MAY 2021 SAW the largest ever known attack on a health service anywhere in the world. As the Health Service Executive continued to battle the Covid pandemic, its IT systems went down causing the cancellation of thousands of appointments.
This had profound implications for every one of those patients impacted and their families. It is not an exaggeration to say that the health of so many was put at risk and we don’t know the full effect of those cancellations and delays.
When I raised in the Seanad on 24 November the cost and implications of the attack, it was revealed that at that stage, it had cost at least €37.5 million had been spent on the ICT costs alone.
In December, we also saw a cyberattack on the Coombe Hospital, but it was one of many organisations targeted here in the last year. A Grant Thornton Report estimated that cybercrime is costing Ireland about €9.6 billion now annually. To put that in context, the Government’s Capital Building Programme for 2022 (the largest ever) is just slightly more, at €10 billion.
These attacks are going to likely to grow and become more common. Universities, government departments and agencies, businesses and non-governmental organisations are all being targeted by these criminals and terrorists.
I am quite frustrated that we don’t appear to take the issues of data protection and cybersecurity sufficiently seriously, and we are not adequately resourcing the agencies that are tasked with dealing with this area.
Underestimating the risk
As we move more of our personal details, financial transactions and indeed, almost all aspects of our lives into the digital space, we need to ensure that those tasked with regulating and policing and protecting have sufficient teeth and backup to do so.
There are welcome moves by Government to significantly increase resourcing for the National Cyber Security Centre: the National Development Plan provides for an increase in staff numbers from 25 to 70 over a five year period.
An Garda Síochána has made positive steps in establishing dedicated cybercrime teams. But as we have seen with the Office of the Data Protection Commissioner, we are underestimating the scale of the challenges with which we have to deal.
Many of the battles of the future will be fought out in cyberspace rather than with boots on the ground and we need to ensure that Ireland is well equipped to be able to deal with any attack.
Some of the attacks will simply be from mercenary criminals.
But these attacks could easily come from State-sponsored actors who may wish to disrupt aspects of Irish society or the economy to either send a message or for financial gain. I do not believe it far fetched that if Ireland took a particularly strong line on an issue at the UN Security Council for instance in the future, that there would not be an effort to impact on some critical infrastructure here.
In July, Australia, the European Union, the United Kingdom, the United States and others all warned of Chinese engagement in cyber intellectual property theft. There have also been well-publicised concerns about foreign government attempts at interference in elections in democratic countries.
Ireland on our own will not be capable of dealing with external threats. Our foreign policy has always been based on multilateralism and on supporting global progress through co-operation and multilateral organisations. We should be rightly proud of being the only country to have taken part in every UN peacekeeping mission since they began over 60 years ago.
We need to engage at a regional and international level in facing down the threat of cybercrime and cyberterrorism.
Future-proofing
PESCO (Permanent Structured Cooperation) was established in 2017 as part of the European Union’s Common Security and Defence Policy. Its purpose is to provide a “legal framework to jointly plan, develop and invest in shared capability projects, and enhance the operational readiness and contribution of armed forces.”
Member States can opt into any of the joint projects, which includes common training for defence forces.
It has no input into our domestic defence or foreign policy positions. We remain a non-aligned country and we are not members of the North Atlantic Treaty Organisation (though in the context of any future discussions on a Shared Island, that issue will be on the table and we will have to have that debate). The deployment of any Irish troops on any mission requires the ‘triple lock’ of UN authorisation, Government sanction and Dáil approval.
Ireland is a member of PESCO, but perhaps the least active in the range of joint projects in which member states are engaged.
I strongly believe that Ireland should take an active part in all of the joint initiatives currently being undertaken or planned to develop a common European response to cyber attacks and the breaches of cybersecurity. We should take the lead on cyber peacekeeping.
This is a critical issue of national security and defence. We need to have a properly resourced National Cyber Security Centre, but we also need to cooperate with fellow democracies through the European Union and PESCO to jointly resist cyber attacks and cybercrime.
The attack on the HSE this year was a terrorist attack and we have to treat it as such. We cannot be neutral when our essential infrastructure is being undermined.
Malcolm Byrne is a Fianna Fáil Senator.
To embed this post, copy the code below on your site
have your say