Follow-up Review for the New Zealand Intelligence Community (NZIC) - Te Rōpū Pārongo Tārehu o Aotearoa
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
Performance Improvement
Framework
Follow-up Review for the
New Zealand Intelligence
Community (NZIC)
Te Rōpū Pārongo Tārehu o Aotearoa
August 2018
Performance Improvement Framework – Follow-up Review for the NZIC a
Contents
Executive summary 3
Accepting the future performance challenge 4
NZIC’s commitment 4
The future performance challenge 6
Progress on performance improvement 8
Context 8
The scale and pace of performance improvement 9
Areas of focus 14
The Intelligence and Security Act 2017 14
Demonstration of Value 17
Managing Growth 19
Appendix 21
Lead Reviewers’ acknowledgement 21
Introducing the NZIC’s
Lead Reviewers
Sandi Beatie, QSO Geoff Dangerfield, QSO
Sandi is a Director on the board of Education Payroll Ltd, Chair of the Geoff works in governance and advisory roles in the public and
Archives Council and a member of the Ministerial Advisory Committee private sectors.
on Public Broadcasting. She is a member of the Risk & Assurance
He is an Independent Director of Payments New Zealand Ltd,
Committee for the Department of Prime Minister and Cabinet, and
Executive Chair of New Zealand Festival, Director of Wellington Water
Inland Revenue and a Trustee for Kāpiti Trade Aid.
Ltd, Chair of the Audit and Risk Committee for Oranga Tamariki
In 2017, Sandi conducted an Inquiry into the treatment of staff at and Chair of the Major Outsourced Contracts Advisory Board for
the Ministry of Transport who raised concerns about a former senior the Department of Corrections. Previous governance roles include
employee and, she then led the development of potential options for Director of Auckland Transport and of NZ Transport Ticketing Ltd and
strengthening independent oversight of the Oranga Tamariki system. Chair of the Leadership Development Centre.
She has worked in the private sector, local government and the Geoff’s former public sector roles included Chief Executive of
public sector. Sandi’s former public sector roles included Deputy New Zealand Transport Agency, Chief Executive of Ministry of
State Services Commissioner, Deputy Chief Executive Department Economic Development and Deputy Secretary to The Treasury.
of Corrections, Deputy Chief Executive, Deputy Secretary Strategy &
Geoff holds an MSc in Resource Management, is a Fellow of the
Corporate and Chief Information Officer Ministry of Justice.
Chartered Institute of Logistics and Transport, a Chartered Member
Sandi holds a Masters in Public Policy, is a member of the Institute of of the Institute of Directors, and a Companion Member of Engineering
Directors, and a Companion of the Queens Services Order. New Zealand.
Published August 2018. ISBN 978-0-478-43490-3 (Online) Web address: www.ssc.govt.nz/pif-reports-announcements
© Crown copyright
This copyright work is licensed under the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International licence. In essence, you are free to copy and
distribute the work (including in other media and formats) for non-commercial purposes, as long as you attribute the work to the Crown, do not adapt the work and
abide by the other licence terms. To view a copy of this licence, visit https://creativecommons.org/licenses/by-nc-nd/4.0/. Attribution to the Crown should be in written
form and not by reproduction of any such emblem, logo or Coat of Arms.
Performance Improvement Framework – Follow-up Review for the NZIC b
The Performance Improvement Framework (PIF) enables
State Service leaders to identify opportunities for
improvement, building positive outcomes for
New Zealand.
PIF is designed for agencies in the New Zealand State sector.
The PIF Review is a valuable tool that helps leaders drive organisational change.
Change that will improve future agency performance, resulting in the delivery of
better public services.
Independent reviewers lead each PIF Review. They have significant leadership
experience across New Zealand’s public and private sectors. Their fresh
perspective helps to stimulate ‘new thinking’ amongst agency leaders as they
grapple with the critical issues and challenges that lie ahead for their agency.
The Review is a future-focused exercise. The reviewers consider the questions:
what is the contribution New Zealand needs from this agency and what is the
performance challenge to make that contribution over the next four years?
Taking a four-year horizon encourages medium-term strategic thinking and
helps leaders and agency staff to understand what success would look like.
Then, by considering current capability to meet future challenges, the reviewers
evaluate the agency’s preparedness for the future and describe its performance Peter Hughes
improvement priorities. State Services Commissioner
Each PIF Review delivers a published report, ensuring transparency and
supporting accountability to New Zealanders.
At a suitable time after the PIF Review, the agency may commission a PIF
Follow-up Review, in which Lead Reviewers examine the agency’s progress on
the performance improvement priorities and focus on specific areas agreed
with the agency. The Lead Reviewers will also comment on changes in the
critical issues and challenges for the next four-year period and may update the
performance improvement priorities.
The PIF Review is a valuable tool that helps leaders
drive organisational change.
Performance Improvement Framework – Follow-up Review for the NZIC 1
Performance Improvement Framework
Four-year Excellence Horizon
What is the agency’s performance improvement challenge?
Delivering Government Priorities
How well is the agency responding to government priorities?
Delivering Core Business
In each core business area, how well does the agency deliver value to its customers and New Zealanders?
In each core business area, how well does the agency demonstrate increased value over time?
How well does the agency exercise its stewardship role over regulation?
Organisational Management
How well is the agency positioned to deliver now and in the future?
