Friday 19 July 2019

Gardaí forced to shut down systems after cyber attack

Garda Commissioner Nóirín O’Sullivan. Photo: Damien Eagers
Garda Commissioner Nóirín O’Sullivan. Photo: Damien Eagers
Robin Schiller

Robin Schiller

A major investigation is under way after gardaí discovered a malicious cyber attack on their internal network.

It has emerged that a malware threat occurred on Thursday of last week, forcing IT staff to shut down a number of the organisation's systems.

A large amount of disruption was caused, including certain individual gardaí in various Garda divisions being unable to use their official email accounts.

The security breach has been identified as a 'zero-day' attack - when malware is used to exploit a software vulnerability, which can affect programmes, data and networks.

In a statement, An Garda Síochána said that an "appropriate solution" was implemented following the identification of the issue.

"Heightened security procedures were implemented and standard protocols were enforced across all Garda ICT environments to limit any effect on our systems," a Garda spokesperson said.

"Working with security experts the threat was identified and an appropriate solution was implemented across all Garda Síochána ICT (Information and Communications Technology) systems," the spokesperson added.

"An Garda Síochána are continuing our investigation into the incident," the spokesperson added.

Specialist gardaí from the Computer Crime Unit at the Garda Bureau of Fraud and Investigations are attempting to identify the source of the malware attack.

It has not yet been established if the security threat originated from within this jurisdiction or if the hack was made from outside Ireland.

The compromising of the Garda network would be disastrous for the force, with thousands of sensitive documents stored on various networks and data programmes.

Intelligence reports, as well as the personal information of victims of crime - who are referred to as an 'injured party' - are stored on the Garda Pulse system, while forensic and DNA evidence are also stored electronically. However, gardaí have said no data was compromised during the security threat, and the Pulse system and the Garda website were not affected either.

The ICT office was established in July 2008 in an effort to bring all ICT functions within the organisation into a single integrated unit. Providing a service desk to more than 16,500 users, the ICT section deals with the management of emergency 999 calls, case management and character vetting.

The force's IT systems have been criticised by the Garda Inspectorate, with the independent body describing the systems as decades out of date. In its 2015 report, the Inspectorate emphasised the need for "major upgrades" in the Garda IT system.

"Contractors may be required by an organisation investing in new technology and embarking on major upgrades of existing systems," the report stated.

"According to the Human Resources Strategy for Information and Communications Technology, the best possible staffing mix within the ICT Branch is one that represents the most flexible use of personnel in terms of overall costs, service delivery, ICT development and risk management. The strategy was approved by the Commissioner [Nóirín O'Sullivan], but has not yet been significantly advanced as of finalisation of this report," it added.

Irish Independent

Editor's Choice

Also in Irish News