Advertisement

We need your help now

Support from readers like you keeps The Journal open.

You are visiting us because we have something you value. Independent, unbiased news that tells the truth. Advertising revenue goes some way to support our mission, but this year it has not been enough.

If you've seen value in our reporting, please contribute what you can, so we can continue to produce accurate and meaningful journalism. For everyone who needs it.

Alamy Stock Photo
THE MORNING LEAD

Cyber Chief: Ireland's position in the world does not protect it from attacks by other countries

Dr Richard Browne gave an interview to The Journal this week on the work of Ireland’s National Cyber Security Centre.

ONE HUNDRED YEARS of a benign relationship with foreign powers has left Ireland vulnerable to cyber attacks, the State’s Cyber Chief has said.

It is rare to see National Cyber Security Centre director Dr Richard Browne out in public – the long term civil servant is notoriously secretive.

His journey to one of the most important jobs in Irish national security began in the early 2000s. Starting his career in the civil service.

Sources have said he very early identified cyber as a major area to focus on and at a time when it was a very niche interest.

He has worked at the NCSC since 2014 and took over as acting director in 2021. He took a short break from the organisation in 2020 when he went to work as the deputy head of the National Security Analysis Centre in the Taoiseach’s office. 

But in 2021 he returned to the NCSC as the HSE Cyber disaster put a new focus and acceptance from Government that cyber needed a more forceful attention.  

It is clear the challenges are myriad but a major revolution is taking place in Ireland around the digital landscape in the wake of the HSE attack.

Browne was working in the centre and said just the day before the HSE hack an attack on the Department of Health was thwarted. 

A team of specialists, led by Browne, including former members of the Defence Forces, gardaí and experts from the private sector are now leading the charge. 

In a rare event he sat down with The Journal at his Dublin office to discuss Ireland’s cyber security and how he and a relatively small team of experts inside the NCSC are working to secure Ireland’s online world. 

When we called to him he was quickly scoffing down a sandwich between meetings but in a wide ranging chat he spoke about the current risks and threats, how the war in Ukraine has reduced the likelihood of large scale cyber attacks across Europe and how his team are working to prevent future attacks on major infrastructure. 

From the outset he makes it clear that the biggest threat to Ireland’s cyber security, both on a national basis and across the business sector, is from criminal organisations. 

“Generally speaking it is safe to say the first one to note is that the seriousness of the risks have grown significantly, and that there’s an evolving criminal community who have developed an ecosystem to support ongoing criminal operations with increasingly sophisticated organizations.

“We’ve had globally in the last couple of years, this dramatic upsurge in sophisticated ransomware operations against states and have almost all been criminal in nature. But they can do huge damage to a country’s ability to provide services for citizens, we have an obvious example of it here, but we’re far and away, not the only one, or even not the biggest one,” he said.  

As previously reported by this website the HSE ransomware attack was perpetrated by a criminal organisation

The NCSC was formed in 2011 but the incident against the health service has seen a major investment in cyber defences. 

richardbrowne Richard Browne appearing before an Oireachtas Committee in March. Oireachtas.tv Oireachtas.tv

For Browne the moment when the penny dropped for the risk to Ireland’s security apparatus came with the annexing of Crimea by Russia in 2014.

During that period a major attack was launched by Russian specialists inside Ukraine by a Russian State backed group called Sandworm.

Sandworm, which is suspected to be a unit of the Russian state intelligence agency GRU, launched a blackout of the Ukrainian power grid in a devastating attack in 2015. 

Browne referenced this attack as a moment when it was proven that a so-called remote attack from an aggressive country can have a major impact.  

“If you look at it, the really significant Sandworm attacks in Ukraine, really marked the start of what has long been presupposed but was proven in concept in that period in Ukraine.

“It meant that it became very clear that remote destruction, remote termination of services was entirely possible for operational technology networks.

“So in other words, electricity grids or any kind of remote service provision. And that means that it is basically realised, in a very serious way, the risks to states regardless of where they sit on the globe,” he added. 

Historic benefit

Browne believes that Ireland’s historic benefit of its geographical position on the edge of Europe is now not a defence against bad actors.   

“We’ve long since benefited from the very benign external security environment, or the external threats facing the State have always been relatively remote in the first instance.

“We were always a second or third order targets, we were never really anybody’s primary target.

“But because of the way things have changed. The cost to an aggressor of mounting offensive actions of any kind against us has collapsed, it’s very easy to deal with or take aggressive steps against the State from anywhere in the world.

“So that changes the picture for us fundamentally,” he said. 

Browne sought to reassure readers however and said that the “resilience” of State organisations tasked with dealing with the threat has grown very rapidly in a short period of time over recent years. 

But like with any criminal behaviour the hackers have changed tack, he said. Now rather than targeting huge entities like the HSE they are now going after smaller organisations. 

On Wednesday, he said, there was a major ransomware attack in the UK. 

But Ireland has seen a shift in focus to smaller entities which have connections to the State.

In August The Journal reported on an attack in July on an engineering firm which has major State infrastructure projects.

“Instead, what’s happening is that the criminal actors have smaller targets, because it’s easier. 

