Subscriber OnlyPolitics

Ireland faces far greater cyberattack risk over next two years, security centre warns

‘Significantly heightened geopolitical risk’ multiplies likelihood of danger as plan outlining how cyber threats will be declared, managed and co-ordinated is published

Cyber Risk Assessment
A National Cyber Risk Assessment published last year flags espionage as among the key risks facing the State. Assistant Garda Commissioner Michael McElgunn says Russia is one of a handful of countries believed to be involved in spying activities in Ireland. Illustration: Paul Scott

There is a “far greater” risk of significant cyberattacks in Ireland in the next two years than in previous times, the head of Ireland’s National Cyber Security Centre has said.

The centre’s director, Richard Browne, has warned that the risks have multiplied and there is a “significantly heightened geopolitical risk” at the moment.

The NCSC will on Tuesday publish the State’s first publicly available National Cyber Emergency Plan outlining how such events will be declared, managed and co-ordinated.

Mr Browne said there was a “reasonable assumption” the plan would be used “more and more” in the next two years, a period in which the NCSC felt it had a “reasonably good understanding” of the risks faced.

READ MORE

Russia among handful of countries believed to be spying in Ireland, senior Garda saysOpens in new window ]

“Cyber incidents can arise in a very wide range of ways because of the pervasive nature of the technology, so we have to be able to be flexible and to adjust to whatever comes our way,” he said.

A National Cyber Risk Assessment published last year flags espionage as among the key risks facing the State. Over the weekend, Assistant Garda Commissioner Michael McElgunn said that Russia was one of a handful of countries believed to be involved in spying activities in Ireland.

Microsoft hit by new Azure outage that started as DDoS cyberattackOpens in new window ]

The emergency plan consists of three different levels – a permanent mode, which relates to the normal course of business; a warning mode; and then a full activation mode. Similar versions of the plan have been developed and disseminated within the Government and State bodies but never published before.

It is understood that the State has gone to “warning mode” on a number of occasions, but these have not been publicly disclosed. A full activation has never taken place, although officials believe such a step would have been taken for the 2021 Health Service Executive cyberattack had a plan been in place at the time.

The plan has been rehearsed twice, it is understood, in testing exercises focused on energy and transport infrastructure – specifically ports – and in EU and Nato exercises, and will be continually updated.

It contains a framework for how a cyber emergency will be handled through a National Emergency Co-ordination Group, and, if required, moving to a full activation – which can also be triggered at an earlier stage if deemed appropriate. Parallel processes which are not public exist within the State’s national security apparatus.

Arts Council unable to display collection online after cyberattackOpens in new window ]

Cyber threats can emerge from a wide range of sources, move across different sectors, have different causes and can have impacts outside the online or technological space, including political or trade consequences, Mr Browne warned.

“I think there is a far greater risk of significant cyberattack from a number of different sources,” he said . “We’ve got a far heightened geopolitical risk in Europe… and these are real challenges.”

The centre, he said, was “dealing with incidents across the spectrum – criminal, national security and otherwise – on a regular basis.

HSE cyber attack: More than 470 legal proceedings issued against health service after ransomware hitOpens in new window ]

“This is because of these heightened risks. There are real reasons why we’re doing this.”

A range of different types of threats have been identified as having the potential to trigger the plan, including disruption to the accessibility of data or information systems, sabotage, data manipulation or threat, system manipulation or failure of systems due to technical difficulties, natural causes or human error.

The NCSC draws on the EU-wide Cyber Crisis Liaison Organisation and on Nato information-sharing networks alongside its domestic monitoring activities and intelligence gathering.

Jack Horgan-Jones

Jack Horgan-Jones

Jack Horgan-Jones is a Political Correspondent with The Irish Times