In this article, we consider recent policy and strategy level developments in the cyber security sphere in Ireland.
The World Economic Forum Global Risks Report for 20151 ranks technological risks, most notably cyber-attacks, among the most likely and impactful global risks. Cyber-crime and cyber-attacks, both nationally and internationally, have heightened awareness of these vulnerabilities and elevated cyber security to the national agenda. Along with other western economies, Ireland has taken the first organised national steps on the path to at least some degree of coherent national cyber security requirements.
Ireland has a developed infrastructure that is dependent on information and communication technologies (ICT). Critical national infrastructure such as energy, water, social welfare, telecommunications, banking and healthcare are dependent on ICT, not just to operate effectively, but to operate at all. Apart from indigenous companies nine of the top ten global software companies, all of the top ten global ICT companies and the top ten "born on the Internet" companies have major operations here. If a significant cyber-attack aimed at Irish operations should harm these companies, or any other large international company operating in Ireland, there is a recognised risk of damage to Ireland's reputation abroad as a suitable place to do business. Accordingly, the national ability to repel, or at least manage the response to, cyber-attacks is a recognised consideration in the ability of 'Ireland Inc.' to attract and retain inward investment.
National security can come under threat from international espionage or attempted sabotage of the software necessary to run critical infrastructure. The task of Government and industry is to ensure systems and networks are as safe as possible to inspire confidence and trust in the privacy of data and information so the digital economy can grow and prosper. Initiatives at EU and national level are response to the realisation that the EU has been losing ground due to the increased cyber security threat level, governments across Europe have been tasked with coming up with a national security strategy.
NATIONAL RISK ASSESSMENT
At national level, cyber security has been increasingly recognised as a risk which could threaten national progress, continued economic growth and prosperity. The National Risk Assessment for Ireland (2015)2 published by the Department of An Taoiseach (or department of the office of the Prime Minister) notes that cyber-attacks could potentially threaten Ireland's key national infrastructure (such as energy, transport and telecoms systems). The document also identifies the specific risk for the public service in respect of theft or compromising of data collected by the public service.
Although formal recognition of cyber security as a serious threat is welcomed, identifying risks is only a first step in properly addressing them and Government must ensure that these risks are dealt with through...