HSE ransomware attack may cost lives, warns Coveney

Minister denies SF claim that Defence Forces cyberattack readiness ‘undermined’ by cuts

The Minister for Defence said the primary cybersecurity role of the Defence Forces was the protection of its own networks and systems. File photograph: Getty
The Minister for Defence said the primary cybersecurity role of the Defence Forces was the protection of its own networks and systems. File photograph: Getty

Lives will be lost within the Irish health sector if the attack on the Health Service Executive and the fallout from it is not managed properly, according to Fine Gael Minister for Defence Simon Coveney.

He has also disputed claims by Sinn Féin that cyberdefence capabilities within the Defence Forces had been neglected due to the large number of vacancies in the area, thus "savagely undermining" the military's ability to guard against attacks like that under way against the HSE.

But he warned there were "attacks" on the IT systems of both the HSE and Department of Health "that if, we don't manage really well, will result in a loss of life as well as huge inconvenience" for patients.

“Hospitals trying to manage a pandemic . . . now being faced with this [cyberattack] is hugely demanding,” he said, adding that the Defence Forces “have a lot of good expertise” in the area of cybersecurity.

READ SOME MORE

However, the primary cybersecurity role of the Defence Forces was the protection of its own networks and systems. It “was not true to say” that cybersecurity staffing was down by one-third, as claimed by Sinn Féin, though Mr Coveney accepted there were “some vacancies” in the Communications and Information Services Corps.

There were also some personnel on secondment in Estonia at the European Centre for Cyber Security Response, but military cybersecurity expertise was "embedded" in the HSE's and Department of Health's response to the ransomware attack by Russian-speaking hackers demanding $20 million.

Mr Coveney was speaking at a heading of the Oireachtas Committee on Foreign Affairs and Defence on Thursday afternoon.

Committee member John Brady TD (SF) had put it to Mr Coveney that the Communications and Information Services Corps were the experts in dealing with the kind of cyberattack now under way against the HSE but had witnessed "massive cuts" in recent years.

Effect of the cuts

This included, he said, the “loss of a whole company, which includes 50 personnel” and the “unit is working one-third below strength”. And those cuts had “savagely undermined the capacity within the Defence Forces to assist in the defence of our country against these types of cyberattacks”.

Mr Brady said the Defence Forces representative associations should be allowed to affiliate with Irish Congress of Trade Unions (Ictu) and allowances should be increased as it had proven so hard to retain military personnel and to recruitment new members. While a commission was now considering the future of the Defence Forces, he did not believe "the political will" existed within Government to acting on the recommendations from that review.

Mr Coveney said he had an “open mind” on whether PDforra should be allowed to affiliate with Ictu, adding there were different views on it within the Defence Forces.

He also accepted there was an issue with recruitment into the Naval Service, that “ships have been tied up that should have been going to sea”. But he insisted this was being “fixed” with a plan to bolster numbers within the Navy.

However, he said some of the days at sea that were lost last year arose because personnel were diverted to aid the State response to Covid-19 as it had been deemed a higher priority than fisheries patrols. In the longer term the Government was examining the decommissioning of some vessels and investing in others that required few personnel to crew them.

Conor Lally

Conor Lally

Conor Lally is Security and Crime Editor of The Irish Times