Leadership and Delivery for Relationships People Financial and
Direction Customers and Development Resource
New Zealanders Management
Purpose, Vision Customers Engagement with Leadership Asset
and Strategy Operating Model Ministers and Workforce Management
Leadership and Sector Development Information
Collaboration and
Governance Partnerships Contribution Management Management
of People Financial
Values, Behaviour Experiences of
Performance Management
and Culture the Public
Engagement with Risk Management
Review
Staff
Performance Improvement Framework – Follow-up Review for the NZIC 2
Executive summary
This Review is a follow-up to the undertake an in-depth study of This report tells a story of a lengthy
Performance Improvement Framework cost drivers and future capability and challenging journey to get basic
Review (PIF) conducted in 2014. The requirements. This led to a significant systems and processes in place and
PIF Review came toward the end of a increase in baselines over a four-year the introduction of additional capability.
turbulent period for the core intelligence period to 2020. This injection and This has been critical to the positioning
agencies and was accompanied by what has occurred in the agencies of the agencies now and for the future.
intense public scrutiny. Other reviews and across the NZIC as a result, is an The agencies can be confident they
had pointed to the need for attention instructive example of where adverse are on the right track. Feedback from
to professional operational practices PIF findings were taken on board staff and stakeholders is generally very
and compliance with the law as well as by the senior leadership to drive positive although for some there are
learning from systemic failures1. The significant change in performance still unrealised expectations around
focus of the PIF was to set a four-year while at the same time investing in how well the sector architecture for
excellence horizon and to assess the new skills, analytics and tools. coordination and alignment of all
agencies’ delivery on Government security and intelligence functions is
In September 2017, following
priorities and core business. It also performing, while others had concerns
the Cullen/Reddy Review2 a new
assessed how well the agencies were about what was described to us as
Intelligence and Security Act (the
positioned to deliver then and into the “change fatigue”. It is nevertheless
Act/ the new Act) came into force.
future. Combined with the learnings understood that there is still much to
The Act in summary addressed
from the other reviews it acted as a be done and stakeholders in particular
inconsistencies between the two
catalyst for galvanizing change. have expectations of seeing tangible
agencies’ legislative frameworks
lifts in capability over time comparable
Since 2014, the leadership of allowing them to work together more
to the investment that has been made.
GCSB and the NZSIS underwent collaboratively. While the policy work
change and what has followed is an leading up to the Act was led out of NZIC now has a consistent authorising
impressive catalogue of organisational DPMC, the implementation of it rests environment and the resources to
transformation. The performance primarily with GCSB and NZSIS. build its capability and is well placed
challenge set out by the PIF signaled to continue the transformation that is
In that regard, the specific areas
the need for fundamentally re-thinking underway. There are a number of key
of focus for this follow-up review
the approach to almost every dimension performance challenges ahead that
have been to address how well
including leadership, direction and we have outlined including stepping
the community is placed to take
delivery, external relationships and up the focus and pace of deepening
full advantage of the potential
people development. operational cooperation; giving ongoing
opportunities the new Act provides.
concerted attention to people and
The NZIC agencies in 2014 were also In addition, we were asked to
leadership development; improving
under both capability as well as severe explore two other specific areas:
the experience of stakeholders and
financial pressures and one of the first demonstration of value and managing
customers, and continuing to build and
acts of the new leadership was to growth.
sustain public trust and confidence.
Sandi Beatie Geoff Dangerfield
Lead Reviewer Lead Reviewer
1 2009 Murdoch, 2013 Couchman and 2013 Kitteridge reviews.
2 Intelligence and Security in a Free Society, the First Independent Review of Intelligence and Security in New Zealand
by Dame Patsy Reddy and Hon Michael Cullen – 29th February 2016.
Performance Improvement Framework – Follow-up Review for the NZIC 3
Accepting the future
performance challenge
NZIC’s commitment We continue to build better working
relationships across the public sector.
As the leaders of the NZIC, we This is particularly apparent in working
welcome the PIF Follow-up Review’s with public sector agencies on policy
positive assessment of the agencies advice that may have national security
and agree with the focus areas implications. Our input has been
identified. The 2014 PIF provided us welcomed by other public sector
with a roadmap for change. We have agencies and we expect the demand
used that roadmap, along with the for our input and expertise to continue
government investment in the NZIC, to to increase.
build solid foundations while delivering
GCSB and NZSIS have recently
value to our customers.
launched a joint leadership
It is reassuring that the assessment competency framework as we know
confirms that we are on the right track our leaders need to be fully equipped
and that our efforts over the last few as the organisations grow. The
years have been in the right areas and framework has associated training and It is reassuring that
in the right direction. We are half way
through the investment programme so
development depending on the level of
leadership role. In addition, we work
the assessment confirms
expect our performance and impact to with the DPMC led National Security that we are on the right
continue to improve. Workforce Strategy programme to
assist staff to have career paths
track and that our efforts
The areas for future focus identified
in the PIF Follow-up Review are across the wider security and over the last few years
known to us and we have work in intelligence sector. We will explore
opportunities to better align our values
have been in the right
train to address these performance
challenges. We have made and ensure we engage with the SSC areas and in the right
considerable progress in integrating as it looks at common values across direction.
and aligning functions; particularly the public sector. We will continue to
core enablement areas such as build on the good progress made to
HR, finance, security, IT, policy and date to foster greater diversity and
planning. We are committed to a more inclusion within the agencies and to
deliberate approach to integrating our address the gender pay gap.
strategies and operations where this The intelligence customer engagement
will improve our effectiveness, generate initiative is now being trialled with
value for customers, and is legally other agencies. Customer engagement
permitted. After all, in an increasingly will remain an area of focus as
connected operating environment, we improve our understanding of
neither our customers, nor those who customers and stakeholders’ business
wish to harm New Zealand’s interests, requirements, and assist them to
see distinctions between HUMINT3 and understand how they can use our
SIGINT4, or domestic and international products and services to achieve their
security. outcomes.
