Naughten signs orders to protect essential services from cyberattack

Data Summit told of need to focus on benefits for end user in big data and AI innovations

Minister for Communications Denis Naughten at the Data Summit conference, in Croke Park, Dublin. Photograph: Dara Mac Dónaill
Minister for Communications Denis Naughten at the Data Summit conference, in Croke Park, Dublin. Photograph: Dara Mac Dónaill

The Minister for Communications, Denis Naughten, has signed orders aimed at securing critical national infrastructure in the event of a cybersecurity attack.

The EU regulations require governments to designate so-called “operators of essential services” who will be required to put special security and reporting measures in place to guard against hacking and cyber attacks.

They are likely to include all the key transport operators, certain local authorities, energy providers and other organisations. However, Mr Naughten’s department has declined to release a full list of the operators under the Freedom of Information Act.

Member states were required to transpose the Network and Information Systems Directive into national laws by May 9th this year and identify the operators of essential services by November 9th.

READ SOME MORE

Speaking at Data Summit 2018 at Croke Park, Dublin, on Wednesday, Mr Naughten said his department had been "ramping up resources" to deal with the directive over the last two years in order to deal with "the growing threat of cyber security".

Protections

He said the services could include those such as the transport system in Dublin in relation to traffic lights, air traffic control at Dublin Airport and Eirgrid.

"What Europe as a whole has been doing is to have a uniform standard across Europe in relation to putting protections in place to stop those threats becoming a reality because the difficulty is that when you attack one part of the system, you attack the whole system. We have seen that with the WannaCry attack where it started in Eastern Europe and spread across Europe," he said.

The summit was aimed at showcasing the Irish Government’s “determination to stay at the forefront of data and digital related developments and to initiate a dialogue on their ever-expanding role in modern society”.

In his keynote address to the invitation-only event, Mr Naughten said that as we began to exploit big data and artificial intelligence, we needed to focus on the benefits for the end user.

Dale Sunderland, Data Protection Commission; Cecilia Bonefeld-Dahl, director general of Digital Europe; Dr Robert Viola, director general of Connect and Prof. Christopher Millard, Queen Mary University, London, during an open panel discussion at the Data Summit in Croke Park. Photograph: Dara Mac Dónaill
Dale Sunderland, Data Protection Commission; Cecilia Bonefeld-Dahl, director general of Digital Europe; Dr Robert Viola, director general of Connect and Prof. Christopher Millard, Queen Mary University, London, during an open panel discussion at the Data Summit in Croke Park. Photograph: Dara Mac Dónaill

Lack of consumer acceptance for the innovation of genetic modification in agriculture could not be allowed to happen with big data and AI, which had “huge potential” to improve the quality of life for people across the country and across the globe, he said.

Deputy data protection commissioner Dale Sunderland told summit attendees there was an "urgent need" to map out the "values framework" and the boundaries of what was considered the ethical use of personal data in areas such as artificial intelligence and machine learning.

“These really are challenges that require a committed and determined response from all stakeholders, not just data protection regulators, but indeed governments, policymakers, legislators and industry,” he said.

Mr Sunderland said that if society was to decide that some sort of throttle was to be placed on harmful future developments, this could only be achieved by governments and policymakers and could not be left to regulators.

Complaints

He added that the Data Protection Commission’s current focus was on the application of the General Data Protection Regulation to free internet services and on how current business models and practices fit within that context.

It was working on a number of complaints about such services filed by NGOs following the coming into effect of the EU General Data Protection Regulation in May.

“We are working through those complaints very systematically and carefully and we will make decisions on those cases in the coming months,” he said.

John Frank, vice president of EU government affairs with Microsoft, told a panel on law enforcement access to personal data that he welcomed the Irish Government's decision to opt in to a proposed new "e-evidence" regime the European Commission is currently working on.

Mr Frank said law enforcement access to personal data was “not a new problem”. But he said facilitating such access in the context of a pan-European system with different legislative models, and the question of when the authorities could “reach across borders” to obtain data while also protecting the fundamental right to privacy was a complex one.

The partners for the event, the second organised by the Government, included Facebook, Google, Microsoft and LinkedIn. Legal firms Arthur Cox, Pinsent Masons, William Fry also were also partners, along with Science Foundation Ireland and IDA Ireland.