Pat Larkin spoke to the Houses of the Oireachtas committee on Transport and Communications to address the cyber security risks to Ireland arising from the war in the Ukraine yesterday. After listing the risks Ward advised our client of, Pat took the opportunity again to appeal to the committee for “a much more comprehensive, robust, better-resourced, highly innovative national cyber security strategy, integrated as part of our national security strategy to protect Ireland.
You can watch him address the Oireachtas committee in this video:
Or read his opening statement below.
Chairperson, Committee Members, it is my pleasure to attend, give an opening statement and answer any questions you may have today.
The last time we were here, you asked contributors about the emerging trends we saw in the cyber realm, affecting our clients and what was required to mitigate such threats. This last hearing took place in the ominous shadow of the HSE cyber-attack. Since then cyber-warfare threats have escalated in a manner and in a timeframe, which has blindsided the majority.
On foot of the Ukraine invasion, Ward Solutions notified our clients in our situational security advisories, of what we believe to be significantly increased risks:
- Increased criminal activity capitalising on emotive curiosity arising from the war.
- Increased cyber militia activity from both global and local activists, attacking Russia, Ukraine or Western countries with commensurate direct or collateral damage and the associated problems with attribution and blame.
- Increased Nation state activity responding to current geo political objectives. For example cyber actions as part of hybrid warfare, malicious reaction to sanctions and counter strikes to actual or perceived nation state cyber activity.
- Failure of risk transference mechanisms, such as cyber insurance, arising from policy exclusions for cyber events, originating from Nation State activities or acts of war.
- Attacks and disruption to near stream and downstream supply chains of national and global critical national infrastructure (CNI) providers such as finance, health, utilities, telecoms, cloud/SaaS, transportation etc.
- The lack of capacity issue for already stretched cyber service providers to support wide scale attacks.
- Accelerated segregation (“cyber-balkanisation”) of the Internet.
We continue to advise our clients on actions that should be undertaken, based on urgently revising risk assessment, mitigation and security operation plans. This encompasses increasing awareness, increasing security controls, performing basic and advanced cyber security tasks better, testing and rehearsing incident response, disaster recovery. We have advised our clients of the need to maintain a hyper-vigilant security posture for the long term, planning their programs and resource accordingly.
Out of the tragedy and adversity of the Ukraine invasion, where Ireland is not politically neutral and previously the HSE cyber-attack, where Ireland was at that time in a politically neutral state – we can now see that neither aligned, nor non-aligned status offers us effective protection from nation state, militia or criminal cyber-attacks.
On a daily basis, Ward Solutions continues to deal with ever growing operationally and financially crippling cyber-criminal activity against our clients, regardless of the current geo-political situation.
Once again, I am appealing to this committee and to anyone that will listen, advocating the need for a more comprehensive, robust, better-resourced, highly innovative national cyber security strategy, integrated as part of our national security strategy to protect Ireland. We have started the journey and made some inroads, but we are nowhere near the levels of protection required for this decade and the rate at which the threats are developing. Time is of the essence. We have seen malevolent nation state activity for over 15 years. Ireland has been hit both directly and indirectly. National cyber security strategy, practice, capacity, resources, research and capability is not something that you can switch on in days and weeks in response to a specific crisis. It requires deliberate planning and constant adaptation to extract short and long-term success. This strategy is needed to protect our society, citizens, public, private services and our prosperity. If well executed, it will also bring very significant economic benefit to Ireland – the direct cyber security market estimated to be worth $270 BN by 2026. There is a significant digital sector, which is heavily cyber security dependent. An effective National Cyber Security strategy offers multiple levels of pay back not only funding the strategy, but also returning real profits in terms of investment, jobs, export revenue, corporate taxes from the direct cyber security sector and from the cyber security dependent sectors.
The state’s role in this strategy should be that of leader, coordinator, enabler, incubator and accelerator.
I am also a board member of Cyber Ireland, whose chairperson and cluster manager presented to you during 2021. Cyber Ireland have been steadily working to coordinate the triple helix of Industry, Government and Academia in order to make Ireland a Cyber Security Global leader, over the last 4 years. As part of our work, Cyber Ireland recently commissioned an international expert study of the Cyber Security sector in Ireland and will be launching this study and an accompanying sectoral policy paper in May 2022. Both will be submitted to this committee. We believe these will be invaluable to your considerations on Ireland’s cyber security strategy.
Thank you for the opportunity to make this statement today.