3 HUMINT is Human Intelligence: activities that involve the use of any persons to gather intelligence.
4 SIGINT is Signals Intelligence: intelligence gathered or derived from communications and information infrastructures.
Performance Improvement Framework – Follow-up Review for the NZIC 4
Both Directors-General regularly transparency requirements. We will
speak on New Zealand’s threatscape, further explore how we demonstrate
including cyber threats, the role of our that we have the right level of capability
agencies, our recruitment needs, and to collect and assess intelligence and
the improvement track the agencies ensure New Zealand is a credible
have been on. DPMC has more contributor to international intelligence
actively publicised the arrangements and security.
in place and the workings of the
The Security and Intelligence Group
national security system (ODESC).
(SIG) of DPMC takes a leadership We are taking a more
We are all focused on ensuring more
unclassified information is available
role on system level national security strategic approach to
policy, risks and issues. The NZIC
publicly. Examples of this are that our
welcome the reviewer’s finding that communications in order
annual reports have richer content
and our joint Briefing to the Incoming
the GCSB and NZSIS have matured to further inform the public
as agencies, which now allows
Minister was proactively released
DPMC to focus on leadership and understanding of national
for the first time in 2017. We are
taking a more strategic approach to
system steering. DPMC has picked security challenges.
up the challenge of steering the
communications in order to further
national security system, including
inform the public understanding of
strengthening shared common goals.
national security challenges.
Finally, we would like to thank the
The NZIC continues to face the
Lead Reviewers for the time they took
challenge of how to measure
to understand the NZIC, our functions,
performance and demonstrate our
opportunities and challenges.
impact while balancing security and
Andrew Hampton Rebecca Kitteridge Howard Broad
Director-General of the GCSB Director-General of Security Deputy Chief Executive DPMC
Performance Improvement Framework – Follow-up Review for the NZIC 5The future performance
challenge
The state and performance of the challenge is to be more purposeful on A priority for the NZIC must be the
New Zealand Intelligence Community the expectation of working together implementation of effective leadership
(NZIC) is substantially different from and to lay out the cooperation and development pathways that
that described in the 2014 PIF Review. development plan. enable more mobility of staff and
The agencies have improved their experience between the intelligence
performance in the critical areas Build stronger relationships community, the national security
identified in that review. Together with across the public sector sector and the wider public sector.
a consistent authorising environment
The GCSB and NZSIS are now more A more seamless way of working
established in the Intelligence and
formally part of the Public Service, between the agencies is a people
Security Act 2017 and the additional
and that brings with it the opportunity leadership challenge. While there will
financial resourcing that has been
to act more deliberately and collegially always be aspects of different cultures
committed through the Strategy,
as part of the wider policy and within the NZSIS and GCSB that
Capability and Resourcing Review
operational community that deals with are evident because of the nature of
(SCRR) process, the agencies are well
security and intelligence matters. As different work and differing skill sets,
placed to continue the transformation
DPMC focuses more broadly on the a more joined-up workforce needs to
that is underway.
rest of the sector, NZSIS and GCSB be underpinned by a common set of
The agencies are clearly on the will need to as well, as partners in values to guide desired behaviour. The
right path. The transformation so far that broader sector. In doing so, the different expressions of organisational
addresses weaknesses identified in agencies will need to learn to be more values that have been developed by
the PIF review published in 2014 and open and engaging. To date the latter each agency to date work against this.
builds a foundation for the future. The has primarily rested on the shoulders
future performance challenge for the of the agency heads and while they
agencies is to fully embed the changes have a continuing role to play in this,
that have been made and use that as a the expectation needs to now be
platform to drive transformation further shared more amongst tiers two and
into operational areas, which is where three. The new Joint Directors-General
lasting improvements in effectiveness Office (JDGO) will play an important
will be achieved. role in this.
Deepen the operational Build and retain the required
cooperation between the workforce – including
intelligence agencies effective leadership and
management of people and a
With improvements to the underlying
common set of values The agencies are clearly on
business systems that have been made
or are underway, the next challenge is Meeting this performance challenge
the right path.
to lift improvements in the operational requires persistent concerted
systems and capability and to lift attention to the ongoing development
the level of operational cooperation of people managers and commitment
between the GCSB and NZSIS. to the implementation of the workforce
The success of the shared services strategy developed for the two
approach needs to be replicated by intelligence agencies and the links
a stronger focus on joint operational to the National Security Workforce
teams on the national security and risk Strategy. There is a need to speed up
issues facing New Zealand. the development of specific skills and
While the operating environments training to ensure that the tradecraft
for each of the two agencies are and technology skills are brought on
different and distinct, the performance board.
Performance Improvement Framework – Follow-up Review for the NZIC 6Be truly customer oriented, public discourse in some sections of The performance challenge is to
and bring the necessary society can take a negative slant, the demonstrate that the investment in
products and advice together fact remains that intelligence agencies the intelligence community is building
in a more integrated way have a legitimate role in protecting the requisite capabilities to achieve a
New Zealand’s safety and security. higher degree of protection in each of
Developing a customer engagement To do that they have powers given by the high priority national intelligence
approach across the NZIC remains a Parliament that they must carry out priorities. That means building a
work in progress. It is vital to effective in a lawful manner. Less well known strength in capability assessment
performance, given that this is how is that ‘intelligence’ plays a role for methodology that can robustly
stakeholders and customers experience instance, in protecting our borders demonstrate the shifts in capability in
the work of the agencies and make from transnational crime. The protective the required areas.
judgements about their effectiveness. security activities of the agencies
Our interviews revealed that a key protect against cyber threats, cyber
challenge, especially for Ministerial crime and also help to protect our
decision makers, is to clarify the personnel, property and information.
purpose and priority of the information
that is presented to them, especially Develop the Security and
when it is not accompanied by advice Intelligence Group’s purpose
on the actions they might take as a and refine the structures
result. In part, this stems from the
limitations on the roles of the agencies, The security and intelligence activities
and on the National Assessments are spread across many aspects
Bureau (NAB) that preclude them of government, and it is the role of
from being the policy advisors. There the Security and Intelligence Group
are also challenges to ensure that the (SIG) of DPMC to ensure that there
protective security activities and the is a whole of system view of risks,
cyber protection initiatives continue to priorities and actions, and where
be well focused on customer needs. system performance can be improved.
