Oireachtas Joint and Select Committees

Wednesday, 22 September 2021

Joint Oireachtas Committee on Transport, Tourism and Sport

National Cyber Security Centre Review: Discussion

Photo of Gerard CraughwellGerard Craughwell (Independent) | Oireachtas source

I compliment the Minister of State on taking board the issue of cybersecurity, but we need to start seeing it from a much more macro perspective. We should compliment the Garda on reversing at least some of the damage done to the HSE. The Minister of State said a few moments ago that money was a bit of a red herring. I am appalled to hear him say that. Malta, one of the smallest countries in the EU, is scheduled to spend €1.9 billion on cybersecurity over the next six years. I am afraid it does not go down well with me to say that money is a red herring.

I compliment the Chairman and my colleagues on agreeing to bring a human resources expert in front of the committee because the money the Department offered for the director of cybersecurity role was a joke. No serious professional would come anywhere near this country for that money, which suggests to me, and I have said this many times, security, whether it is cybersecurity, internal security or external attacks, is treated as a joke. We do not take it seriously. The Minister of State is trying to change that, but if he is going to do so he will have to see a budget that will support him. Some €13.8 million was spent on cybersecurity from 2017 to 2021. Where are we going? At the end of the day, it is a joke.

As we move forward, and I have said this a hundred times, we need an integrated intelligence agency under a director of intelligence that will bring together all the different intelligence-gathering agencies of the State. That includes the Garda, Defence Forces and the Departments of Social Protection and the Environment, Climate and Communications. We need them all under one umbrella whereby they can share information and we will know what is happening. We take issues like cybersecurity with a grain of salt. In the past few weeks, we had word of a Minister's phone being hacked. It just sort of breezes past everybody as nothing to get too excited about. Maybe the Minister of State cannot answer this today, but are his phones protected properly? Does he have encrypted telephones? If he does not, then he should.

Ireland is a central location for foreign direct investment. We control some of the largest volumes of data in Europe and we are talking about having 30 people working in cybersecurity. There should be hundreds of people working in cybersecurity, particularly when you look at the United States, which has almost 1 million people working in cybersecurity, and Estonia, a country we looked down our noses at a few years ago because it was much poorer than us, and its reputation in this area. My colleague, Deputy Ó Murchú, spoke about the issues of the Defence Forces and legislation. Last night, we saw on television how the Graham Dwyer case may limit the capacity of the Garda to get involved in counter-espionage, or counterintelligence, which is outrageous. It is outrageous that that might happen. We see ships sailing up and down the Atlantic coast, coming very close to the 12-mile limit where they are capable of intercepting data travelling from the United States into Ireland.

There are 3.5 million cybersecurity positions open in the world. With that many positions open, Ireland will have to compete. To do so, we will have to put billions into cybersecurity. We will not have foreign direct investment here in a few years' time if we start seeing cybersecurity attacks. I cannot understand it, but my belief is that since we all started to register on our mobile phones during the Covid-19 pandemic, we are being inundated with all sorts of crazy attacks. I get a dozen phone calls a week from the Department of Social Protection that I no longer answer. I will not answer any number now if I do not recognise the caller because I am sick to the teeth of it.

The Minister of State will be going in front of the Minister for Public Expenditure and Reform and the Cabinet in the next few days. Do they fully understand the impact there will be on foreign direct investment if they do not invest in cybersecurity? There is clearly a lack of understanding of what is required. In fairness to the Minister of State, after he saw the HR expert, Bláthnaid Carolan, talk to the committee about a salary structure of €220,000, he clearly fought the battle and got as close to that figure as he possibly could. We will, hopefully, get somebody very good for the role. The problem we have, with 3.5 million vacancies in the world, is if we will become a training centre for people who are paid poor money and who will move to higher-paying economies as soon as they are trained.

I am very concerned about this issue. This committee has taken a huge amount of time to debate these matters. I thank the Chairman for that and I thank the Minister of State for being here but is cybersecurity, and security in general, treated as a joke? Does he agree we need a director of intelligence and one single intelligence agency? I am shocked to hear that we have only one Defence Force member posted with the NCSC. It should be run by the military, like most cybersecurity organisations in the world. I will throw that over to the Minister of State and I might come back with one or two supplementary questions.


No comments

Log in or join to post a public comment.