Mr. Pat Larkin:

In respect of what we need to do differently, we have had a wake-up call. The original point about the cyber, environmental and global pandemic being on the risk registers was that all of us, myself included, silently hoped that these events would never occur. Therefore, we have been adopting the mindset of these events being a risk, but wondering of we should do anything about them. These risks now have materialised and are materialising as we speak. We must recognise that reality and change our mindset.

The national mindset and psyche is based on Ireland being a neutral country that is not in an alliance. It is thought that we do not follow an aggressive foreign policy so therefore we do not need a large defence organisation or national security infrastructure or apparatus. However, we do now, from a cybersecurity perspective. We need to adopt that mindset. It is not about projecting foreign policy or insidious foreign policy; it is about protecting the societal and economic benefits that we have. Therefore, we must invest. Historically, we have underinvested in national security.

The threat is no longer a geographical one. Any of these organisations, whether they are nation state or criminal organisations, can simply project themselves across the Internet at Ireland. For example, Ireland is a member of the UN Security Council. If we set out our policy on the Israeli-Palestinian conflict or another issue on which are entitled to set out our policy, it is possible that perhaps not even a nation state but a militia group within a nation state, may object to that and inflict collateral damage on national security by simply objecting to it. It is about recognising that reality and making the philosophical mindset shift towards the idea that we need to protect our national State, resources and sovereignty and then investing accordingly.

The biggest issue is the shift in the societal and political mindset towards the idea that national security is important and we have something worth protecting. Everything else flows from there. We have a national risk assessment which is updated regularly. We must look at that, because the risks were set out on that assessment. We need commitment from Government. It requires a whole-of-society commitment that is made collaboratively. Government, industry and citizenry need to do their bit. Once that mindset has been adopted and it is recognised that we must secure ourselves nationally, we need collaboration and alliances. If an attacker is projecting themselves from a nation state in eastern Europe, Asia or wherever it is, we will not solve that problem from Ireland. We will solve it through alliances with international governments, UN member states and international law enforcement, policing and intelligence. We need to try to build that consensus.

We have an awful street credibility now because we are suffering a catastrophic attack on our national health system. Looking at other countries that have suffered attacks, Estonia, for example, suffered a similar catastrophic attack against a wider set of its critical services in 2007. It came back from it stronger. It took the attack as a wake-up call. Now, it is one of the leading actors in the area of international law on cybersecurity. It built alliances, albeit typically with NATO member states, around protection. In respect of resilience, it has developed a clear strategy around delivering digital government to ensure that it is secure in the face of an attack by a nation state or criminals..

We should heed the wake-up call. We must make the shift in the mindset towards the need to ensure security and to do it right. We must adopt a very coherent and well-resourced strategy to deliver it and we must stick at it. We cannot just let this moment pass and move on with business as usual once the health system has recovered. We need to heed the wake-up call.