Irish Government to run cybersecurity planning exercise

4 Apr 2013

The Irish Government is planning to run a structured exercise to test its response to simulated cyber security incidents.

In a tender issued yesterday, the Department of Communications, Energy and Natural Resources [DCENR] gave notice that it’s looking to source expertise in three areas: IT services – comprising consulting, software development, internet and support – computer support and consultancy services; and crisis management services.

In a statement, DCENR said: “As part of emergency planning processes, structured exercises take place from time to time. These exercises are used to improve preparation and co-ordination in the event of emergencies.

“This request for tender has been published as a proactive measure. The exercise will allow for practise drills around procedures to be used during contingencies.”

“It is anticipated that the exercise will be as inclusive as possible, engaging many Government stakeholders. The exercise will not impinge on the normal functioning of any services or systems. The findings of any after-exercise reports will determine the appropriate actions to be taken at that time.”

Welcome initiative, but questions remain – ISI

InfoSecurity Ireland, the cybersecurity lobby group, welcomed the news of the exercise. Mathieu Gorge, vice-chair and spokesman for ISI, said it was good practice to test responses to various levels of cybersecurity incidents and would help to determine readiness for them.

The tender also leaves some questions unanswered, Gorge added. “Obviously, we welcome any initiative that can improve the cybersecurity of Ireland Inc, but we’re seeing some pitfalls,” he said. “We still don’t have a chief security officer for the Government. Who is going to manage the project?”

Since 2011, DCENR managed the Government’s Computer Emergency Response Unit, whose remit is to protect IT networks used by Government departments, agencies and critical infrastructure operators. However, the unit has no public website and no contact number for reporting incidents, which industry experts said is contrary to best practice in other countries.

ISI also expressed concern at the short deadline for the tender. Bidders have until 16 April to submit proposals. Gorge said this was unlikely to be enough time to prepare an outline that includes multiple stakeholders and covers a range of potential test scenarios.

“I’m not aware of any one company that can single-handedly address all the steps that an exercise like this would take,” Gorge told Typical exercises conducted in other countries have involved Government agencies, industry partners and law enforcement, he said.

Open tender

Enda Gallagher, press officer with DCENR, said the tender was written to be open and would allow bidders to make suggestions as to how best to run the exercise. 

He said the turnaround time was sufficient for the kinds of operators who already work in the emergency planning area.

Once the winner has been announced, Gallagher said DCENR would engage with as many Government departments as possible. No date has been set yet for running the cyber exercise.

“Our plan is that [an announcement] will be relatively quickly after the tender process has run. We’re planning to go through the applications as quickly as possible. I think there will be a natural tendency to push this on,” Gallagher said.

Similar cyber preparedness exercises have been taking place for several years at EU level and in the US. Gallagher said Ireland has already taken part in some of the exercises run by ENISA, the European Network and Information Security Agency.

Worldwide cybersecurity activity

Ireland’s latest exercise will take place against a backdrop of escalated cybersecurity activity around the world. State-sponsored cyberespionage is now firmly on the agenda, fuelled by news last year that the Stuxnet malware was jointly developed by the US and Israel to thwart Iran’s nuclear programme.

In February, a controversial report from the US security company Mandiant claimed electronic spying activity dating to 2006 could all be traced to a unit in Shanghai with ties to the Chinese military.

This year, Microsoft, Facebook and others have been victims of cyberattacks, while the largest DDoS attack yet seen was reported last week, with some internet services said to have been affected in the fallout.

Gordon Smith was a contributor to Silicon Republic