Ossian Smyth (Dún Laoghaire, Green Party) | Oireachtas source

I thank Senator Dooley. He is absolutely right that cybersecurity is a journey, and not a destination. I will start with the Senator's question on what vulnerabilities might have shown up that we might have protected against. That question will be analysed as a result of the three inquiries that will go on. Clearly, the focus right now is on resolving the problems with the HSE's network in getting its services working again. However, the Garda investigation is going on. There will be a data protection investigation. The HSE will have to report back to us. It is doing is IT investigation to see how this happened. It will report back to the NCSC and we will analyse and strengthen as a result of that. We do not know the result of this yet.

In terms of the report of the capacity review, which was commissioned at the start of the year, this was envisaged in the programme for Government, that we should review the capacity of the National Cyber Security Centre to see whether it is capable of carrying out its functions and how it compares with other cybersecurity centres of similar size with similar challenges around the world. Are there any skills that we do not have? Does it need additional resources? It is not just a question of what we do this year, but of how that plays out for the next five years. How should the National Cyber Security Centre develop over the coming five years to address increasing challenges? Obviously, every year more services go online, more people go online, and the threats become larger, as these cybercriminals collect ransoms from companies which pay up. They are becoming stronger and there is an arms race, then, between them and the cybersecurity professionals in protecting themselves.

In terms of whether I can publish the report that comes out, I do not have the report yet. A draft has been done. I have been briefed about it by my officials. Of course, it will be reviewed in the light of this most recent incident. However, it will recommend what the staffing should be over the coming five years and whether we are lacking any resources.

I need to strike a balance between transparency, democracy and being able to share with the committee what the conclusions are, while at the same time being able to protect the national interests and make sure they do not expose weaknesses to attackers that they could potentially use to their benefit. I am happy to engage with both the Chair and the committee members to find how we do that. I will look at how other cybersecurity centres find that balance between transparency, democracy, and national security.