We think the big performance challenge The performance challenge in
here is to ensure that the customer this area is to shift from oversight
engagement approach is couched and reacting to developments, to The performance
leadership and system steering. As
more in system terms than in agency
terms. When looked at from the GCSB and the NZSIS have lifted their challenge is to step up
customer’s experience, they need both performance, the SIG purpose and the public engagement
relationship needs to be redefined.
intelligence/security information and
the “choices on what to do” advice While there will still be a need for a
about the work of the
presented together where practical. collegial collaborative relationship intelligence community
with GCSB and NZSIS, the SIG focus
Part of the performance challenge is to
needs to pivot more towards the
and to be open about
gain a better understanding and regular
insights into what is useful for the broader sector and its system role in the issues and security
customer, and in the case of decision- relation to risk and security (including
cyber) policy. The stewardship of the
challenges that
makers what they need in order to
make quality decisions and ensure that system requires strengthening the New Zealand faces.
this is done in a timely way. shared common goal and clarifying
the inter-dependent roles within the
Strengthen public trust and Security and Intelligence Board
confidence, and be open and (SIB). It also needs to coordinate
engaging about New Zealand’s the sector’s interface with the Prime
risk environment Minister and other Ministers.
The performance challenge is to step Demonstrating the
up the public engagement about the capabilities for success
work of the intelligence community
and to be open about the issues and A common question is how
security challenges that New Zealand can we measure what we are
faces. Done in the right manner this delivering in terms of the security of
will not compromise the activities of New Zealanders? There is a tendency
the agencies or trust of partners. There to want to seek out measures that
is a richness of story that can be told build on the numbers of intelligence
that does not compromise the need reports prepared at one end of the
for secrecy but talks to what matters spectrum or the evidence of outcomes
to New Zealanders. While often the of the lack of harm at the other.
Performance Improvement Framework – Follow-up Review for the NZIC 7Progress on performance
improvement
Context The intelligence community works This PIF Follow-up Review looks at
together to strengthen protective how far the community has come
The 2014 PIF Review focused on the security including cyber security by since 2014, into what the future
‘core intelligence community’ (NZIC) providing the policy, protocols and challenges might look like and how
which comprised of: guidelines to help agencies identify well placed the organisations of the
• the National Assessments Bureau what they must do to protect their NZIC are to respond to them.
(NAB) people, information and assets.
• the Government Communications Internationally, the NZIC works in
Security Bureau (GCSB) partnership with other intelligence
• the New Zealand Security communities, most notably as part of
Intelligence Service (NZSIS). the Five Eyes7 network. New Zealand
provides intelligence products and
For the purposes of this follow-up services to partner countries in areas
PIF Review, our focus will include the of specialist capability or focus and
wider Security and Intelligence Group receives relevant intelligence products
(SIG) within the Department of Prime
Minister and Cabinet (DPMC) of which
and services in return. New Zealand
relies heavily on the resources and
The intelligence
the NAB is a part. Areas where the products that these partnerships community works
respective roles between the agencies
and the broader sector intersect are
provide.
together to strengthen
also included in the review. Since the PIF Review in 2014, there
has been substantial change, the
protective security
As a collective, the NZIC articulate
intelligence community has been including cyber security
their purpose as serving their key
customers5 to
asked to respond both to a rapidly by providing the policy,
changing international landscape
• Increase New Zealand’s decision and to organisational challenges and protocols and guidelines
advantage opportunities set out over the past few to help agencies identify
• Reduce threats to New Zealanders years and an increasing pressure to
• Strengthen protective security. maintain and improve public trust and what they must do to
This requires working collaboratively
confidence. protect their people,
with each other and with the wider During this time, the NZIC agencies information and assets.
intelligence sector6 to collect and received a significant baseline
analyse intelligence and provide increase in funding in order to build
information and advice especially to a future-focused strategic operating
decision makers across Government and investment model over the next
that can help protect New Zealand four years (2016-2020). This increase
security interests. Further to the core was a result of a Strategy, Capability
intelligence and security functions and Resourcing Review (SCRR)
played by the NZIC, DPMC plays a with the intent to better position the
coordination role across the whole organisations to meet the current and
sector through the functions of the SIG. future challenges.
5 Customers include Ministers, Government Agencies, Business and New Zealanders – as articulated in the New Zealand
Intelligence Community Four Year Plan 2016-2020.
6 The intelligence sector is a group of wider agencies or parts of agencies including the NZIC and others such as Police,
NZDF, MoD, MFAT, Customs, MPI and MBIE.
