Cyber Security

Ireland's transport system among those at risk from cyber attack says major threat assessment

The National Cyber Risk Assessment 2022 warns that the ‘nature of the internet exposes the State to new and rapidly developing global threats’.

THE NATIONAL CYBER Security Centre has warned that cyber risks in areas such as healthcare and transport are “constantly evolving” and that stakeholders need to “keep pace with the evolving threat”. 

The Department of Communications today published the 2022 National Cyber Risk Assessment, which was led by the National Cyber Security Centre (NCSC).

The NCSC was founded in 2011 and is responsible for advising and informing Government, critical national infrastructure providers, business and the general public of current threats and vulnerabilities associated with network information security.

The 2022 report outlines the cyber security risks faced by Ireland and the measures required to strengthen cyber resilience.

The report warns that the “nature of the internet exposes the State to new and rapidly developing global threats”. 

It also notes that Ireland has become a technological base in recent years, meaning that an outage or incident here could have an impact on critical services across the EU or globally. 

The report also described digital threats as a “permanent fixture of today’s society” and added that the threat posed by criminals, as seen by the 2021 HSE cyber attack, “have remained “virtually the same”.

The report also outlines the need to protect critical national infrastructure, including the energy, financial services, healthcare, and transport sectors. 

The report said the NCSC has established close links with the EU and international peer organisations in order to “stay current with the current risk environment”. 

The NCSC tested its National Cyber Emergency Plan in November and said that these exercises will help “mitigate and manage risks”. 

Cyber threats to transport were described as a concern because of the growing reliance on cyber-based control, navigation, tracking, positioning and communications systems. 

The report also noted concern with the “ease at which malicious actors can exploit cyber systems serving transportation”. 

Potential risks include shutting down air traffic control systems, distorting the status of freight movement to create “general supply chain turmoil”, and “tainting” traffic control systems. 

The report also notes that issues with transport logistics can “quickly cascade into the wider economy” due to the globalised nature of trade. 

It’s also been noted that criminals can use a number of entry points to disrupt the healthcare sector, which can impact not only patients, but healthcare providers, insurers, and pharmaceutical manufacturers and providers. 

The report added that the “long term negative impacts” on patients due to missed or delayed appointments following the HSE cyber attack in 2021 “may not be known for several years”. 

The report also stressed “paramount importance” of protecting undersea cables, which are described as the “world’s information super-highways”.

But while “there has been much media commentary about the threat posed to undersea fibre cables”, the report said the “most immediate threat comes from more mundane sources” from natural phenomena like earthquakes and hurricanes. 

It adds that there is risk of accidental physical damage due to dredging, dumping, and commercial fishing. 

The report also noted the rise of “novel technologies such as Artificial Intelligence” and called for the education system to ensure that the demand can be met for skilled workers who understand the risks posed by these new technologies and how to manage them. 

While the risks posed are “evolving”, the report notes that some organisations are being successfully attacked using simple methods” and that “many incidents could have been prevented if basic measures had been implemented”. 

The report issued three key recommendations to build resilience and mitigate systemic cyber attacks. 

This includes “maximising the potential of current and upcoming statutory regulations to ensure operators of critical and important services embed appropriate and proportional cyber security measures”. 

The report notes that the upcoming Cyber Resilience Act will “place an emphasis on organisations to ensure services and products are created and delivered with embedded security from the outset”. 

The second recommendation includes the need to allow the Minister for Communications to “assess the risk profile of critical services” and the power to “designate certain vendors as being high-risk, with the power to direct that they may not be used”. 

The report has also called for the establishment of a Central Register of all essential and important entities in the State”. 

This National Registry will include up-to-date contact details, such as email addresses and telephone numbers, for all essential and important entities, though the “mechanism for gathering this information has yet to be decided”. 

Minister Eamon Ryan said today’s report “provides an invaluable insight into an ever-evolving geo-political and technological environment and protects against potential threats posed”. 

Your Voice
Readers Comments
This is YOUR comments community. Stay civil, stay constructive, stay on topic. Please familiarise yourself with our comments policy here before taking part.
Leave a Comment
    Submit a report
    Please help us understand how this comment violates our community guidelines.
    Thank you for the feedback
    Your feedback has been sent to our team for review.

    Leave a commentcancel