:quality(70)/cloudfront-eu-central-1.images.arcpublishing.com/irishtimes/SZG7C7CHYKFSEFRBLI4X622JZ4.jpg)
Ireland needs no reminder of what can happen when a link breaks. It’s been fewer than two years since hackers attacked the Health Service Executive with ransomware that disabled more than 80 per cent of the agency’s information technology infrastructure. Catastrophic consequences followed: doctors and nurses lost access to patient information, lab test data and other critical information had to be recorded via pen and paper, and all computer systems were switched off. Thousands of patients had their care disrupted during a global pandemic in the worst known cyberattack on a health system in history.
It took four months for the health system to recover and much longer than that to fully understand how it happened in the first place. A report released last year found there were known weaknesses and gaps in key cybersecurity controls. On top of that, the HSE did not have a centralised cybersecurity function that managed cybersecurity risk and controls, nor did it have a documented cyber incident response plan. The report concluded that nothing less than “transformational change” was required in the realms of cybersecurity to avert a similar disaster in the future.
The incident hammered home a universal truth that is applicable to governments, businesses and private citizens across the world: there is no time to waste in combating cyber threats. As was rapidly evident in the HSE case, it’s not possible to decide to deal with a cyber threat when it’s already on your doorstep. The worst time to prepare for a cyberattack is never. The second worst time is when it’s already happening.
[ ‘We hacked the hackers’: Gardaí part of international police operation to thwart cyber crime group ]
An unfortunate truth is that these attacks are simultaneously becoming more frequent and more sophisticated. Ireland should expect to continue to be an ever-increasing target, particularly as other targets strengthen their own defences. Cyber criminals, which can be emboldened by emerging technologies like ChatGPT, represent a pernicious, persistent and intensifying threat that requires intentional organisation and a co-ordinated response. That response must begin in earnest, and it must come from the highest levels of government. All countries are a target. All critical infrastructure is a target. Worldwide investment, vigilance, and co-operation is essential to tackling this problem.
:quality(70)/cloudfront-eu-central-1.images.arcpublishing.com/irishtimes/FOQXPP6YUZEL7L6HGB64D6TFVI.JPG)
:quality(70)/cloudfront-eu-central-1.images.arcpublishing.com/irishtimes/4ZK5N6LO6QLQUOJCXXEDZP5OPY.jpg)
:quality(70)/cloudfront-eu-central-1.images.arcpublishing.com/irishtimes/L6BKVZHC7BDOBBKYAOLBWCXXLI.jpg)
:quality(70)/cloudfront-eu-central-1.images.arcpublishing.com/irishtimes/EMBIXLYEFZGVPCJSLYXUOTR7LQ.jpg)
There are myriad reasons why governments balk at undertaking the work necessary to successfully bolster defences against such attacks, not the least of which is cost
That’s not to say Ireland is behind the curve. The National Cyber Security Centre continues to make important strides in protecting government and critical infrastructure from persistent threats and building resilience. Increasing co-operation and information sharing, including with other national governments, should be encouraged and applauded. A prime example is the meeting on January 19th between the Irish and UK governments where both entities agreed to “intensify engagement on cyber resilience issues” and, critically, to “convene bilateral cyber security policy dialogues to address issues of mutual interest and concern”. And, of course, it’s not only preventative co-ordination that is needed. The Garda National Cyber Crime Bureau helped take down the pernicious HIVE Ransomware group on January 26th, which targeted companies in Ireland and worldwide in an international operation.
This is exactly the kind of intergovernmental co-operation that will be needed to properly address cyber threats. It’s incumbent upon government leaders to start at the bottom and work their way up. That means forming a detailed understanding of society’s dependence on technology and fully absorbing the risks that such a dependence entail. Across the world the fundamentals are basic: we need prevention, deterrence, attribution and enforcement.
[ National Cyber Security Centre warns of increase in ransomware attacks on small firms ]
Building on that understanding, officials must undertake a ransomware-specific assessment to study IT infrastructure across Ireland and use the findings of that assessment to form an airtight cybersecurity strategy that leaves no uncertainty in how and when to respond to similar incidents. Governments must also enact exhaustive monitoring to identify threats even before they are executed, and test cybersecurity programs, protocols and strategies during simulated attacks to gauge their effectiveness. We need to invest more in the cybersecurity workforce, both expanding the pipeline into cybersecurity but also in ensuring cybersecurity personnel want to work in government and not just the private sector.
There are myriad reasons why governments balk at undertaking the work necessary to successfully bolster defences against such attacks, not the least of which is cost. It’s not cheap, nor is it easy, to reinforce IT infrastructure, hire and train personnel, and upend the status quo on such a grand scale. Prevention and deterrence in any context are never an easy sell for government budgets, but a euro spent on deterrence is more than saved when the next inevitable attack arrives on your doorstep.
David Hickton is the founding director of the University of Pittsburgh Institute for Cyber Law, Policy, and Security. Hickton is also a senior advisor at the Center for Strategic & International Studies. He was the US attorney for the Western District of Pennsylvania from 2010-2016. He headed the investigations on behalf of the US government under the Obama administration that resulted in the prosecution of Russian and Chinese hacking schemes.