Ruairi Ó Murchú (Louth, Sinn Fein) | Oireachtas source

I thank the speakers. I agree with what has been said. We have fairly conclusive proof, to the narrative that is out there, that we have insufficient capacity to deal with the situation we are in. Will Mr. O'Reilly and Mr. Larkin put it starkly what exactly we are facing in terms of ransomware? I am talking about the number of attacks and the number of criminals we believe are operating in this situation.

Mr. O'Reilly spoke about the Colonial Pipeline situation. The big fear beyond even what has happened is the cyber to physical attack and us being wide open. As brutal and heinous as the attack on the HSE was and, similarly, the Colonial Pipeline attack, they were both high profile and some of these gangs may have bitten off more than they can chew. We all know there is a certain narrative that some of them might even be, as it were, semi-state operators, so there would be communications between states and these criminals, and maybe they have been told to rein themselves in. The fact is there is a threat and it needs to be dealt with. What exactly needs to be done regarding the threat facing us?

I would also like if Mr. Larkin could give a bit more information on the risk assessments. My fear is the NCSC, when it has a concentration on compliance, does not have the capacity to carry out that compliance and risk assessment, and then enforcement related to risk assessment is carried out on organisations that are of critical importance to this State. It is what we need from a point of view of protecting this State, as Mr. Larkin said, and then I have even heard a narrative in the past while that as we build that sort of capacity, we also need there to be an element of offensive capacity.