No ‘penny-pinching’ when hiring cybersecurity head - Minister

Smyth will recommend higher salary to recruit NCSC director but has not decided on figure

Minister of State for Communications Ossian Smyth has insisted there will not be "penny-pinching" when the Government makes renewed efforts to hire a director for the National Cyber Security Centre (NCSC), while playing down a suggestion the salary would have to be as high as €290,000.

Mr Smyth appeared before an Oireachtas Committee on Wednesday to be quizzed on the response to the ransomware attack on the HSE.

The Committee on Communications heard on Tuesday from cybersecurity experts whose contributions raised questions about the salary on offer for the NCSC director, as well as the level of funding for the organisation’s work.

The NCSC - which currently has no-one working in the newly created role of director - is spearheading the response to the cyberattack on the health service.

The Government had offered a salary of between €106,000 and €127,000 for the job and an individual was selected before they dropped out for personal reasons.

Bláthnaid Carolan, an expert in cybersecurity recruitment, told the committee that similar private sector roles attract salaries of between €220,000 and €290,000 per annum, with additional benefits and bonuses of between €150,000 and €200,000.

Pat Larkin, a former Defence Forces member who is the chief executive of cybersecurity company Ward Solutions, suggested the NCSC's budget should be "at least 10 times" the €5.1 million allocated to it this year. This would be equivalent to the per capita spending by the UK.

On Wednesday, Mr Smyth told the committee that the salary range suggested by Ms Carolan was "far in excess" of the salaries that are paid for corresponding jobs in other national cybersecurity centres of comparable size across Europe.

Mr Smyth said he did not have figures for those salaries to hand.

He said the job is not a “directly comparable” to someone who is in charge of cybersecurity at a commercial operation and they have “a different set of challenges”.

Mr Smyth said he will be recommending a higher salary for the role but said he had not decided on the figure, and it would have to be approved by Cabinet.

He also said: “There won’t be penny pinching here…it’s not going to be the case that we’re going to underpay or try and get a bargain. Everybody understands how absolutely critical this role is.”

Mr Smyth also said people consider more than money when taking a job with the NCSC.

“You do have to pay good and adequate salaries but people are proud to work in the NCSC. They’re protecting their country...It is a high-status job and it is a job that people are proud to do.”

Committee chairman Kieran O’Donnell asked about Mr Larkin’s suggestion that the funding for the organisation should be in the region of €50 million if it was to be brought up to UK levels.

Mr Smyth said that when pay costs are taken into account funding is around €7 million this year, and its operations budget had seen a “considerable increase” on 2020.

He said: “Clearly the UK is in a completely different situation. They’re a nuclear power, they have a different type of security apparatus.

“They have GCHQ [Government Communications Headquarters], they carry out mass intelligence surveillance...

“We have a very different set-up. Our cyber security function has different roles and different responsibilities compared to what’s running in the UK.”

Earlier, Mr Smyth had referred to commentary about the funding of the NCSC and said it was important to recall that “very substantial investment” in cyber security was also made by individual Government Departments and public sector bodies in their own IT security infrastructure and IT security staff.

He said this is “many multiples of the figure of €5 million which has been quoted”.

Cormac McQuinn

Cormac McQuinn

Cormac McQuinn is a Political Correspondent at The Irish Times

READ MORE