7 Five Eyes refers to the UK, Australia, Canada, USA and New Zealand.
Performance Improvement Framework – Follow-up Review for the NZIC 8The scale and pace and NZSIS along with some additional
capacity to DPMC’s Security and
of performance Intelligence Group.
improvement Addressing internal infrastructure
2014 Excellence Horizon The 2014 PIF identified that the
internal support infrastructure of the
The 2014 PIF identified a number of
NZSIS and GCSB was well below
significant shortcomings within the
accepted standards and not well linked
three core NZIC agencies. Those
to changes made to management
shortcomings were found to be
practice in the wider State Sector.
inhibiting the performance of each
Urgent attention therefore needed to
of the agencies and impacting the
be given to addressing a legacy of very
effectiveness of their combined
weak internal capability and systems to
contribution to New Zealand’s national
position the agencies well to manage
intelligence and security sector.
both current and projected growth in
The Review described the challenge future years.
within a four year horizon for these
Significant progress has been made in
intelligence agencies as being able
each of these areas with new capability
to demonstrate it has enhanced
deployed into human resources,
the nation’s safety, increased
finance and IT to establish a ‘shared
New Zealand’s resilience to threat
service’ approach for GCSB and
and continued to deliver value in the
NZSIS. These functions are integral to
interests of New Zealand. In order
achieving the purpose of the agencies.
to do this, the agencies needed to
Consequently, a more purposeful
deliver strong sustained performance
approach is being taken to people Significant progress has
across a number of areas including
policy development, assessments,
management, financial management been made…
and to improving the IT environment.
collection, protective security and
There have been identifiable
threat management. The PIF pointed
improvements to the processes of
to substantive weaknesses in the
recruitment, performance management,
organisational health and capability
remuneration and support for people
of both GCSB and NZSIS while at
managers along with a step change
the same time being under significant
in financial management and the
fiscal strain.
commencement of upgrading IT
support and capability.
The Journey so far
These are relatively new improvements
Responding to the 2014 and it is recognised that there is still
performance challenge some way to go in all of these areas
Following the 2014 PIF and to but there is a clear pathway for building
understand further cost drivers upon what has already been put in
and capability needs, the agencies place. Nevertheless, critical challenges
undertook a comprehensive Strategy, remain including recruiting a more
Capability and Resourcing Review diverse workforce particularly in core
(SCRR) in the same year. This intelligence collection capability. The
enabled the agencies to substantially recently developed Diversity and
address the organisational Inclusion Strategy will help to address
weaknesses and set the foundations the issue in a systematic way. As the
for improving capability. The depth of community grows and potentially
work undertaken through the SCRR becomes more diverse, there will
project led to Government support inevitably be quite a significant cultural
in the 2016/17 financial year for challenge to ensure the protection
the sequencing of investment in the of the integrity and social licence to
agencies over an initial four-year operate while continuing to build and
period. This has been fundamental retain Ministerial, customer and public
to improving both capacity and trust and confidence. Sound systems
operational capability across the core around induction and training will be
functions of domestic and foreign critical, as is the continued attention to
intelligence and security within GCSB 21st century leadership development.
Performance Improvement Framework – Follow-up Review for the NZIC 9Positioning for the future and other security risks. The 2014 PIF
noted the need for the NZIC to clarify
While SCRR has been critical to enable
the scope of its role and to create
the intelligence community to improve
more seamless collaboration and
resourcing and capability, the heads of
efficient resource allocation amongst
each organisation have also set about
the individual agencies. This approach
transforming how their respective
would help to achieve products and
organisations operate. This is most
services prized by key customers as
apparent for the NZSIS where recent
vital and which deliver more value than
significant structural change combined
the outputs of the individual agencies.
with a new Intelligence and Security
Act has meant a large and challenging The PIF coincided with DPMC being
programme of change. Other mandated by Cabinet to lead the
initiatives contributing to supporting NZIC. This manifested itself in the
transformation particularly within both development and implementation of
GCSB and NZSIS include clarity of a broad set of National Intelligence
purpose and mission; a joint workforce Priorities and establishing cross-
strategy; establishment of policy sector Priority Co-ordination Groups to
capability; changes to leadership implement the priorities. It resulted in
team composition; improved focus on DPMC working closely with the NZSIS
compliance; the successful delivery and GCSB to restore Ministers’ trust
of a large technology programme and confidence and participating in the
to counter cyber threats; and the Strategy, Capability and Resourcing Critical to positioning for
development of a Joint Directors-
General Office. Critical to positioning
Review (SCRR), the Cullen/Reddy
Review and subsequently leading the
the future has been the
for the future has been the attention policy work that provided the legislative attention given to the
given to the broader development framework for the Intelligence and
Security Act 2017.
broader development of
of the top secret workforce. For
example, initiatives to close the gender
In the security and intelligence
the top secret workforce.
pay gap, the active and successful
sector all three agencies are seen
graduate recruitment programme
as key contributors at senior levels
in the Bureau and support for
to the various fora that have been
programmes to encourage women into
established to aid collaboration,
science, technology, engineering and
cooperation and information sharing
mathematics with the aim of achieving
in times of national crisis and in
greater diversity across the workforce.
addressing external threats to
While new ways of working in a number New Zealand. The Chief Executive of
of areas are still bedding in, the job DPMC chairs the Officials Committee
is not yet done with attention now for Domestic and External Security
needing to turn to further improving Coordination (ODESC) which is called
the core intelligence collection and together when a particular threat or
security protection functions so that situation requires collaborative action.
they are optimally placed to operate in DPMC, through its Security and
a faster paced and volatile world. That Intelligence Group has established
said, the focus brought to improving other architecture for the purposes of
performance to date has shown an sector coordination and information
impressive degree of leadership and sharing and the assessment and
persistence to get things right. collation of all hazards and all risks.
