Data centers and jobs at the top of the agenda

The Irish government has released a five-year plan to improve the country’s cybersecurity resilience in the face of increased threats.

A leading cybersecurity expert, however, has expressed misgivings that the strategy is too heavily geared towards the public sector and large data centers rather than offering support to local businesses within Ireland.

The National Cyber Security Strategy 2019-2024 (PDF) lays out a roadmap for further development of Ireland’s National Cyber Security Centre (NCSC), as well as a series of measures to better protect government systems and components of the country’s critical national infrastructure (CNI).

Elements of the critical national infrastructure given a protection priority by the Irish state already cover energy, transport, drinking water, banking, financial markets, and healthcare – as suggested by the EU Network and Information Security Directive (NIS Directive) of 2016.

Over the next five years, the electoral system and higher education will be added to Ireland’s CNI roster.

But Dublin-based infosec consultant Brian Honan, a former special advisor on cybersecurity to Europol, told The Daily Swig that the strategy was incomplete because it failed to lay out much of a plan for private sector involvement.

“I am disappointed that the strategy, while titled a National Cyber Security Strategy, seems to pay little or no attention to the indigenous private sector within Ireland,” Honan explained.

“Instead, the focus of the strategy is primarily geared towards the public sector, those organizations covered by the EU Network Information Security (NIS) Directive, and the larger data providers located in Ireland.”

The latest strategy has recognized that Ireland's role in hosting the data centers of many of the world’s leading tech firms has assisted in developing the technological base of its economy.

This factor, combined with the evolution of cloud computing, makes the protection of data centers a higher priority, the strategy states.

“Given the reliance the Irish economy has on the indigenous private sector, and in particular the SME organizations within that sector, I had hoped to see more focus on what supports and initiatives would be introduced for that sector,” Honan said.

Action plan

Other elements of the 20-point action plan that form the backbone of the strategy include plans to increase threat sharing and sharing best practice between organizations within Ireland’s critical national infrastructure and beyond.

Aspects of the strategy additionally look to bolster research efforts in cybersecurity, collaboration between business and academia, and skills development to address anticipated demand for cybersecurity jobs in the sector.

More than 6,500 people are already employed in Ireland’s cybersecurity sector, a figure the Irish government is looking to increase over the next five years.

READ MORE Canada plans revamp of its data privacy law

“Despite an increased level of awareness, cybercrime incidents in Ireland are increasing with 61% of Irish organizations reported to have suffered cybercrime such as fraud in the last two years with an estimated loss on average of €3.1 ($3.5) million,” the strategy notes.

The strategy, published by the Irish government’s Department of Communications, further states that the NCSC was involved in a number of serious cybersecurity incidents in 2016 and 2017 that highlighted shortcomings in Ireland’s existing strategy, first published in 2015.

More specifically the incident management process for WannaCry and NotPetya – ransomware incidents that affected organizations across the globe – emphasized the importance of threat sharing as well as “the centrality of cybersecurity to the key security challenges facing the State, and of the need for ongoing and close cooperation with the State’s security services on operational matters”.

Honan, who recognized the publication of the new strategy as a step forward, also expressed concerns related to adequate funding, necessary to implementing its stated objectives in full. 

RELATED Luck of the Irish? Study highlights lacklustre security policies on the Emerald Isle

“As with all strategies if senior support is not available then that strategy is doomed to fail,” he warned.

“I certainly hope that the Irish government will provide the NCSC with the appropriate funding, personnel, and political support to ensure they can enact this strategy in its fullest and help make Ireland, and by extension the whole internet, a more secure and reliable place to do business.”

The strategy also sets out plans for the Irish government to “introduce a further set of compliance standards to support the cyber security of telecommunications infrastructure” based (in large part) on the forthcoming EU Telecommunications Code (Directive 2018/1972).

The NCSC will also help in developing a “baseline security standard to be applied by all Government Departments and key agencies”.

YOU MIGHT ALSO LIKE Gone phishing: NCSC hails Active Cyber Defence success