Ireland signs cybersecurity deal with Microsoft to protect infrastructure

16 Jun 2022

From left: NCSC director Dr Richard Browne, Microsoft GSP principal programme manager Bruce Cowper and NCSC head of engineering Kieran Duane. Image: NCSC

Joining the Microsoft Government Security Program will give Ireland access to exchange of threat and early warning vulnerability information.

The Irish Government has joined the Microsoft Government Security Program (GSP) in a bid to protect the nation’s critical infrastructure against cyberattacks.

Ireland’s participation in the GSP will offer benefits such as controlled access to source code, the exchange of threat and early warning vulnerability information and technical content engagement about Microsoft’s products and services.

Ireland will also get access to the company’s transparency centres, where GSP participants can visit to conduct deep levels of source code inspection and analysis.

There are currently more than 45 countries and international organisations represented by more than 90 agencies participating in the GSP.

“Microsoft products are widely used by both public and private bodies,” said Minister of State with responsibility for Communications, eGovernment and Circular Economy Ossian Smyth, TD.

“This new partnership between Microsoft and Ireland will be a key enabler in protecting the State’s digital infrastructure from cyber threats.”

On a visit to Microsoft’s headquarters in Washington, the new National Cyber Security Centre (NCSC) director Dr Richard Browne said the two organisations have “worked closely” on multiple cybersecurity issues over several years. He added that Ireland joining GSP “formalises that cooperation”.

“Participation in Microsoft’s Government Security Program provides another important resource which the NCSC can use in defending the Government and critical infrastructure from the persistent threat of cyberattacks,” Browne said.

In May 2021, the Irish national health service was subjected to a ransomware incident in the most serious cyberattack ever to hit the State’s critical infrastructure. More than 80pc of the HSE’s IT infrastructure was affected and there were severe impacts on health services in Ireland.

Last December, a PwC report found that the hacker group gained access to the HSE’s systems eight weeks before the ransomware was detonated. They were also able to achieve their objectives “with relative ease” due to the “frailty” of the HSE’s IT estate, according to the report.

The NCSC was established in 2011 with a broad remit across the cybersecurity of Government ICT and critical national infrastructure.

The Government has been looking to ramp up its security strategy since the HSE attack. Last summer, it agreed to a number of measures to support the continued development of the NCSC and to expand its team.

Ongoing cyberthreats

The concern around cyberattacks has also been growing internationally, as Costa Rica has been facing a ransomware assault in recent months from the same group that targeted the HSE.

Meanwhile the US, along with its allies in the Five Eyes intelligence alliance, has expressed concerns about the threat of Russian state-sponsored cyberattacks on critical infrastructure systems.

Earlier this month, the head of US Cyber Command confirmed that US military hackers have conducted offensive, defensive and information operations in response to Russia’s invasion of Ukraine.

10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.

Leigh Mc Gowran is a journalist with Silicon Republic