The State’s national cyber security centre has embarked on a major recruitment campaign for experts who will help protect critical national infrastructure such as electricity, water, ports, airports and hospitals from potentially crippling cyber attacks.
Minister of State for Digital Development Seán Kyne said new staff members had just joined the National Cyber Security Centre (NCSC) and that a further campaign was planned for later in the year.
Together with the Computer Security Incident Response Team (CSIRT), the NCSC has responsibility for the State’s cyber security defences.
Mr Kyne said recruitment would not be a simple task, that the skills required were in high demand globally, and particularly in Ireland due to the companies based here.
“We expect recruitment to be a challenge, but the recent campaign has shown that there are skilled, experienced people who want to work for the State,” he said.
Speaking at an event at the Institute of International and European Affairs in Dublin, Mr Kyne noted the cyber security centre would have a key role in a new quasi-regulatory approach to protecting critical infrastructure when a new EU directive was implemented.
The Security of Network and Information Systems Directive (NIS) must be transposed into Irish law by May next year.
Once treated as a “fringe concern”, cyber security had evolved into a critical concern of governments throughout the EU and the wider world. While he was constrained when it came to speaking about the work of the NCSC from an operational perspective, Mr Kyne said Ireland had “not been found wanting” in this area.
Mr Kyne said his officials were working on the new national cyber security strategy and it was his intention to invite experts from industry and academia to assist.
"The importance of safeguarding critical national infrastructure is self-evident in the context of WannaCry's crippling of National Health Service networks last May or the spate of cyber-attacks on electricity supply in Ukraine which have plunged Kiev into darkness on several occasions in recent years," the minister said.
Mr Kyne said the NCSC would first be focused on Government departments and national infrastructure before moving its focus towards SMEs and the individual.
Attack ‘unfortunately real’
He said the directive marked “a step change in the manner in which the State engages in cyber security, marking a shift to a legally binding, quasi-regulatory style system for certain critical infrastructure operators and so-called digital service providers”.
Key firms and utilities will be designated as ‘operators of essential services’ under the directive, with binding security and incident reporting requirements if they are attacked or have serious security incidents.
In addition, the directive requires ‘digital service providers’ - such as online retailers, search engines and cloud computing services to take measures to manage security risks.
Mr Kyne said the potential for cyber-attacks and so-called ransomware attacks in the so-called Internet of Things environment was “unfortunately real”.
“The issue of cybersecurity has never been too far from the headlines in recent months. From successive ransomware attacks such as WannaCry to the interference with the democratic process in the United States and France, a climate of uncertainty now exists with respect to the use of technologies which have become integral to the way we do business, socialise and to a large extent, live, in the 21st century,” he said.
He noted successive waves of malware meant cyber security experts in both private and public sectors were “playing a perpetual game of catch-up” with the hackers.