Title: SUSLOW monthly report for March 2013

Release Date: 2015-03-10

Document Date: 2013-03-01

Description: This NSA document from March 2013 gives an update on GCSB activities, including the use of WARRIOR PRIDE malware against an ASEAN country and the Kim Dotcom case: see the New Zealand Herald article NZ’s spy reach stretches across globe, 11 March 2015.


(U//FOUO) SUSLOW Monthly Report for March 2013

(U) March highlights:

- (U) Intelligence update:

o (TS//SI//REL TO USA, FVEY) GCSB has a WARRIORPRIDE capability that can collect against an
ASEAN target. The authorization has expired; GCSB is working to reestablish it. GCSB is also
working on the data transfer mechanism from GCSB to NSA.

o (S//SI//REL TO USA, FVEY) Provided input to the GCSB 3-5 year HF strategy. The strategy
outlines recommended improvements to the Tangimoana station, to include replacing the
antenna system and upgrading the collection capability to a wide-band GLAIVE. The
proposal should go to the GCSB Board of Directors shortly for final decision.

o (U//FOUO) Deputy Director Intelligence, is on a six month assignment to the

Department of Internal Affairs. He doesn't anticipate returning to GCSB. is Acting

DDI until 10 April. A longer term replacement has not been named yet.

- (U) IA/Cyber update:

o (S//REL TO USA, FVEY) GCSB has identified the following 4 key investment objectives in
response to the increase of targeted cyber threats within New Zealand:

- Make networks and systems less vulnerable to cyber exploitation

- Improve detection of intrusions that use known tools/techniques

- Increase discovery of new and previously unknown tools/techniques

- Actively disrupt the source of intrusions before they cause harm

o (U//FOUO) GCSB participated in a VTC with the Community Gold Standard team to discuss
the use of the CGS capability areas to support a more holistic approach to network security
and assurance. GCSB provided an overview of their risk management/asset management
program and the CGS team provided background on CGS and the Manageable Network Plan.
They also offered to align the existing GCSB mitigations with NIST 800-53 and then crosswalk
these against the CGS capabilities. A follow-up VTC will be scheduled.

o (C//REL) The 23rd Key Management Strategy Group (KMSG) event was hosted by GCSB
from 19-22 March 2013 and was attended by representatives from each of the FVEYs
partners. The NSA team participated via VTC along with the local NSA IA liaison.

Classified By:

Derived From: NSA/CSSM 1-52
Dated: 20070108
Declassify On: 20371001



o (U//FOUO) Established an information sharing link between the DIA's Malware Analysis
Team and FVEYs partners. Responding to positive feedback to a DIA report that was shared
with GCSB cyber analysts, DIA agreed to add FVEYs partners to their distribution.

(U) Issues:

(U//FOUO) Three legislative proposals are being deliberated in NZ government that will affect GCSB's

1. (S//REL FVEY) Updates to the GCSB Act of 2003 to expand GCSG's core functions to include
support to external government agencies, and allow for support to the private sector for
information assurance and cyber security.

2. (U//FOUO) Strengthened oversight from the Inspector General and the Intelligence and Security

3. (U//FOUO) Network and supply chain security for NZ government organizations.

(U//FOUO) The internal compliance review is complete. The report has been provided to Government.

It will be shared with the FVEY partners the week of 8 April and will be made public on 17 April.

(S//REL) The most recent development in the Dotcom litigation: the plaintiffs (Dotcom) have agreed to
separate the GCSB case from the NZ Police case. NSA general counsel is working with GCSB's chief legal
advisor to understand any impact on NSA equities.

(U) Senior visitors in March: None

(U) Upcoming senior visitors for April:









Click to send permalink to address bar, or right-click to copy permalink.

Un-highlight all Un-highlight selectionu Highlight selectionh