“You know, it’s always a race, there’s always developments on both sides of offence and defence. And right now, it looks like the defensive world has gotten a little bit of an edge on things,” he added. 

The current threat landscape is graded in seriousness with the most likely being what he termed as low level “drive-bys” in which attackers just take a look at a system.

NCSC are able to see this and classify it accordingly. All incidents are classified from one through to six – with six being a full on assault. 

He said most of these attacks are low level but once a week there is a level four attack which are usually ransomware incidents. 

It is very rare, Browne said, that anything more serious happens but critically they take the method of each attack and they add that to their understanding of how these incidents are carried out by the attackers. 

Other countries are helping Ireland and feeding in information to the broader threat intelligence system. 

Victories

While there have been victories for NCSC and global organisations against ransomware it believes that as the hackers begin to refocus their activities it will become more complex. 

Browne believes that the single biggest threat to Ireland’s understanding of national security needs and risks is a culture built up due to its island status.  

“There has been a marked reaction from the State and from the private sector in recent times – so we haven’t been too far behind the curve.

“Importantly and this is a point that is really worth bearing in mind: we’ve never had a really difficult external security threat apart from a couple of months in 1940.

“And we have never really evolved out of the consciousness, or the institutional architecture, to deal with those kinds of issues in a really coherent way. The National Security Analysis Centre in the Taoiseach’s Department has changed that, obviously, to a substantial degree.

“What we’ve done in cyber, we’ve had to remake some of that,” he said.

In chatting to Browne it is clear this is a work in progress – he and his colleagues are building the capability.

He said a major recruitment drive for the organisation will see, by the end of the year, a staff of 50.

He then hopes, “with the budget going our way”, to continue to increase the capacity of NCSC to take on more and more security functions.

While he said that retention is a major issue in other parts of the national security apparatus his body has been given the power to set their own grades meaning their can pay competitive wage rates.  

Response

For much of its existence NCSC has been a cyber fire fighting division – responding to incidents. By 2016 they had established their Computer Security Incident Response Team. 

Since then there are other units being established to deal with other aspects of cyber security. 

This work has seen a focus on an engagement team, a project management office and a capability development unit which works with various sectors such as academia, private sector and other experts to build an up to date understanding of the cyber security ecosystem. 

Browne said there has been a major development in the broader private sector in Ireland with 7,000 jobs.

He said this continued focus on these high paid private sector posts is “not a given” so bodies such as Cyber Ireland, of which Browne is a board member, are working to ensure that constant development is done to continue its growth. 

“The organisation is not just putting more people into the same teams. Yes we’re doing that but also expanding the number of teams and the types of things we’re doing,” he explained. 

A major part of the strategy to deal with the threat is a team focused on certification – Browne said the protection of core national infrastructure is only one part of protecting the State. 

The work of this unit will see a creation of a national standard for all IT goods and products which, by law, would have to meet a certain standard. 

“It is a systematic certification system in the same way as you’d get your fire security cert for a building.

“That’s a big step for us and it professionalises IT security across the State,” he said. 

In 2019 a strategy document set out a Joint Security Operations Centre – a mission control for all the response work of the NCSC. 

“It is a single pane of glass approach that allows us to work and manage the risks, the threats, and actually manage live from the Security Operations Centre,” he said. 

previously-unreleased-photo-dated-080911-of-a-view-of-the-global-operations-security-control-centre-which-is-responsible-for-protecting-the-militarys-networks-worldwide-from-cyber-attacks-press-a A view of the Global Operations Security Control Centre, which is responsible for protecting the British military's networks worldwide from cyber attacks. Alamy Stock Photo Alamy Stock Photo

Browne revealed that the NCSC are set to occupy a temporary centre which has been designed to their specifications shortly but the full facility will be ready next year in Johnson House, located in the Beggars Bush area of Dublin. 

The design for the base has been informed by making visits to US and European JSOC facilities and all services associated with cyber in the State will be centred there. 

To govern all that, Browne said, there will be a new National Cyber Emergency Plan which will be tested in the Autumn during a series of exercises. 

Browne said there has been a lot of cyber based espionage activity across Europe. He said, without identifying the main perpetrators, as two countries. 

The cyber chief said there was a recent incident in Albania in which the Iranians attacked that country in response to a specific incident.

Critically, despite all these activities, the war in Ukraine has had one major impact – the State actors have stopped attacking targets to prevent a major break out of hostilities.

Browne said Ukraine has received major assistance in securing their networks from major IT firms and this has also assisted them to counter attacks linked to the war. 

It is clear there is a lot going on in the NCSC but Browne does not believe the tasks have been difficult but stresses that it has been a challenging time.

“We’ve had to do a huge amount very quickly and that’s never easy, obviously, in any organisation. And we’ve done everything from legislation to building security standards to building essentially a new organization in the course of a couple of years. And that’s always going to be challenging.

“Right now we have, we’ve kind of reached a phase of maturity, where we can grow quickly, because you have the systems, we have the management structure, we have the people, very soon we have the property to actually make that all stick.

“So it’s a great time, because things we’ve worked for collectively, many of us for many years are now happening and happening in a real tangible way,” he said.