DPMC’s Deputy Chief Executive chairs
NZIC and the wider Security and the Security and Intelligence Board
Intelligence Sector (SIB), which focuses on external
The purpose of the NZIC is to deliver threats and intelligence issues, and
decision advantage to the Government oversees the National Intelligence
on managing specific risks to Priorities (NIPs). There is also a
national security. It does this through Hazard Risk Board (HRB) which
intelligence led advice and insights focuses on civil contingencies and
as well as specialist advisory services hazard risks. Both Boards allocate
on protective security, cybersecurity risks to specific agencies.
Performance Improvement Framework – Follow-up Review for the NZIC 10During the course of this Review there The three agencies working
were a spectrum of views expressed collaboratively together is still an
around the effectiveness of this important aspect of being part of
architecture. There was clarity on the NZIC, especially as the Government
role of ODESC. On the other hand has invested through SCRR to
some were critical of SIB and felt that increase the community’s capacity
its role needed to be better defined, and capability but also because
while others thought it was a maturing there are opportunities to collaborate
forum whose development depended around intelligence collection and
upon the willingness of the respective reporting. Some important foundations
agencies to make it work. Sector to this collaboration have been put
collaboration at the best of times is in place including an agreed NZIC
not always an easy thing to achieve. strategy and four-year budget plan.
While the formality of architecture A joint leadership team comprising
is useful, it cannot take the place of representatives from the respective
constant attention to relationships. agencies was established to provide
These appear relatively strong at a governance mechanism for key
senior levels and between certain projects including SCRR report backs.
individuals across the agencies. The It is also intended to refresh the cyber
modelling of trust and coordination by security action plan and national
NZIC leaders is seen as a strength by cybercrime plan. These initiatives have
sector partners who are keen to see been necessary to ready the agencies
that spirit of collaboration consistently for their next phase of growth, and to
applied by middle managers and at provide a combined view to improving
day-to-day working levels. performance.
As a result of structural changes within Establishing a Protective Security
DPMC, a Deputy Chief Executive, Approach The modelling of trust
Security and Intelligence was created
to lead a newly formed Security
In addition to the changes noted and coordination by
above, a Protective Security
and Intelligence Group (SIG) taking
Requirements framework has NZIC leaders is seen
the place of the former Intelligence
and Co-ordination Group. This
been developed and implemented as a strength by sector
across government and to some key
group operates at a functional level
private sector economic generators. partners…
(intelligence) and a system level (i.e.
The framework initially started by
all-risks approach to national security).
DPMC has been transferred to the
Given the strength of leadership
stewardship of the NZSIS and has
evidenced in the GSCB and the NZSIS
been in place for 2 years. It relies
and the status and accountabilities
upon the external organisations self-
of the Directors-General and their
reviewing against capability criteria
agencies as government departments,
on an annual basis. These self-
there is no longer a need for DPMC
reviews enable transparency around
to provide the significant level of
maturity levels and the areas that
oversight and supervision that it has.
require most attention. This has been
The challenge now for the NZIC and a well-supported and sound initiative
in particular, DPMC SIG is to work that appears to have led to greater
collaboratively with the NZSIS and awareness of protective security
GCSB on intelligence and security requirements and increased maturity
matters and advice to government, as well as being viewed positively by
while at the same time focussing its Five Eyes partners. GCSB’s National
efforts toward cross-sector and system Cyber Security Centre proactively
stewardship. This latter role is the helps agencies and organisations
core purpose of SIG. It means a focus of national significance protect and
on sector priorities and assessing defend their information systems
whole of sector capability to achieve against cyber-borne threats that are
them. It also means developing typically beyond the capability of
efficient mechanisms to enable sector commercially available products and
coordination and information sharing. services.
Conversely, it means not being drawn
into operational matters.
Performance Improvement Framework – Follow-up Review for the NZIC 11Reshaping the approach to Vetting The processing nature of vetting does It is also clear that the customer
lend itself well to the ‘Better Every agencies themselves will need to
The NZSIS also responded with
Day’ continuous improvement method, further develop their own systems
some urgency to customer criticism
and we encourage the continuation and processes to handle secure
of the vetting for clearances service.
of making improvements through information and to make effective
A ‘Better Every Day’8 approach to
staying close to the customer and use of it in their assessments. Given
improvement was initially adopted to
candidate experience. To achieve the variable maturity level amongst
better understand customer needs and
more substantive changes to vetting staff to ‘customer’9 across the NZIC
pain points. Process improvements and
will be reliant on automating tasks agencies, there is also a question as
technology changes have been made
and processes where possible within to whether in this instance, taking an
as well as the introduction of new skills
the system. We understand a case improving processes method on its
within the team. There is now greater
is being prepared to seek internal own will lead to sustainable outcomes.
transparency around the day-to-day
support for a technology upgrade. Bedding in customer awareness
workflow through a set of metrics for
and why it is important to the normal
tracking performance. The average Customer focus
way of working is as much a cultural
time taken has reduced by over 50%
In responding to the challenge challenge for the respective agencies
since mid-2017, however, the service
called out in the initial PIF Review as it is to do with processes and
is still hampered by backlog issues
around value products and services requires an overall defined strategy
with waiting times that can in some
to customers, the National Cyber and plan. This has been seen to work
cases take up to a year for candidates
Security Centre (NCSC) and successfully in situations utilising
seeking Top Secret and Top Secret
Protective Security Requirements a first principles approach. This
Special clearances. This includes
(PSR) Outreach are examples of an approach is informed through taking a
those seeking a renewal at the same
improved understanding of customer whole of system perspective coupled
level.
