security Act 2017 sets out our functions, powers and duties, and provides a legislative framework that allows us to conduct activities necessary to protect New Zealand and New Zealand's interests while acting in accordance with New Zealand law and human rights obligations.

Learn more about our legislation on the GCSB website

The NCSC and GCSB’s functions form part of the 2019 New Zealand Cyber Security Strategy.

Learn more about the 2019 Cyber Security Strategy on the Department of Prime Minister and Cabinet (DPMC) website

Further information

We respond to high-impact cyber incidents and threats to nationally significant organisations.

If you’re a nationally significant organisation, you can report a suspected incident to us.

Report a suspected incident

If you suspect a cyber security incident and you’re not sure what to do, you can contact us.

If you need general help or information about cyber security topics and services, check our Resources section.

Go to our Resources section

If your enquiry or suspected incident is outside our area of responsibility, we can refer you to CERT NZ or another appropriate organisation. (CERT is an acronym for Computer Emergency Response Team.)

Learn more about CERT NZ on their website(external link)

We work with a broad range of partner organisations to build our cyber defences.

Our domestic partners

Our domestic partners include CERT NZ, which provides general support to businesses, organisations and individuals affected by cyber security incidents. Another partner, New Zealand Police, is responsible for crimes that happen online.

We also work closely with technology and investment advisors including the Ministry of Business, Innovation and Employment, The New Zealand Treasury, the Department of Internal Affairs, and the Overseas Investment Office.

Our partnerships with New Zealand’s private sector

Cyber security resilience is centrally important to ordinary business operations. During incidents, we often work with the suppliers to the affected organisations as they restore their services.

We work with a range of local partners to deliver our Malware Free Networks service, and we work with nationally significant private-sector organisations to help them raise their cyber resilience.

Learn more about Malware Free Networks

Our international cyber security partners

Our primary international partners include the Australian Cyber Security Centre (within the Australian Signals Directorate), the Canadian Centre for Cyber Security (within the Communications Security Establishment), the United Kingdom’s National Cyber Security Centre (within the Government Communications Headquarters), and the National Security Agency in the United States.

We support the Government’s wider digital and data goals for aiding our country’s economic recovery and wellbeing. Our work contributes to some key strategies:

The Digital Strategy for Aotearoa(external link), led by the Department of Internal Affairs
The Strategy for a Digital Public Service(external link), led by the Ministry of Business, Innovation and Employment
The Government's Data Investment Plan(external link), led by Stats NZ
The Cyber Security Strategy(external link), led by the National Cyber Policy Office.