Oireachtas Joint and Select Committees
Wednesday, 22 September 2021
Joint Oireachtas Committee on Transport, Tourism and Sport
National Cyber Security Centre Review: Discussion
The 2017 attack on the NHS was the WannaCry virus ,which was not a ransomware attack. It did cause great damage to NHS systems. It also attacked the HSE and luckily the HSE was protected to the extent that much less damage was caused.
On the question of centralised cybersecurity, the Senator was suggesting that every cybersecurity lead in every Department should report to the NCSC director. This is a centralised model, and the opposite of the model we were discussing with Deputy Cathal Crowe, whereby we have a distributed model as people need to be able to control their own cybersecurity in their own organisations. We are not proposing, and the review of our cybersecurity capacity does not suggest, that we should centralise all our cybersecurity and have it run by the Department with responsibility for communications and that everyone should report to it.
Senator Craughwell also raised the question of the reporting of cybersecurity events and the transparency around those. I agree with him on this.
Usually, not every cybersecurity attack and incident that happens is reported and becomes well-known to the public. The assumption is then that staff are doing nothing or that nothing is happening and there is nothing to defend. I would like to see in the future a framework for better reporting to the Oireachtas and to the public of the cyberattacks that are happening and how they are being defended against.