demand. with development of an in depth
The remaining challenge is to find understanding of the customer base,
The NZIC has initiated a customer
a sustainable means of addressing the segments within that, the needs
engagement initiative which is also
the pipeline issues that in turn of each segment and the value they
utilising the ‘Better Every Day’
affect perception of the quality and are seeking. This in turn drives clarity
method. The Ministry of Foreign
timeliness of the service. Action about the value that can be brought
Affairs & Trade (MFAT) was selected
is being taken to segment how to each customer grouping as well as
as the first customer to work
the different levels of clearance identifying priority areas for making
with, and are enthusiastic about
requests are handled. There are also improvements to levels of engagement
the results. The work to date has
opportunities to explore segmenting and process improvement. Focussing
included understanding pain points
further high volume customers and on the quality of engagement and
and customer needs. Trials are now
finding solutions with them that the simplification of processes
underway with MFAT testing new
could be mutually beneficial. For through learning from the voice of the
approaches to the delivery and
example, exploring a potential fee customer become an essential part of
utilisation of information. The intent is
for service to allow for additional day-to-day continuous improvement
to extend this engagement initiative to
specialist vetting staff. Given the low backed up by strategy and data sets.
other customers.
level of clearances where an adverse There could be value in each of the
recommendation is made there The initiative is a positive step, agencies individually taking a more
could also be other opportunities however progress is fairly slow considered view of their current
for improvement that would further and labour intensive. This raises customer set, segments, needs and
reduce timeframes. Another area to the question as to whether the the value they seek, then coming
consider is whether judgements on improvements being trialled with MFAT together to understand the differences
the level of classification required are could be sustained over a wider group and commonalities and to derive
being consistently applied particularly of customers if not accompanied by a forward strategy for taking the
in situations where customers are alternative and improved means of customer initiative into the future.
seeking high volumes of Top Secret or disseminating and enabling access to
Top Secret Special clearances. information.
8 Better Every Day is a methodology developed by the State Services Commission focussed on improvement through the
lens of the customer.
9 “Customer” in this context includes the intelligence sector agencies, other agencies of State, private sector partners or
those the agencies works with and, decision-makers including Ministers.
Performance Improvement Framework – Follow-up Review for the NZIC 12Sector Workforce Strategy demographics including remuneration
differentials, career needs and
Apart from intelligence matters, sector succession challenges. A sector
chief executives have also addressed based Career Board has a focus
pressure from within the workforce on succession for critical roles.
for a more organised system of talent Other initiatives include a sector Job
management akin to the broader Board for notifying vacancies and
public sector. This initiative has a formalised mentoring programme
culminated in the development of a for women. To create a better Staff we spoke with were
National Security Workforce Strategy.
The workforce covered by the strategy
appreciation of the roles of each extremely positive about
agency, workforce showcases have
comprises approximately 1,600 recently been held in Auckland both the showcase and the
personnel who hold Top Secret or Top
Secret Special clearances. A third
and Wellington with a total of 700 strategy itself as it is giving
attendees. Staff we spoke with were
of this workforce is under 35, mostly extremely positive about both the them a sense of being part
university educated with a 15.8%
diversity statistic against a public
showcase and the strategy itself as it of a bigger system...
is giving them a sense of being part
sector average of 35%. of a bigger system with potentially
Club funding for this initiative made greater opportunities. The success or
it possible to hire an experienced otherwise of this initiative rests with
manager to drive the initiative the sector chief executives and their
and to enable a more systematic commitment to continuing the work
approach to understanding workforce that has been started.
Performance Improvement Framework – Follow-up Review for the NZIC 13Areas of focus
This PIF Follow-up Review looks at Essentially the new Act creates a Common objectives,
three specific areas, detailed below: common authorising and compliance functions and priorities
environment for the two intelligence
1. The Intelligence and Security Act Having common objectives and
agencies. The provisions of the new
2017. How well are the agencies functions for the work of the
Act are designed to focus on the
placed to get the full benefits intelligence agencies has clarified
intelligence and security objectives,
from the Act, and where do they the role of the agencies and their
functions and operating frameworks.
still need to build functions and mandates to collect intelligence
With a few exceptions for individual
capability? whether in New Zealand or overseas.
responsibilities and requirements,
2. Demonstration of value. What does It has removed distinctions that
the Act makes joint provisions for the
public and customer value looks previously existed based on the
NZSIS and the GCSB. The Act also
like in the complex environment of type of intelligence collection,
reinforces the role of the NAB, hence
the intelligence community and to and focussed on the objectives of
covering the core elements that make
what extent can this be measured intelligence and the steps that must
up the NZIC which is the focus of this
and communicated? be taken to ensure that the range of
PIF report.
intelligence activity is appropriately
3. Managing growth. During the
The Act came into force in September authorised and lawful. While the
current period of significant
2017, and a great deal of work was Act creates common functions
change, how well is the community
done in the prior period after the date around protective security services
positioned to grow, not only in size,
of assent in March 2017 to establish a and advice and assistance, it gives
but in capability and performance
number of the policies and operating GCSB specific responsibilities in
delivery?
procedures that required to give effect relation to information assurance and
The Intelligence and to the Act. cybersecurity activities.
