Cyberattackers are new ‘mafiosa’ and must be treated like ‘bank robbers, drug cartels’
Data must be considered like ‘gold’ as 30 per cent of EU’s information stored in Ireland
Fianna Fáil Senator Malcolm Byrne pointed to the surge in data centres held in Ireland and said that “until we start to treat data like gold, we will not realise the scale of how important this is”. File photograph: Dara Mac Donaill
Some 30 per cent of the European Union’s data is stored in Ireland and that is a measure of how serious cyber security and the attack on the HSE’s IT system is, the Seanad has been warned.
Fianna Fáil Senator Malcolm Byrne pointed to the surge in data centres held in Ireland and said that “until we start to treat data like gold, we will not realise the scale of how important this is”.
Green Party Senator Vincent P Martin described those who attacked the HSE ICT system as the “new mafiosa” and said “they should be treated the same as people who kill on the way to rob banks and art galleries, or drug cartels”.
The unprecedented attack which Fine Gael Senator Michael Conway said affected 85,000 computers in the health service was raised by numerous Senators on Monday.
It emerged over the weekend that the role of the direction of the National Cyber Security Centre has remained unfilled for over a year because the position pays €89,000 and is pegged at principal officer level, which Independent TD Cathal Berry said showed the lack of seriousness shown for cybersecurity.
Former minister for justice Michael McDowell called for cybersecurity to be treated as seriously as the Covid-19 pandemic as he warned that the attack on the health service “is only the first shot in a war and I do not know whether we have any defences in this war”.
He said there were indications over the past year that HSE ICT systems “were, to put it charitably, clunky and difficult to adapt to emergency situations”.
And he recalled the public sector having difficulty in commissioning ICT expertise and systems, sometimes becoming “the victim of overzealous and overpriced proposals”.
Sinn Féin Senator Niall Ó Donnghaile highlighted the need for significant investment to modernise health sector ICT systems and called for clarity from the HSE about the timing of the reopening of services.
He also called for a review of the HSE and State’s cyber defences and said “we need to know how this happened, the source of the attack, how the systems were impacted and how it can be prevented from happening again”.
The Belfast Senator also highlighted the need for an enhanced role for the Defence Forces in cyber security. A “revamped, cutting-edge Defence Forces cyber unit is critical in preventing cyberattacks but this can only happen if the State has the ability to recruit and retain the necessary personnel”.
Fine Gael Senator Mary Seery Kearney said that health data was apparently “kept in silos” and the Department of Health was consequently protected from a further attack.
She said the State should issue a “set of guidelines on how people can know when they have sufficient security in place”.
And she called for the State to publish the categories of data that may have been compromised and that could be published on the dark web and “putting in place the mitigating actions people need to take”.
Independent Senator Alice Mary Higgins said the State had still not addressed concerns raised by the Data Protection Commissioner about the use of the “single customer view data set”, aggregated information held by the State on individuals.
She said that includes the data of more than three million citizens and photographs are now being added to that information which was very concerning.
Fine Gael Senator Paddy Burke pointed out that a number of local authorities had been hacked over the past 18 months.
Replying to the contributions Government Seanad leader Regina Doherty pointed to revelations of 2,500 attacks last year on the HSE and said it was “so difficult, yet so easy at the same time, to access states’ and individuals’ information and exploit it”.
She told Senators will try to arrange a debate on cybersecurity as quickly as possible.