NCSC voluntary cyber security standards for infrastructure operators

New standards for cyber security have been developed and agreed by operators of critical power infrastructure in New Zealand.

The voluntary standards have been developed by the National Cyber Security Centre, which is part of the Government Communications Security Bureau (GCSB), and New Zealand Control Systems Security Information Exchange forum.

The GCSB Director, Ian Fletcher says, “The national and economic security of New Zealand depends on the reliable functioning of critical infrastructure, like our electricity networks.

“We meet several times a year to share information about threats and vulnerabilities in industrial control systems, which allow centralised supervision and control of remote assets such as power stations.  It is this commitment to information sharing and collaboration across the industry which has led to the development of the voluntary standards,” Mr Fletcher says.

“The energy sector forms a key part of New Zealand’s critical economic infrastructure and application of these voluntary standards will help increase the resilience of key systems and reduce their vulnerability to cyber-borne threats.

“The development of these standards is a tangible demonstration of effective collaboration between government and the private sector, and those involved are to be commended for their initiative and commitment,” he says.

While these nine standards have been developed for the power sector, they can be applied to all industries that operate industrial control systems. It is intended that they will be a starting point for further development and improvement.

Media contact: or