Keeping Ireland cyber secure

March 2016

An overview of the National Cyber Security Strategy.

Launched in 2015, the National Cyber Security Strategy sets out the Government’s approach to facilitating the resilient, safe and secure operation of computer networks and associated infrastructure used by Irish citizens and businesses.

The development and proliferation of ICT has resulted in dramatic changes to the ways in which businesses operate. The growing use of these technologies has, to large extent, resulted in society becoming dependent on the ongoing operation and resilience of these systems.

A range of threats to the safe and secure operation of ICT networks has emerged in recent years, from a diverse set of sources. These threats can be loosely categorised as hacking, cybercrime, hacktivism and cyber espionage. Equally, reliance on these networks and systems had led to risks engendered by human error, software and equipment failures and even extreme weather events.

In 2013 the World Economic Forum identified cyber-related threats as one of the highest of all global risks from both the perspective of impact and likelihood. Any threat to resilience and security therefore requires a robust and coherent response, both nationally, at an EU level and internationally.

Cybersecurity is not simply limited to the application of technical solutions to improve the security of networks, devices or data. The strategy realises that such is the nature of the challenge that a diverse range of measure are required. The internet is described as a resource which all citizens can and should have access to and as an information-led society Irish citizens spend a lot of time online.

Presently, the digital economy contributes 5 per cent of Ireland’s national GDP and there are few sectors that do not rely on ICT for their operations. With nine of the top ten global software companies, all of the top ten global ICT companies and the top ten born on the internet companies possessing significant operations in Ireland protecting and sustaining that investment is vital. The strategy also recognises that potential for Ireland to become a cyber-security hub on the basis of the nascent cloud computing and big data sector that is currently developing in the State.

The sheer amount of data centric international companies present in Ireland makes an attack more likely and as such the potential for reputational damage is an important consideration. The strategy acknowledges that the threats to cyber security are numerous but claims that in a great number of cases, the risks to individuals, companies and the State are similar and can be mitigated by the application of the same response. This response includes good practice such as business continuity planning, keeping software up-to-date and ensuring that individuals are aware of the risks that arise online and are trained to deal with them.

Principles

The strategy’s guiding principles acknowledged the fact that the State cannot assume sole responsibility for protecting cyberspace and the rights of citizens online. The owners and operators of information and communication technology are primarily responsible for protecting their systems and the information of their customers.

The National Cyber Security Strategy details how the National Cyber Security Centre will engage its three primary areas of responsibility; government networks, personal and business systems and the protection of critical national infrastructure.

The strategy has a range of objectives, these are:

• to improve resilience and robustness of critical information infrastructure in crucial economic sectors, particularly in the public sector;

• to continue to engage with international partners and international organisations to ensure that cyber space remains open, secure, unitary and free and able to facilitate economic and social development;

• to raise awareness of the responsibilities of businesses and private individuals around securing networks, devices and information and to support them in this by means of information, training and voluntary codes of practice;

• to ensure the State has a comprehensive and flexible legal and regulatory framework to combat cybercrime by An Garda Síochána that is robust, proportionate and fair, and that accords due regard to the protection of sensitive or personal data;

• to ensure that the regulatory framework that applies to the holders of data, personal or otherwise is robust, proportionate and fair;

• to build capacity across public administrations and the private sector to engage fully in the emergency management of cyber incidents.

National Cyber Security Centre

To achieve these objectives the strategy has laid out plans for the establishment of the National Cyber Security Centre (NCSC). The centre will be established within the Department of Communications, Energy and Natural Resources and will engage in a comprehensive set of tasks around cyber security. Its primary focus will be on securing government networks, assisting industry and individuals in protecting their own systems and securing critical national infrastructure.

The NCSC will seek formal accreditation from the Government Computer Security Independent Response Team and from the National Computer Security Independent Response Team while also developing a limited capacity of industrial controls in the supervisory control and data acquisition (SCADA) systems.

The centre’s mandate will ensure that it provides an effective response when State attacks occur and that it establishes and maintains cooperative relationships with national and international partners. It is also tasked with ensuring the protection of critical information infrastructure and reducing the vulnerability of critical systems and networks within the State to incidents and cyber-attacks.

A series of measures to improve the network and information security used by Government departments and agencies, including a comprehensive reporting and escalation policy will also be introduced.

To ensure that small businesses and citizens are aware and prepared for the potential hazards that cyber-attacks can pose the Make IT secure website will be revised and a programme of structured exercises for critical national infrastructure owners and for public sector bodies, in partnership with international peers and the academic sector will be devised. The strategy also wants to see a culture of cyber security adopted across society and intends to ensure it happens through cooperation with the education system, with industry and through the promotion of events like European Cyber Security Month.

Relationships between departments and third level institutions such as the Centre for Cybersecurity and Cybercrime Investigation in University College Dublin will be strengthened through the use of Memoranda of Understanding in an effort to aid the sharing of knowledge, experience and best practice. The development of this relationship will also help support the developing research agenda in this sector.

With the strategy now in place it is expected that the National Cyber Security Centre will receive its accreditation and become fully operational shortly.

March 2016

Related Articles

Public sector 20 per cent remote working target

The cloud is transforming public services: Ireland is poised to lead by example

Transforming the future of digital public services

eInvoicing: Smart collaboration to drive adoption among suppliers