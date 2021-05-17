Last week’s attacks on our health IT architecture demonstrate we need to be more agile in our approach to national security and how we scan the horizon for threat.

While the focus on the current cyber attacks on our health IT infrastructure is undoubtedly focused on damage limitation and recovery, the State must now mobilise itself for serious focus on the broader issues – if we are to successfully protect our society going forward.

Whether it turns out outdated systems or software contributed to the efficacy of the attack, or whether this was new technology we are unprepared for doesn’t matter.

The facts are we have not been keeping pace with the need to monitor threats to our society at a national level.

Back in 2007, the threat of how effective a cyber attack could be in bringing a country to a stand-still, without a shot fired or blood spilled, was demonstrated when the Russian state disrupted the entire cyber landscape of Estonia.

Some years later at a conference in London, I heard the former Estonian minister for defence outline just how vulnerable a small country that had embraced tech was from an entity that sought out the weak points in that landscape.

At the time, it was largely only state actors that had the capacity to interrupt the life of an entire state.

But he flagged the point well that to protect itself, a state had to invest in horizon scanning capability and adapt its national security infrastructure to take into account the cyber domain as well as air, land and sea when assessing threat and preparing defensive measures.

Whether attacks like these are state or criminally inspired matters little – what matters is the damage they can do and how the state’s resources are arrayed to protect against them.

Currently, we have a number of State organs concerned with various aspects of cyber security.

The premier agency in the State for protection our cyber infrastructure is the National Cyber Security Centre. It comes under the stewardship of the Department of Environment, Climate and Communications and its minister and is based out in UCD.

By international standards and even by those of a small state, it is sparsely staffed and has a modest budget.

Then there are the Garda National Cyber Crime unit and the Defence Forces Communications and Information Services (CIS) Corps and the Defence Force Joint Military Intelligence Directorate (J2) and finally, the National Security Analysis Centre (NSAC), which comes under the Deptartment of the Taoiseach.

So, four different entities who have different roles and perspectives, with four different Government departments and ministers all with differing viewpoints and perspectives on the nature of the threat.

Read More

It is at that level we must sort out a more direct and common-purpose approach if we are to have success in the future in protecting out cyber landscape.

The problem with four differing entities is that they all have different strategic approaches.

While the current lead agency has excellent people working for it, it is not their role to be looking at the broader reaches of national security dilemmas.

If we look across the water at our nearest neighbour, we see that their National Cyber Security Centre comes under the remit of the Government Communications Headquarters (GCHQ), a long-established arm of the UK security and intelligence services.

The fact then that cyber security in the UK ultimately falls under the leadership of the security services means that tech wizardry and know-how is mixed with long-standing strategic awareness of threats of a wide and diverse nature.

This crucial mix allows for the UK to better analyse the nature of threat and where their weak points are and better prepare for them.

No state is perfect, and the UK has been in a mindset of threat response for some time, which ensures they have to stay on their game.

However, despite what some may think, the Irish State is not immune to threat and in particular, threats of a cyber nature.

This attack did not happen out of the blue.

Back in 2017, there was a hostile penetration of the ESB grid and around that time frame there as a similar penetration of the HSE.

Both penetrations did not lead to any major problems like we see now, but they did show that there were serious holes in our State cyber security apparatus.

Interestingly, an hour after the HSE penetration, the Scottish NHS (their version of our HSE) was also penetrated.

Security sources at the time of the 2017 incidents put those penetrations down to a hostile state probing weaknesses and searching for vulnerabilities in the cyber infrastructure of western European states.

At that time, the expert opinion was that only another state would have the tech resources to carry out such a penetration.

However, such are the monetary rewards of cyber-attacks, many of the people who worked at hacking for totalitarian states have now gone to work for criminal networks.

These are not gangs of thugs, but organisations that are run on sophisticated business models.

Therefore, it doesn’t matter whether it’s a purely criminal enterprise or espionage, the only way for a state to protect itself is by a joined-up, whole-of-government approach, mixing tech ability with strategic know-how and risk mitigation.

Declan Power is an independent security and defence analyst.