Ireland’s National Cyber Security Centre (NCSC) has been providing “non-lethal aid” to Ukraine amid the ongoing Russian invasion, TDs and Senators have been told.
Dr Richard Browne, the director of the NCSC, said the assistance has been given in “significant volumes” and “helping Ukraine helps us better protect the people of Ireland.”
The Government has repeatedly outlined that Ireland is militarily neutral but not politically neutral when it comes to the war in Ukraine.
Ireland has provided other non-lethal assistance in the form of funding for body armour, medical supplies and rations.
Mr Browne’s remarks came during an appearance at the Oireachtas Committee on Foreign Affairs.
He said a number of things have become evident since the Russian invasion of Ukraine including how “cyber remains a key tool in the armoury of any State wishing to conduct offensive military action.”
He said the attacks have been “largely inconsequential” in part because the Ukrainians were ready for them.
Mr Browne also said: “the Ukrainians have also benefited from massive external support ... on a global basis, including from NCSC.”
[ How the HSE cyber attack changed the face of online crime globallyOpens in new window ]
[ Almost one in five Irish firms hit by cyber attack or data breach in 2022Opens in new window ]
In response to a question from Independent TD Cathal Berry, Mr Browne said he would not “go into all of the details of what we’ve been doing”.
He said “like a lot of European Member States we’ve provided – in our case – non-lethal aid in significant volumes to Ukraine across the full range of governmental functions and we’ll continue to do that.”
Mr Browne said “leaving aside our moral responsibility” to help, Ireland learns much from what is happening in Ukraine.
He said the NCSC get details of the “indicators of compromise” – which help to identify new cyber threats – and “we get to understand exactly what tactics are being used right now”.
He added: “If it happens in Ukraine on any given day, we’ll know the following day exactly what happened. That’s really, really useful.”
Pat Larkin, chief executive of Ward Solutions and the chairman of Cyber Ireland – of which the NCSC is a member – described the Irish cyber assistance to Ukraine as “pragmatic”.
He said it is “hard to quantify” if it increases cyber risks to Ireland emanating from Russia but said: “You’ve got to think that anybody [who is] politically aligned to Ukraine does face that risk.”
However, he said effective cyber protection requires strong co-operation at national and international level and he pointed out that organisations in Ireland – both governmental and commercial – were already facing frequent cyber attacks.
Mr Larkin added: “For me it makes perfect sense to do this because the benefits far outweigh any of the risks.”
Brian Honan of BH Consulting said: “I don’t see this posing any additional risk to Ireland’s cyber security.”
He added: “Our biggest risk is being the ‘data centre for Europe’ ... This makes Ireland a potential target for hostile nation states such as Russia.”
However, he said the “current risk remains low” while advising organisations to ensure they have “appropriate and detective cyber security measures in place”.
The NCSC was at the forefront of Ireland’s response to the devastating ransomware attack on the Health Service Executive (HSE) which caused huge disruption to patient services in May 2021.
Mr Browne told the committee that ransomware is “the most pressing risk to services, businesses and infrastructure” while saying none of the international criminal groups involved in such attacks are “unbeatable”.
He said there are some reasons for “guarded optimism” due to better international co-operation and because it appears that the percentage of victims paying ransoms continues to fall.
Ireland refused to pay a $20 million (€16.7million) ransom after the HSE was targeted in 2021 and a decryption key was ultimately provided by the hackers without payment.
Mr Browne also flagged the massive changes expected to be brought about by artificial intelligence (AI) which he said is “at least the single most important technological development since the internet, and it may well turn out to be more important than that”.
He said that the tools will be “extremely powerful” – including for security – and the NCSC will have guidance on AI available for public servants in the coming weeks. He said of AI: “very bluntly it is a whole-of-Government challenge.”
The committee heard that staff levels at the NCSC has increased from 25 to 52 over the last year with a further ten people to be hired in 2023.
Mr Browne said he hopes that staff numbers will “substantially surpass 70 next year”.