Mr. Pat Larkin:

I thank the Deputy. Very quickly, first and foremost, I suggest a very clear commitment from Government to say national security, cybersecurity is important and therefore we must move nationally from immature to optimised. A very clear statement around that would be good. There is a national risk register which I think is conducted by the Department of Defence. Taking the risk-based approach is looking at the risk register and then building strategic, tactical and operational mitigation of that risk with a commitment to it. While we are talking about budget and spend, it is wasted unless it is mapped and used in terms of strategically-planned risk mitigation approaches. Therefore I recommend a commitment from the Executive to say national cybersecurity is important and that we are really going to focus on improving it. That feeds down to co-ordination at a central level. What we do not want is turf wars and silos within Government so somewhere, maybe under the National Cyber Security Committee, NCSC, or under the Taoiseach, it needs to be co-ordinated from a national security perspective, with the cybersecurity pillar underneath that to drive it. One then uses resources like the NCSC to provide leadership and governance, particularly of critical national infrastructure services, and one uses the standards and frameworks that are there, namely, those of ENISA, the International Organization for Standardization, ISO, the NIST, etc.

The genesis of the collaboration piece has already been started. Cyber Ireland, which I should declare I am a board member of, along with Mr. Walsh and Dr. Byrne, is perhaps the genesis of this. I say so because it has an economic agenda, which is about creating the ecosystem of industry, academia, research and Government, so it is further support for that. The IDA and Enterprise Ireland are already supporting that and it will, in some respects, create the talent pool, industry imperatives, etc. Out of the national security plan, all of that is key but then we must build indigenous capability. It is then about bringing all the resources of the State and their tasking up to date, by which I mean mandating police to police cybercrime and State security, and mandating the Defence Forces to build capability. On that, I know, just colloquially that in some respect the Defence Forces have been restrained and contained in terms of the cyber role. There is an opportunity there for every soldier to be a cyber-soldier, for argument's sake, from an innovation perspective, because they have a training mandate and then they would bring huge national resources in aid to the civil power to all the rest of the authorities on a crisis basis. Thus it is about innovation, about taking the imperative from the top down to say this is really important, we need to solve it, we need to improve it and then all the strategy and resources flowing from there.