Skip to main content
Normal View

National Security Committee

Dáil Éireann Debate, Tuesday - 22 June 2021

Tuesday, 22 June 2021

Questions (9, 10, 11, 12)

Mary Lou McDonald


9. Deputy Mary Lou McDonald asked the Taoiseach the membership and terms of reference of the National Security Committee chaired by the Secretary General of his Department. [29521/21]

View answer

Alan Kelly


10. Deputy Alan Kelly asked the Taoiseach if he will provide a list of the membership of the National Security Committee; and when it last met. [29776/21]

View answer

James Lawless


11. Deputy James Lawless asked the Taoiseach the details of the National Security Committee. [33007/21]

View answer

Catherine Murphy


12. Deputy Catherine Murphy asked the Taoiseach the membership and terms of reference of the National Security Committee chaired by the Secretary General of his Department. [33042/21]

View answer

Oral answers (7 contributions) (Question to Taoiseach)

I propose to take Questions Nos. 9 to 12, inclusive, together.

The National Security Committee is chaired by the Secretary General to the Government and it comprises representatives at the highest level from the Departments of Justice, Defence, Foreign Affairs, the Environment, Climate and Communications and from An Garda Síochána and the Defence Forces. The secretariat to the Committee is provided by the National Security Analysis Centre in my Department.

The committee is concerned with ensuring that the Government and I are advised of high-level security issues and the responses to them, but it is not concerned with operational security matters.

As Taoiseach, I am briefed regularly by the Garda Commissioner and by relevant officials on the national and international security situation and on any individual incidents that may occur. The relevant Ministers also brief the Government on security issues within their remit as the need arises. There are also special arrangements in place to deal with particular circumstances that may arise, such as the recent cyber attack on the HSE’s IT systems.

Having regard to the confidential nature of the work of the committee, it is the long-standing practice not to disclose information about individual meetings. I can tell Deputies, however, that the committee generally meets a number of times a year and as required, and that it will continue to do so.

The committee’s focus is on the main threats to the State’s security and it has also addressed aspects of the State’s response to the Covid-19 pandemic.

In addition to its meetings, the members of the committee liaise on an ongoing basis to monitor developments that might have national security implications, in particular in the international arena.

Can the Taoiseach tell us what interaction the National Cyber Security Centre has with the work of the National Security Committee? Is the centre represented on the committee and did either advise the Taoiseach of high-level cybersecurity threats following Government formation last year? As the Taoiseach is aware, the budget and staffing of the National Cyber Security Centre came under significant scrutiny last month. Having failed to secure a preferred candidate for the role of director, this position is to be readvertised and the Minister awaits the outcome of a capacity review, although we know the centre employs just 29 people, despite its responsibilities.

The main role of the centre is to lead in the management of major cybersecurity incidences across Government, provide guidance and advice to citizens and business on major cybersecurity incidents and to develop strong international relationships in the global cybersecurity communities. Despite these significant responsibilities, the salary offered to the director is just half of what is paid to each of the Taoiseach's special advisers.

In fact, the Government's overall annual spend on special advisors matches the centre's annual operating budget. That is astonishing. I would like the Taoiseach to explain how that makes any sense. Evidence given last month at committee advised the centre's budget needs to be significantly increased. On that basis, can the Taoiseach advise us when the capacity review of the National Cyber Security Centre will be completed? Will the Government act quickly to provide for the additional resources we expect to be identified in that review?

The last Government had a Cabinet subcommittee on national security. Why was it dropped? Is it not even more pertinent now we have such a Cabinet subcommittee? We have the National Security Committee. I do not want the details, but I presume Ministers attend that. Can the Taoiseach tell us how often it meets and at what level?

Where are we at as regards the cyberattack on the HSE? Have we sourced where the attackers targeted or how they got into our systems? I do not want the Taoiseach to tell me here, but does he know? Does he know where the weaknesses were? I asked a whole range of questions regarding operating systems which were so out of date. Have we any information as regards where the source of the weakness was? I do not want to know what is, but I want to know whether the Taoiseach knows.

I ask about other future attacks. How prepared are we across all our public services with regard to attacks in which hackers could be based in Russia or eastern Europe? If an attack on our ESB or gas network was to happen, it would be serious. It is not beyond possibility given our health service was brought to its knees.

There are a number of reports about Russian submarines in Irish waters, operating off the west coast. Have we any capacity to monitor these? What do we do? A report in The Irish Times stated one third of fisheries patrols were cancelled by the naval service last year. A submission from the Department of Agriculture, Food and the Marine to the Commission on the Defence Forces stated Ireland had to rely on an EU ship to patrol our fishing zones for the first time.

Some four of our nine vessels are out of action, mostly due to low staffing. Basic pay, terms and conditions are a key problem for retention of such personnel in the Defence Forces. Recruitment, career progression and welfare of service families are also a major concern. The Defence Forces' strength have been hovering at just over 8,000 which is way below the 9,500 mentioned in the White Paper. Will this issue be addressed? Has it been looked at by the National Security Committee? When will the Defence Forces commission a report?

I call Deputy Devlin on behalf of Deputy Lawless.

I thank the Taoiseach for his reply to that question. Are there any plans to develop a national security strategy? The previous Government went to develop a national security strategy in 2019, with the process led by the national security analysis centre. I understand there was also a short consultation process undertaken at that time, over three weeks which included Christmas holidays. Were the results of that consultation ever published?

