The National Cyber Security Centre (NCSC) is New Zealand's lead agency for responding to high-impact cyber threats against organisations of national significance, including government departments, critical infrastructure operators, and major economic actors. It sits within the Government Communications Security Bureau (GCSB), New Zealand's signals intelligence agency, and draws on GCSB's technical capabilities to detect, disrupt, and remediate sophisticated intrusions—particularly those attributed to state-sponsored actors.
NCSC's functions span incident response, threat intelligence sharing, vulnerability disclosure coordination, and operation of capabilities such as CORTEX and Malware Free Networks (MFN), which provide protective network defences to consenting customers. It publishes an annual Cyber Threat Report outlining the volume and nature of incidents recorded against nationally significant organisations.
In 2023, NCSC absorbed the functions of CERT NZ, the country's general-public computer emergency response team, consolidating New Zealand's operational cyber security agencies into a single entity. The merger was intended to streamline reporting pathways for businesses and citizens while preserving NCSC's specialist focus on the most serious threats.
NCSC is also a public attribution voice for the New Zealand government. It has joined coordinated statements with Five Eyes partners (the US, UK, Canada, and Australia) on intrusions linked to actors such as China's APT40 and Russia-aligned groups, and contributes to joint advisories published with agencies including CISA, the NSA, the NCSC-UK, and the ACSC.
For Model UN and policy researchers, NCSC NZ is a useful reference point when examining how small states organise national cyber defence, how intelligence agencies interface with private-sector critical infrastructure, and how the Five Eyes partnership operationalises threat intelligence sharing. Its reports are publicly available and frequently cited in debates on cyber norms, attribution, and supply-chain security.
Example
In 2021, NCSC NZ publicly attributed malicious cyber activity targeting Microsoft Exchange servers to actors affiliated with China's Ministry of State Security, joining a coordinated statement with Five Eyes partners.
Frequently asked questions
No. They share a name and broadly similar missions but are separate national agencies. NCSC NZ sits within the GCSB; NCSC-UK is part of GCHQ.
Keep learning