Ireland’s economy would be badly hit and confidence in the State would be undermined if there were a major cyber attack on one of the dozens of data centres around the country, a report has said.
The warning is contained in a new National Cyber Security Strategy, published by the Department of Communications today, which also calls for widespread reforms to protect critical infrastructure from serious cyber threats.
It also highlights the need to guard against online interference in Irish elections.
“Ireland is home, according to some estimates, to over 30 per cent of all EU data, and to the European headquarters of many of the world’s technology companies. Our economic success is therefore closely bound up with our ability to provide a secure environment for these companies to operate here,” the paper warns.
“An outage or incident affecting one of those facilities could have immediate disruptive effects on infrastructure or business across the EU or globally. In turn, this means that the infrastructure supporting these centres, public and private, now has an elevated security and economic risk associated with it,” the strategy warns.
It signals a widespread shake-up of regulatory and legal framework to target weaknesses and gaps in Irish cyber defences, which will take place over the next five years.
It also reveals that a “number of serious cyber security incidents” took place in recent years and showed up failings in the existing strategy, which was put in place in 2014. A Department of Communications spokesman declined to provide more detail on these incidents.
The document flags “fundamental challenges” in securing classified information in some Government departments and agencies, which extends to sensitive information obtained from other states and international bodies.
The paper says the complex dynamics created by the internet presents a growing threat to Ireland.
“The security of every process, service and piece of infrastructure in Ireland, from the electoral process through to military infrastructure and the security of public sector data has to be approached in a different way, because they are all, to some extent, dependent on connected devices and can now be targeted directly from anywhere on the planet,” it says.
At the core of the planned reforms in the strategy is a significant expansion of what is considered critical national infrastructure. Currently, this is confined to energy, transport, drinking water, banking, financial markets, healthcare and digital infrastructure.
However, the next five years will see the range of sectors and operators classed as critical infrastructure grow, with a new and more invasive regulatory and legal framework put in place to safeguard areas including higher education and electoral systems, following a series of elections in advanced democracies which have been undermined by overseas interference.
A thorough assessment of new operators of essential services will be followed by new legislation which will “seek to enhance the existing legislative provisions in terms of the security measures that designate entities are required to take”.
A new and specific set of security measures for the telecoms sector will also be developed.