The Government has agreed to hire 20 more staff at the State’s cybersecurity body in a bid to respond to the growing global threat from cyber attacks.
The expansion would bring the strength of the National Cyber Security Centre (NCSC) from 25 to 45 within 18 months, with a further promise to increase it to 70 within five years.
The expansion has been widely welcomed, but some experts stress that the centre remains small and lacks power — and that legislation was urgently needed.
The Government’s announcement includes a commitment to develop legislation establishing the NCSC on a statutory basis with “formal powers and a legal mandate”.
That attack, linked to a criminal cyber gang, crippled the HSE IT system, massively impacting both professionals and patients and costing the State at least €100m in repair work.
US government departments, utilities, and companies have been targeted in a succession of cyber attacks and the EU cyber agency said last June that serious cyber attacks had doubled, with hospitals increasingly being targeted.
New government measures include:
- 20 additional fulltime posts with an estimated additional €2.5m in the NCSC 2022 budget;
- An increased salary of €184,000 (up from the previous maximum of €127,000) for the vacant post of director;
- A cyber security graduate training programme;
- A five-year technology strategy for the centre.
Mr Ryan said: “As Ireland is a leading digital economy, protecting the cyber security of Government IT and critical national infrastructure is vital.
“The NCSC has an important role in gathering intelligence on cyber threats and in sharing that information and providing expert guidance.”
Cyber expert Brian Honan welcomed the announcement but said it was “long overdue” and that legislation was needed.
“Having the numbers of staff to deal with issues by itself will not be enough,” he said.
“It is critical that the NCSC is giving the appropriate autonomy and authority to detect cyber threats to the country’s national security and to respond appropriately to those threats.”
He said the NCSC should also be able to interface with other key government agencies and provide protection for the private sector, which had been left “at risk from attacks by criminal gangs or rogue nation states”.
Pat Larkin, chief executive of cybersecurity company Ward Solutions and a former Defence Forces officer, said Ireland had just had “a wakeup call” and said it “should not have taken a national crisis to expedite this action plan”.
He welcomed the announcement, but said it should be a first step.
Mr Larkin said that based on equivalent levels of funding, such as to the UK cyber agency, Ireland’s NCSC should have an annual budget of around €50m.
NCSC’s budget in 2021 is €6.9m, up from €4m in 2020, €4m in 2019, and €3m in 2018.
Employers’ group Ibec welcomed the expansion and said nearly 250,000 people were employed in “digitally intensive” sectors in Ireland.