Cybersecurity Policy

Given the volatile situation in Ukraine and that the cost of the cyberattack on the HSE last year is €100 million and still rising, will the Minister outline the increases in funding given to the NCSC over the past 12 months? What are his views on the way the centre has improved Ireland's defence against cyberattacks on State infrastructure?

The programme budget for cybersecurity in my Department's Vote for 2022 is €5.1 million. That is broken down into €2.5 million in current expenditure and €2.6 million in capital expenditure. While this is the same funding allocation as 2021, it represents a trebling of the budget when compared with 2020.

In addition, provision has been made in the Department's Estimate for 2022 for a year-on-year increase in the payroll and administration of the National Cyber Security Centre, NCSC, in the sum of €2.5 million, €2.1 million of which is for pay and €400,000 is for non-pay administrative overheads. The increased pay allocation is in recognition of the Government's decision last July to expand the capacity of the NCSC with an additional 20 posts, which are to be filled before the end of this year.

Strengthening the NCSC is a key component of our strategy. In the past year, we commissioned a capacity review to benchmark the NCSC against its counterparts in European and other states. The consultants noted the knowledge, expertise and motivation of the NCSC's staff, which was apparent in their exemplary response to the HSE incident last May. The Government has accepted the recommendations in the capacity review and invested in increased capacity in a number of ways, including the appointment of a new director of the NCSC and a number of other new staff, new threat intelligence contracts and a new contract with the UCD Centre for Cybersecurity and Cybercrime Investigation. The NCSC has completed a national risk assessment of critical infrastructure to ensure that it has a thorough understanding of critical national infrastructure and has contact channels with all operators.

The Deputy will not be surprised to hear me say that this matter is of particular importance this morning. Given what is happening in the world, we should all be concerned about our security. Our systems are on heightened alert and are working with European and other colleagues to ensure that we are fully apprised of risks or threats. At the moment, the risk to our country is low to moderate, but the possible knock-on effects of what is happening elsewhere are something about which we must be vigilant. We are being so.

I welcome the budget increase for cybersecurity and the recent appointment of Mr. Richard Browne to the position of director of the NCSC. The incidents in question can have devastating consequences for national security, healthcare and many other social, economic and personal matters. The cyberattack on the HSE last year was the largest attack against any health service computer system in history. It paralysed systems and caused major disruption throughout every part of the health service, and its effects are still being felt in certain areas.

Cybersecurity threats pose some of the greatest challenges to our State. Only last Saturday, the NCSC issued an alert. Given that the military conflict in Ukraine has escalated in recent days, will the Minister confirm that all essential posts have been filled and that the NCSC is fully equipped with staff, technology and funding to deal with potential and probable threats in the coming months and years?

I am glad that the Deputy acknowledged that the appointment of Mr. Browne as director of the NCSC was a key appointment. Mr. Browne is well qualified and was centrally involved during the HSE attack last May. I can confirm that we have already brought on board many of the people we want. The NCSC is being moved to new offices that are fully equipped and secure. Further down the line as my Department moves to Beggar's Bush, we will be building a state-of-the-art, secure and isolated facility to give us all the capabilities we need.

I spoke to Mr. Browne in recent days to get a sense of the current risks. We are on heightened alert. We are not seeing immediate domain name system, DNS, or other attacks on our systems. It is key that not just the NCSC, but every Department and business monitors and manages its networks so as to reduce risk. The NCSC's key role is helping others to ensure that we have our defences in place.

In addition to large-scale cyberattacks from abroad, cybercrime is on the rise. According to Garda reports, it increased by 150% during the pandemic, costing billions of euro in 2020. Unfortunately, many people caught by online scams do not report it to the Garda, so the costs could be much higher. The attractions of cybercrime for criminals are many, as the rewards can be higher and the risk of getting caught are lower. Even criminals not involved in cybercrime are using encryption to hide their activities and cryptocurrencies to store and move money, making it harder for the Garda to track.

The Garda National Cyber Crime Bureau is struggling to recruit cyber experts due to competition from the private sector, which is paying much higher salaries in a competitive market. Is the bureau working with the NCSC or do they work independently of each other? Are there enough resources going into both to protect our State and citizens?

I agree with the Deputy on the risks in terms of crime as well as national security. It is vital that the Garda cyber unit, the NCSC and our Defence Forces cyber capabilities work. Each has a separate but co-ordinated role. The central co-ordinating role lies with the NCSC. It has to have the best expertise and contacts with international networks in order to assess risks and share knowledge and information. I saw that in evidence during the attack last May when there was a weakness in our system, which allowed an incursion into the health system. That system was particularly weak at the time because Covid had led to there being so many networked devices. While that weakness was regrettable, the State's response was quick, co-ordinated and collective. We need to ensure that the Garda, the Defence Forces and the NCSC work collectively. I am confident that they will.