New Zealand’s Security Threat Environment

New Zealand's Security Threat Environment 2025

An assessment by the New Zealand Security Intelligence Service.

New Zealand’s espionage environment

Espionage is an ongoing threat to New Zealand’s national security that is directed against organisations in both the private and public sector.

Global competition and insecurity drive the majority of espionage activity against New Zealand. The NZSIS has seen multiple examples of states seeking covert access to information on Government policy positions, security partnerships, technological innovations and research.

Despite our size, New Zealand is seen as a strategically important location, both due to our relationships across the Pacific and as a gateway to the Antarctic. New Zealand is also home to an increasing number of innovators producing niche technology that is targeted by foreign states.

It is almost certain there has been espionage activity from foreign states in New Zealand that has gone undetected. The NZSIS has had some disruptive success, but there is continued targeting of New Zealand’s critical organisations, infrastructure and technology.

The majority of intelligence collection against New Zealand likely occurs through cyber exploitation, however individuals within organisations can be a point of vulnerability. Significant damage can be caused to New Zealand’s national interests if even a small number of trusted insiders are compromised.

The states carrying out espionage against us are sophisticated. It is not just intelligence officers conducting this activity. Some governments take a ‘whole of state approach’ to intelligence gathering, which includes utilising businesses, universities, think tanks, or cyber actors to act on their behalf.

Espionage is inherently covert and difficult to detect. Public and private sector organisations are strongly encouraged to report suspicious activity to the NZSIS. Robust security practices are important too.

Intelligence activity targeting critical infrastructure

Infrastructure becomes critical when it is considered essential for New Zealanders’ security, wellbeing and economic prosperity. This includes businesses in sectors such as telecommunication networks, water services, ports, emergency services, and financial services.

Some foreign states seek access to, or control of, critical infrastructure assets. Suppliers or service providers to these assets can also be targeted due to the amount of harm that can be caused. Access or control could be gained, for example, by creating physical or remote entry points to key assets for later exploitation, creating supply chain dependencies, or compromising significant and sensitive data sets.

The significant harm comes not only for the business who owns or operates the asset, but compromise can lead to major consequences for New Zealanders who interact with or depend on the service provided.

It pays for owners and operators of critical infrastructure to closely consider how security risks are managed around access and control over their infrastructure.

Espionage refers to various intelligence activities involving the clandestine collection of information or materials for the purpose of gaining advantage over a rival.

Technology acquisition

Some foreign states attempt to advance their technology requirements through covert or deceptive activity that can come at the expense of New Zealand’s economic prospects and national security.

Heightened global strategic competition and regional security threats have meant a number of foreign states are looking to improve their military and economic standing through espionage.

There are multiple states seeking to target New Zealand’s innovative technology through espionage, although those with authoritarian regimes pose a particular threat.

What are they targeting?

Innovative technologies

New Zealand has a range of sectors working on innovative and important technologies that would be of interest to a foreign state. Any exploitation could prevent local companies from extracting full economic value from their innovation, but it could also undermine our national security. Often technology that is targeted by foreign states is identified for a military purpose even if that was not the creator’s intention.

Foreign states also seek technology that can provide them with advantages in a range of other sectors outside of the military.

Governments rely on economic prosperity as a way to maintain their legitimacy with their own populations. Being ahead of the game on technology helps to maintain a good standard of living and economic growth.

Some foreign states are willing to engage in espionage when innovative sectors within these states struggle to develop certain technologies. They may turn to espionage to gain the capabilities that can be used in their militaries and to generate economic opportunities at the expense of the original creator.

CASE STUDY

Basic due diligence prevented a New Zealand technology company being subject to activity that could have damaged New Zealand’s interests.

While engaging with a potential new customer, the company did some research and found links to Iran that were concerning and had not been disclosed. The company made the decision to stop further engagement and prevented a probable attempt to obtain access to the business’s technology. In this case, good security practice avoided credible risks to the business’s reputation and its competitive advantage. 

Dual-use technology

How could your tech be used?

Often foreign states are targeting technology with both civilian and military applications, or ‘dual use’. It has become increasingly difficult to categorise technology as dual use due to the fact that technological advances mean that a much broader range of products can now be used for military purposes, even if this is not always immediately apparent to their creators.

Foreign national security laws

The PRC’s national security legislation is a risk that should be managed by New Zealand businesses that have relationships with China-based entities.

The legislation creates a legal requirement for individuals and organisations in China to comply with requests from the PRC’s security services. This could include providing authorities with access to data and systems, or sharing intellectual property.

New Zealand businesses should not feel as though they cannot engage with entities in China. The NZSIS recommends they should be conscious and deliberate about what information and control is at risk through that engagement.

PROTECTIVE SECURITY ADVICE

Conduct a due diligence assessment of the risks associated with any business, research or investment decision with a potential new partner or collaborator, to:

  • Identify any foreign interference or espionage risks that may stem from your engagement
  • Manage and mitigate identified risks to ensure your people, information, and organisation stay protected.

For more info, visit: 

Due Diligence Assessments [PDF, 2.9 MB]

Targeting methods

Exploitation can happen under a number of guises:

Cover companies

NZSIS analysts have seen states use ‘cover companies’ which are designed to conceal the end-user of a piece of technology or research. These entities are often based offshore in third party countries that would not raise immediate concerns. Cover companies can provide a way for foreign states to circumvent export restrictions, trade sanctions and more generally conceal their involvement in commercial activity.

Investment

Some foreign states seek to gain access to technology by investing in a company of interest to them, or by becoming part of its supply chain. This sometimes involves the use of a cover company to obfuscate the origin of the investment. This can allow the foreign actor to gain access to the technology itself, or to individuals with experience in its development. The foreign actor may also be able to influence decisions around the technology’s use or development.

Research and collaboration

Becoming involved at the research and development stage of a sensitive or emerging technology is an easier avenue for foreign states to gain access to innovation and research. Here a foreign state can exploit legitimate academic or research exchange rather than covert espionage activity to achieve their aims.

Academic spaces and research institutes are often open and collaborative in nature and also frequently experiencing funding challenges. This environment makes it easy for foreign states to access and exploit research through offers of financial support
or collaboration.

Some foreign states use their domestic universities as development hubs for dual-use technology which is then implemented into their military or intelligence capabilities. New Zealand-based researchers have previously collaborated with some of these universities, perhaps without knowing the intended end use.

PROTECTIVE SECURITY ADVICE

The NZSIS and the National Cyber Security Centre worked with their Five Eyes partners to develop a set of principles to help frame thinking within organisations about how to protect innovation:

  • Know the threats – understand the potential vulnerabilities that might put your product or innovation at risk.
  • Secure your business environment – create clear lines of ownership around the management of security risks in a business. Appoint a security lead at board level who factors security considerations into decisions and initiatives.
  • Secure your products – build security into the front end of your products by design. This will help protect your IP, make your products more marketable and ensure your products don’t become a supply chain vulnerability.
  • Secure your partnerships – make sure the people you collaborate with are who they say they are and can be trusted with your company’s IP.
  • Secure your growth – be aware of security risks as you expand, such as hiring new people into positions of trust and managing risk around entering new markets.

For more info, visit:

Secure Innovation

View all

Table of contents