The Herald has a copy of the speech by GCSB Acting Director Una Jagose who has given more details of Project Cortex.
Cortex is mostly automated, with machines using information and patterns gleaned from previous attacks to scan data and systems for points of weakness and possible intrusions.
Of all data analysed, less than 0.005 per cent has to be reviewed by GCSB staff, Ms Jagose said, and there were “extraordinary” controls about how it was handled.
“Rules limit the number of people who can access it – all of them who can are computer defense specialists – who must indicate and show they have a clear understanding of the rules.
“And the Inspector General [of Intelligence and Security, Cheryl Gwyn] can view all of it. She can see a complete log of what has happened, and recorded reasons why any of that activity has been taken in relation to that data, or why an analyst is viewing that data.
“We cannot and don’t use it for any other purpose. That intelligence – sorry, that information gathered – is used for defending out networks. It is all about cyber security.”
Asked if customers of a company that is protected by Cortex were likely to understand that data may be reviewed by GCSB staff, Ms Jagose said organisations had to advise those who interact with their security systems that communications may be accessed for security purposes.
It is good to see the GCSB being more open about what they do in the cyber-security area, and also the safeguards.
Worth reading the full speech – it is very interesting.