Expert insights from Richard Browne, Director, National Cyber Security Centre (NCSC).
The fundamental importance of cyber security to businesses around the country is well established at this point. This fact remains, no matter if your business falls under the umbrella of an SME, or is a large enterprise. The impact of a potential attack on your organisation’s operations and systems is undoubtedly constantly at the back of your mind, along with the reputational risk flowing from such an incident. It is also increasingly clear that the vectors for such an attack are increasing, as, for example, supply-chains lengthen and the control and awareness of who is included in them, and what levels of mitigation they are taking in the cyber area, become increasingly opaque.
As pessimistic and headache inducing as that introductory paragraph may be, it is also vital to remember that the fight against such attacks is constant and ongoing, not just nationally, but also at both a European and global level. I’d like to take this opportunity to highlight a couple of recent developments at a national level that will assist us in remaining vigilant and in encouraging greater co-operation and interoperability.
Mid-term Review of Ireland’s National Cyber Security Strategy
The National Cyber Security Strategy, published in 2019, is a five-year whole of government strategy aimed at enhancing the security and resilience of Government systems and critical national infrastructure. The strategy set out a range of collaborative measures to enhance the cyber security and resilience of public bodies, providers of essential services, businesses, and households, and to support the continued development of the cyber security industry and research community.
At its publication in 2019, the Government indicated its intention to review the strategy at its mid-point to assess progress and consider new initiatives to ensure delivery across all the measures outlined therein. A public consultation for the review at the end of 2022 saw many written submissions, in addition to a series of webinars and roundtable meetings with key stakeholder groups.
In direct response to the consultation results, the mid-term review includes ambitious new measures to be achieved within the strategy’s lifetime. This broadening of the ambition of the strategy highlights the NCSC’s continued suppleness in responding to the ever-changing cyber-threat landscape.
Ireland’s Cyber Security National Co-ordination Centre (NCC)
Towards the end of 2022, the NCSC established the NCC to facilitate the further development of research and innovation in, and deployment of, cybersecurity amongst industry and academia in the State. The centre also facilitates access to significant levels of EU public funding for cybersecurity resilience measures as well as innovative cybersecurity solutions.
It has recently organised a webinar to highlight funding opportunities related to the Digital Europe Programme, through which approximately € 107m in EU funds is currently available for cybersecurity capacity building. We will continue to work with industry to ensure that opportunities such as these are brought to your attention, thereby improving the country’s defence depth.
AI
Since the release of generative Artificial Intelligence (AI) software to the public in Q3 2022, there has been a lot of discussion on the area of AI. It is important to note that Ireland’s AI strategy is led by the Department of Enterprise, Trade and Employment, a Department who have done a lot of work in recent years in the area, including the production of a national strategy for the technology.
While it is not an overstatement to suggest that this is at least the single most important technological development since the Internet, the full effects of this will take years to play out, and perhaps even longer than that. In the meantime, the NCSC have issued guidance to the public service on the use of AI, and we will continue to engage in the area.
The Future
By the 18th October next year, the revised network and information security directive (NIS2 for short) will come into effect in Ireland. This will result in a dramatic expansion of the number of entities subject to the directive here, from just over 100 to at least 2,000. This will have implications both for us as the NCSC, and also business owners throughout the State. We will ensure that we continue to engage with you on this, and provide guidance through the work required. It undoubtedly will take up a very significant amount of effort in the next 18 months on all our behalf, but once introduced, will provide a key plank of our ongoing efforts to mitigate against both attacks in the first instance, and also their potential knock-on effects.
Conclusion
As we continue to steer the current iteration of our strategy to its conclusion, along with managing the introduction of legislation to incorporate NIS2 into national powers, it is our intention to continue to work closely with all our stakeholders, including those within the business industry. We aim to ensure that our communications around developments in the cyber area (particularly with regard to the introduction of NIS2) are clear and timely, and will allow you to remain abreast of steps you may need to take in the months and years to come.