Security Act 2017 What the new Act enables The 2014 PIF review concluded that
clarifying the national security priorities
To a large extent the new Intelligence The 2014 PIF stated that the was an essential requirement to
and Security Act 2017 grew out of performance challenge for the NZIC enable effective resource allocation.
the Report of the First Independent was to clarify the scope of its role It noted that it would be ideal that the
Review of Intelligence and Security in and then to create a more seamless priorities chosen were achievable
New Zealand by Dame Patsy Reddy collaboration and efficient resource with the resources available. While
and Sir Michael Cullen, published allocation amongst the individual not a requirement of the new Act, the
in February 2016. The review found agencies in support of its purpose. Government has established a set of
that the legislative mandates for the In terms of business strategy and National Intelligence Priorities that
two intelligence agencies were out of operating model, the performance guide the work of these intelligence
date and incomplete. It recommended challenge was to ensure that the agencies - as well as all other agencies
that the legislation be overhauled to NZIC works together effectively so with intelligence responsibilities across
address inconsistencies between the New Zealand gets the maximum the public sector (MFAT, Ministry of
agencies that created barriers to them combined benefit from its security Primary Industries, Customs and so
working effectively together. Amongst intelligence agencies – by working on). The agencies now have a much
other things, the review concluded together to avoid duplication and to better basis than before to guide the
that the agencies need to be able to maximise synergies. development of their respective work
combine their skills and knowledge programmes.
to provide information that the While maintaining the separate
Government requires. While required agencies, the Act creates a common Each agency has worked to
by their terms of reference to maintain authorising environment and establish a set of strategic plans
separate agencies, an underlying establishes expectations around and operational priorities within this
theme of the Review was how the cooperation between them and environment, and to get alignment
agencies should be aligned and other agencies. We look at whether within their agencies on these plans.
cooperate without undermining each the agencies are together making This could move to the next stage
CEO’s accountability or compromising the most of the new Act and what it of a common strategy between the
security outcomes. enables. agencies that could effectively lay the
Performance Improvement Framework – Follow-up Review for the NZIC 14groundwork for establishing a joint the agencies will cooperate and build The performance challenge is to
operational focus on specific issues collaboration in all that they do unless create the best conditions possible
that is now required to maximise the there is a good reason not to do so. that enable the cooperation that will
value of the stronger foundations of They will put their cooperation interests enable better intelligence gathering
agency capability. first, and then assess those within the and assessment and ultimately
requirements of each separate agency. stronger security. If at some point in
Cooperation initiatives and In other words, they will maintain their the future Ministers were to decide
frameworks “separateness” as individual agencies to merge the agencies, then the
where it is necessary to achieve their prospect would be less daunting
The Act is framed around an
responsibilities under the Intelligence and the performance loss that often
expectation of cooperation. To date
and Security Act and cooperate and occurs in such circumstances would
this is most visible in the GCSB and
collaborate on everything else. It still be diminished.
NZSIS Shared Services approach.
requires a very careful assessment
A substantial step has been of the collaboration proposition, but Operational policies
taken recently to establish a Joint weights it in favour unless the costs
The new Act has established a
Directors-General Office (JDGO) and risks are too high and outweigh
common framework for operational
with responsibilities for strategy the benefits. If this was the stated
policies, a clearer basis to establish
development, Ministerial relationships objective, it would provide a strong
the bounds of lawful activity and
and servicing, communications and internal signal in terms of the culture of
where specific authorisations are
international engagement. While cooperation to be created. In time we
required. As a result, the agencies
staffed from both agencies, the JDGO would expect to see a stronger “one
worked promptly to make use of this
is designed to merge capabilities strategy – two agencies” approach.
environment by developing a suite
and hence lift the capacity of the two
The challenge now is to deepen the of core operational policies that give
organisations to jointly understand
cooperation on the operational side. effect to the Act’s provisions.
their operating environment and to
The new Act provides for closer
plan how each agencies operational The Act enables clear guidance
operational activity and then the next
capability can be developed and used to the security and intelligence
generation of cooperation initiatives
to greatest effect. It is still in the early agencies from the Minister on how
can be based around joint teams that
days of its establishment and not yet they conduct their activities through
can tackle the major national security
fully staffed. The two agencies are a formal mechanism of Ministerial
priorities. The changing context for
letting the JDGO “evolve” rather than Policy Statements (MPS). These
intelligence collection seems to point to
define too closely what is expected in cover activities such as collecting
a degree of overlap and convergence
the future. information lawfully from persons
over time of HUMINT and SIGINT as
without an intelligence warrant, or
While good progress has been made, sources of intelligence. At the very
requesting certain information from
there is not a clear overall vision on least it is “SIGINT enabled HUMINT”
other agencies. Ministerial Policy
what working together looks like or and vice versa. To make sense of
Statements also provide guidance
a joint plan on where the next steps information on a person or organisation
relating to cooperating with overseas
lie. The “cooperation plan” has been of interest requires bringing those
public authorities. All the mandatory
developed as a plan as you go rather streams of intelligence together. Doing
Ministerial Policy Statements were
than been a more purposeful exercise. that across the borders of separate
developed before the Act came into
They have taken opportunities as agencies contains risks.
force. Internal policies reflecting those
they have arisen. This creates an
The other elements of cooperation are MPS requirements are being worked
environment of uncertainty for staff
with New Zealand agencies such as through.
about what the journey ahead looks
NZ Police, Customs, Immigration and
like and what can be expected of them. In terms of other operational policies,
NZ Defence Force. While the feedback
the agencies have approached this
To date the prevailing view is that the in the interviews for the Review
as a joint exercise where applicable.
agencies will cooperate and will seek indicated much stronger relationships
Given the different operating
to make common service provision and joint working than had existed
environments it has taken time for
where it makes sense to do so. Each before, it was also acknowledged
each to be developed and consulted
function has been dealt with and that there is still some way to go. The
on with relevant staff.
assessed separately and sequentially. new Act’s requirements on sharing
The underlying framework tends of relevant information how that may
to reinforce the interests of each occur have helped create a stronger
separate agency first and then cooperation environment. Ministerial
cooperation as a secondary objective. expectations have also been
established on the management of
The alternative is to put the
information obtained by an intelligence
cooperation requirement the other way
agency.
around; the default position being that
Performance Improvement Framework – Follow-up Review for the NZIC 15You can also read
