The Government has been urged to appoint a cybersecurity “tsar” to ensure the State is adequately prepared to deal with potential attacks.
The call by one of the State’s leading IT security experts comes amid growing concern Ireland could be caught off-guard by a cybersecurity attack, due to a lack of joined-up thinking on the issue and a failure to take threats seriously.
Currently the response to cyber threats lies across a number of bodies, with the Department of Communications, An Garda Síochána, the Defence Forces and the Department of Defence among those involved.
Brian Honan, an independent security consultant who has also served as a special adviser to Europol’s Cybercrime Centre (EC3), said a tsar with the authority and autonomy to ensure an effective cybersecurity strategy should be appointed as a matter of urgency.
“We need a coherent and centralised approach to protecting our nation rather than having responsibilities for various aspects of cybersecurity spread throughout different departments and agencies,” he said.
Mr Honan warned that cybersecurity was becoming more of an issue globally with data breaches, DDoS and ransomware attacks, financial scams and state-sponsored hacking incidents all on the rise.
As well as domestic considerations, the State is also responsible for the security of services provided across the EU by multinational companies who have their European headquarters located here. Mr Honan said that, given this, a cybersecurity attack could not only cause widespread disruption for businesses and public agencies, but would also lead to serious reputational damage.
“It is too critical for us as a nation, both from an economic and national security point of view, for [cybersecurity] to be left to individual government departments or businesses to look after,” said Mr Honan.
Mr Honan’s comments come just weeks after a report by the Comptroller and Auditor General revealed that a dedicated cybersecurity unit established to protect government and industry networks has no strategic plan and requires a review of its funding.
The National Cyber Security Centre (NCSC), based in UCD, was established in 2011 with a view to “securing critical national infrastructure”. However, the C&AG report into its operations found an oversight body set up to monitor its performance had not met since 2015.
Fianna Fáil has also recently urged the Government to take a more proactive approach to cybersecurity. Its defence spokesman, Jack Chambers, recently called for responsibility for the NCSC to be reassigned away from the Department of Communications.
“The Department of Defence should take ownership and control of this so it can develop a proper whole-of-government response to the area of cybersecurity as it becomes a serious national threat. It would compromise foreign direct investment if our national infrastructure were to be seriously undermined and there were to be an attack,” Mr Chambers.