Ireland releases the National Cyber Security Strategy 2019-2024
Ireland, home to over 30% of all EU data, has just released the National Cyber Security Strategy 2019-2024 against cybercrime. According to Richard Bruton, the Minister for Communications, the main objectives are to ensure the state can respond to and manage incidents, including those with a national security component, and to protect critical national infrastructure from cyber-attacks. In addition, as Telecompaper reports, the plan looks at developing the cyber-security sector in the country. More than 6,000 people are employed already in it, and the government sees the country as well-placed to expand this further. Under the new Strategy, more efforts are planned to increase skills as well as awareness among enterprises and private individuals around cyber security.
The cyber security challenge at the very high level
According the new Strategy, at a very high level, developments in cyber security pose two fundamental challenges for Ireland. Firstly, the a-spatial nature of the internet exposes the State to new and rapidly developing global threats, including those developed and deployed by threat actors with very significant resources and expertise. These threats manifest at a national level in a variety of ways that make detecting and mitigating the associated risks difficult. The fact that the global security environment is in a particularly dynamic phase is also pertinent; the apparent return of ‘great power’ politics in international relations, accompanied by tensions over trade and technology vendors, pose particular challenges for small, open economies like Ireland.
Ireland hosts over 30% of EU data and the European headquarters of a number of the world’s largest technology firms
Secondly, the technological base of the Irish economy has developed significantly in recent years; the State is now home to a large proportion of Europe’s data (upwards of 30% according to some industry assessments) and the European headquarters of a number of the world’s largest technology firms. Critically also, the conceptual evolution of cloud computing has had profound implications for Ireland. In many cases, rather than being passive repositories of data, these centres are now home to live operational software environments; an outage or incident affecting one of those facilities could therefore have immediate disruptive effects on infrastructure or business across the EU or globally. In turn, this means that the infrastructure supporting these centres, public and private, now has an elevated security and economic risk associated with it.
The hybrid threats
Ireland is vulnerable to hybrid threats in much the same way as other EU Member States. To counter it, the Government established the ‘Interdepartmental Group on Security of Ireland’s Electoral Process and Disinformation’. The group is tasked with assessing the risks to Ireland’s electoral process, taking into account the substantive issues arising from recent experiences in other democratic countries with regard to the use of social media by external, anonymous third parties. It has proposed a number of measures to protect against these risks, including establishing an Electoral Commission, modernising voter registration, regulating online political advertising and supporting EU efforts to tackle disinformation. At a European level also, there has been significant work, including the creation of the Hybrid Fusion Cell, set up in the European External Action Service (EEAS) to facilitate the rapid sharing of information relating to the potential hybrid type actions affecting multiple EU Member States.