I note what the Taoiseach said on the confidentiality around this committee and I appreciate that. However, if there is an intention to publish the results of the consultation, can the Taoiseach outline that to us? With regard to the recent cyber attack, which the Taoiseach referred to in his response, both on the HSE and the Department of Health which obviously caused huge disruption right across the health system, has this National Security Committee met since that attack?

Given the impact of that cyberattack, does the Taoiseach believe a general review of the State's cyber and general security apparatus should be undertaken?

I wonder if we are unnecessarily secretive about this committee. In Germany, for example, the citizens get a briefing on the equivalent committee.

They know the full composition and what is deemed to be a threat. That helps people on the non-governmental side in terms of their level of preparedness. We know what the State knows are threats, like hostile states, hardline dissidents and international organised crime, but where are we in relation to things like energy, cyber and climate issues? What is being proactively done in relation to emerging threats? Is independent advice available and routinely got? Is there engagement with other states? Has it been costed? Very often that cost upfront is better than having to do things in response, as we are doing in relation to the cyberattack which may well have happened anyway.

A recent article by Conor Gallagher and Martin Wall sets out our vulnerability in terms of policing of our airspace. We rely on the Royal Air Force, RAF, to scramble jets to monitor our skies. I do not have an issue with that but it would be useful and reassuring for us to get an understanding. More needs to be said and we need to be more open. That is not to say we should expose ourselves in a way that makes us more vulnerable.

The national cybersecurity strategy sets out the strategic approach to protecting the State in the cybersecurity realm over the next five years, which I think Deputy McDonald raised. It sets out to develop our capacity and protect the State. In the last budget, the Minister for Public Expenditure and Reform, Deputy Michael McGrath, tripled the budget for the National Cyber Security Centre, which is part of the Department of Environment, Climate and Communications. It manages the State's incident response process to cyberattacks and is responsible for a series of initiatives to improve the resilience of critical infrastructure and public sector ICT. It works closely with the Garda and the Defence Forces. It is currently engaged in a detailed risk assessment of critical infrastructure vulnerabilities in the State. It also provides public information on cybersecurity risks and best practice.

In the context of the recent cyberattack on the HSE, our overarching priority was to restore all medical services. It was extremely difficult on font-line workers. I pay the warmest of tributes to all staff in the HSE, including those in the war room who had to deal with the cyberattack and worked night and day, at great cost to themselves, to restore services. It had a significantly negative impact on services. Front-line staff on the hospital floor had to deal with the absence of scanning, patient records and so on. It was extremely difficult for all concerned and I thank them for their enormous efforts in maintaining treatments for patients.

A group comprising the Minister for the Environment, Climate and Communications, Deputy Eamon Ryan; the Minister for Health, Deputy Stephen Donnelly; the Minister for Justice, Deputy Humphreys; the Minister for Children, Equality, Disability, Integration and Youth, Deputy O’Gorman; and the Minister of State with responsibility for communications and e-government, Deputy Ossian Smyth, was established to monitor and steer the cross-Government response to the cyberattack. It was supported in this by the National Security Analysis Centre, based in my Department. That is in keeping with the arrangements in the National Cyber Security Centre’s, NCSC, critical national incident response plan for managing incidents such as these. The technical response to the attack involved a strongly co-ordinated effort across Government working in co-operation with specialist private sector contractors. That dedicated work is ongoing and will continue until the systems are restored and functioning again.

The Garda national cybercrime bureau leads on the criminal investigation and will continue to work closely with the NCSC and the HSE on this. It is also working with international partners, given the nature of the crime involved. It is clear in the context of cyberattacks that one has to have a team-based response, both within the country across Departments and also across Europe. It is a collective effort. The UK was particularly helpful in providing cybersecurity expertise. People rallied to the call to help us. The Polish Government gave its experience because it had been the victim of a recent attack. This needs to be acknowledged.

On the national security committee and the analysis I have received, there are a number of high-level threats or potential threats to the State that we have to keep an eye on and that some Deputies have referenced, relating to international geopolitics and to right-ring extremists and extremists of one kind or another. Our security apparatus, our Defence Forces and our gardaí keep a vigilant eye on all of that.

Deputy Kelly asked about the status of the commission on the Defence Forces. That independent commission has been established and has a mandate to report within 12 months. I think Deputies are familiar with the terms of reference, which relate to the structure and size of the Defence Forces, encompassing capability structures and staffing, appropriate governance, high-level command and control, pay and allowance structures, recruitment, retention, career progression, leveraging the capabilities of the Reserve Defence Force, RDF, and its support to the permanent Defence Forces, making service in the RDF more attractive and, of course, arrangements for the effective defence of the country by land, air and sea.

The commission has invited submissions from individuals and organisations on issues relevant to its terms of reference. It received over 500 submissions, which it is analysing. It has been established as an independent body and has met with a broad stakeholder group, including the Defence Forces representative associations, commissioned and enlisted members of the Defence Forces and senior officials and personnel from my Department, the Defence Forces and other groups.

On Deputy Devlin's points, I will work on the publication of the consultations he referenced. As I have outlined in terms of the national security strategy, there was a framework for us to work on and through and, in terms of resources, to do what we can.

On Deputy Catherine Murphy's point, there is a balance between openness around national security policy and the Deputy's sense that we are overly secretive. We have to take on board the advice we receive on certain aspects of national security but I would be interested in continuing the discussion with the Deputy