The Republic of Ireland ranks itself among the foremost European Union (EU) member states in terms of uptake and use of digital technologies. There’s no doubt that Ireland has significantly gained economically from its EU status: the development of the pan-European data exchange system, its geopolitical location, and open economy have also contributed to the country’s position as host to a major share of Euro-centric data and economic activity.
Its success in this respect has, unsurprisingly, made Ireland a prime target for cyber threats bent on hacking into its enterprise information systems, financial deposits, and critical national infrastructure. Despite increased level of security awareness over recent years, cyber crime incidents in Ireland are on the increase, with 61% of Irish organisations reported to have suffered cyber crime in the last three years, up from 44% in 2016, and its attack rate is now double the average of global companies (31%), according to PwC’s Irish Electronic Crime Survey 2018, with an estimated loss on average of €3.1m.
The country is also subject to cyber attack by nation-state threat actors. The Irish Independent reported that the North Korean hacker gang called Lazarus carries out ‘almost daily’ cyber attacks on Irish banks and utilities, according to Symantec. According to a report on Independent.ie, investigators believe the cyber raid carried out against Meath County Council – the regional government body for County Meath – in October 2016 originated in North Korea.
In total some €4.3m was swagged following the Business Email Compromise attack on the local authority, but was later recovered from a Hong Kong bank due to action by the Garda Computer Crime Bureau, Europol and Interpol. However, the Council later confirmed that the recovery effort incurred costs of €120,964.
Another high-profile Irish attack was directed at EirGrid, the utility company that manages Ireland’s electricity grid. EirGrid was targeted by state-sponsored cyber attacks in April 2017, which left its network exposed to further attack. Using IP addresses sourced in Ghana and Bulgaria, the attackers gained access to a Vodafone network used by EirGrid in the UK, the Irish Independent reported in August 2017.
Following the initial security breach, the attackers then compromised the routers used by EirGrid in Wales and Northern Ireland. This was achieved by installing a ‘virtual wiretap’ on the system so that the attackers had access to all of unencrypted communications sent to and from the companies. The hack came to light after a tip-off to EirGrid from Vodafone and the UK National Cyber Security Centre.
PwC’s Irish Economic Crime and Fraud Survey revealed that the rate of economic crime in Ireland has increased significantly since the previous (2016) survey: 50% of Ireland-based respondents to the poll reported that they were victims of fraud or economic crime, up from 33% of respondents in 2016. More frauds are being detected, but more fraud and economic crime is happening – including specifically, cyber crime, PwC’s research found.
Given the detrimental impact this could have on the Ireland’s attractiveness to foreign investors as a safe place for the conduct of business, its minority coalition Government has since 2017 redoubled its efforts to make the country more cyber resilient and security conscious.
The Irish Republic’s first Governmental National Cyber Security Strategy (NCSS) was published in 2015. It set out a roadmap for the development of a National Cyber Security Centre (NCSC) for Ireland, and a series of measures to better protect Government data and networks, and critical national infrastructure. Since then the NCSC’s activities have enlarged in scope and capability; and the introduction of EU Network and Information Security Directive (NIS Directive), a significant set of measures to support Government Departments and Agencies in managing their systems, has further consolidated Ireland’s cyber defences.
GREATER GOVERNMENT ACTION PLAN In December 2019 Ireland’s Department of Communications, Climate Action & Environment published an updated and expanded NCSS, which outlines how the Government will continue to facilitate the security of the country’s ICT and associated infrastructure. “Ireland’s digital economy contributes 5% of national GDP and provides employment for more than 100,000 people. [Therefore] protections of data, sustained investment and the continuance of reliable, functioning ICT, and of the Internet, are priorities for us,” said the Minister for Communications, Alex White. “This Strategy [outlines] how Ireland addresses cyber threats and protects against them.”
With more than 6,500 people employed in the cyber security sector itself in Ireland, the industry is already a key part of the technology sector there, both in its own right and as an enabler for investment in related sectors. ‘Sustaining and building on this success is an essential part of ensuring future economic growth and high value jobs, and also ensuring that a cyber security ‘ecosystem’ with adequate critical mass exists in the State,’ the Government has said.
Ireland is among the leading ranks of EU Member States in terms of the uptake and use of digital technologies (7th out of the 28 EU Member States in the EC ‘Digital Economy and Society Index’ 2019). In practical terms, this means the country acknowledges, arguably more than most EU states, that internet technology and connected devices have ‘played a central role in delivering and enabling Ireland’s economic success’.
Ireland is the location of the European headquarters of many of the world’s largest technology vendors. An estimated 700+ US companies, for instance, now have significant operations in Ireland. These include major knowledge economy players like Dell, Facebook, Google, HP (Hewlett-Packard), IBM, and Intel. Its economic success is therefore closely bound up with its capability to provide a secure environment for these companies to operate within its borders.
Data centres are the early 21st century powerhouses of digital growth, and according to estimates, Ireland hosts 25%- 30% of all EU data. Critically, the conceptual evolution of cloud-based enterprise IT delivery models has had profound implications for the data centres of Ireland. In many cases, rather than being ‘passive’ repositories of data, these data centres are now home to live operational mission-critical software environments. ‘An outage or incident affecting one of those facilities could therefore have immediate disruptive effects on infrastructure or business across the EU or globally,’ the NCSS has warned.
CYBER SECURITY ‘OUTREACH’ INITIATIVES As an offshoot of the NCSS, Government of Ireland has also established the National Security Analysis Centre (NSAC) which will work across Government to support a coherent approach to assessing, understanding and addressing national security challenges, resulting in enhanced strategic advice for Government. Additionally, Ireland intends to reinforce its diplomatic reach in cyber security by assigning ‘Cyber Attachés’ to key diplomatic missions.
The Government also plans to deepen Ireland’s engagement in international organisations in dealing with the full range of issues that arise under the NCSS. As such, Ireland will join and play a full part in the NATO Co-operative Cyber Defence Centre of Excellence – or CCDCOE – based in Tallinn, Estonia This is a NATO-accredited group of diverse international experts recruited from more than 25 nations. The international military organisation focuses on interdisciplinary research and development, as well as training courses and cyber field exercises.
In October 2019, the Irish Ambassador to Estonia, Frances Kiernan, visited the Centre to submit the Letter of Intent and thereby start the accession process. “With its strong digital economy, Ireland is a country that is very much aware of the security risks in cyber space,” said Colonel Jaak Tarien, Director at NATO CCDCOE. When its application is ratified, Ireland will join Austria, Finland and Sweden as Contributing Participants – the status that designates non-NATO nations.