Ireland gears up for cyber war – new strategy to protect critical infrastructure

3 Jul 2015

Ireland has prepared a plan to defend critical data and infrastructure in the event of dangerous cyber attacks.

Ireland’s Government has published the country’s National Cybersecurity Strategy, which outlines how Ireland will defend its computer networks and sensitive infrastructure like water and electricity in the event of a cyberattack.

“This Strategy published today sets out how Ireland addresses cyber threats and protects against them. Ireland’s digital economy contributes 5pc of national GDP and provides employment for more than 100,000 people,” Communications Minister Alex White TD explained.

“That’s why protecting personal data, sustaining investment and ensuring the continued reliable functioning of information and communication technologies, and of the internet, are priorities for Ireland.”

The strategy acknowledges that, on a national level, Ireland faces a more complex set of risks than other countries.

This is due to the presence of a large number of data-centric companies here, including Microsoft, Google, Intel, Facebook, Apple, IBM, Amazon and many, many others.

This includes a large number of data centres, including new ones coming on stream such as Apple’s €850m data centre in Athenry, Galway, and Facebook’s €200m data centre in Clonee, Co Meath.

The Government also pointed out that the majority of the services provided by the State rely on ICT systems, from basic email right up to online platforms belonging to the Revenue Commissioners and Department of Agriculture, which contain personal data on millions of people and are critical to the functioning economy.

Critical national infrastructure

The strategy also encompasses critical national infrastructure such as electricity, water, transport, telecoms, commerce and health.

It says that while all infrastructure is at risk of destruction due to natural or manmade events, threats to critical infrastructure would impact the wellbeing of citizens.

A Computer Security and Incident Response Team (CSIRT-IE) within the Department of Communications, Energy and Natural Resource has been engaged in emergency planning along with An Garda Siochana, the Department of Defence and the Government Task Force on Emergency Planning.

The Government also collaborates with the EU’s European Network and Information Security Agency (ENISA) and CSIRT-IE is part its Europe-wide network.

In response to a realisation that the EU has been losing ground due to the increased cybersecurity threat level, governments across Europe have been tasked with coming up with a national security strategy.

National Cybersecurity Centre

The Irish Government has established a National Cybersecurity Centre (NCSC) within the Department of Communications that will be tasked with securing government networks and critical national infrastructure.

As well as being accredited to the CSIRT-IE, the NCSC will develop capabilities to respond swiftly when attacks occur and develop capabilities in the area of industrial control and SCADA systems, which are used to run electricity and water networks.

The threat to such networks became clear when the Stuxnet worm, malware designed by Israel and the CIA to compromise Iranian nuclear facilities, began to roam wild and threaten utilities infrastructure worldwide.

Much of the new strategy will be enshrined in legislation and in terms of cybercrime the Minister for Justice and Equality will be tabling legislation to give effect to the Budapest Convention on Cybercrime and Directive 2013/40/EU on attacks against information systems.

According to the strategy document, there is already a strong culture of cooperation between the nascent NCSC and the Defence Forces in terms of technical skillsets and information sharing.

This will be formalised through a service-level agreement with the Department of Defence, including a rapid information sharing mechanism in the event of a national cyber incident or emergency.

Key to the strategy is information sharing and a vital component of this will be education and training fro SMEs, as well as relationships with third level institutions, including the long-standing relationship between the Department of Communications and the Centre for Cybercrime Investigation at UCD.

Cyberwarfare image via Shutterstock

John Kennedy is a journalist who served as editor of Silicon Republic for 17 years