Oireachtas Joint and Select Committees
Wednesday, 3 November 2021
Joint Oireachtas Committee on European Union Affairs
EU Cybersecurity Strategy: Discussion
I welcome the guests to the committee today. This area is fascinating and is one that needs serious attention and focus, given our recent experience of cyberattacks. We have seen how it has decimated Ireland and our health service. There is a fear that it could be replicated very easily in other areas. I listened with interest to the opening statements and the responses to some good questions. Certainly, Ireland has a responsibility to develop a cybersecurity strategy alongside all of our EU counterparts, but it is only as good as the resources available to back up that strategy. Indeed, looking at the capabilities and responsibilities at a national level, I have some concerns around our responsibilities. I want to hone in on one area in particular, and concerns I have with regard to one of the key pillars in terms of us as a country and a State living up to our responsibilities, namely, the Defence Forces.
There are serious difficulties with the recruitment and retention of Defence Forces personnel. Looking specifically at the Naval Service, there are massive issues there in terms of recruitment and retention of. I also sit on the Oireachtas Joint Committee on Foreign Affairs and Defence and we recently visited the naval base at Haulbowline, County Cork. We listened to the concerns raised by members in all ranks within the Irish navy in respect of the recruitment and retention of staff and how it is impacting on their role and responsibilities. Obviously, they are tasked with a number of responsibilities in policing Irish waters, not just in terms of fishing, but also in policing the multitude of transatlantic data cables that pass through Irish waters off the southern coast, serving all of Europe. I imagine that Ireland must be the first line of defence for those cables that serve not only Europe, but Ireland as well. We have a domestic responsibility and a European responsibility to police those cables.
The concern is that currently, out of a fleet of nine ships designated for policing what is a massive maritime area that is ten times the size of the landmass of Ireland, only one is at sea due to a multitude of reasons and ongoing issues within the Naval Service, including the retention of members of the service. Looking at the fleet of nine ships of which only one is at sea, they have a responsibility to police not just what is at water level, but everything that is above that and, probably more importantly in this case, everything that is below the water level. We do not have sonar capabilities in our fleet, so we are absolutely blind as to what is going on under the water. Concerns were highlighted last August when what was described as a foreign spy ship was alleged to be monitoring some of these critical cables off the west coast of Ireland. All we could do was to monitor that ship; we could not see exactly what it was doing under the water, or whether it was attaching any devices to any of the cables. I imagine that is quite concerning. When we talk about capabilities and responsibilities at a national level, do the witnesses view that as a concern? For me, it is a very serious concern, given that in my mind, we are the first line of defence. We can talk about all of the other issues further down the line, but if we cannot police at that very basic level, it is of serious concern.
The other issue I wish to raise, which was touched upon quite extensively by Mr. Cuffe, concerns cybersecurity for consumers. It is a key area of concern. Mr. Cuffe outlined all of the activity that consumers and children do online etc. I certainly believe that there needs to be a massive campaign in this area, both nationally and across Europe. Mr. Cuffe spoke about cybersecurity week at a European level. I do not think that was picked up here in Ireland. I imagine that very few people know about that awareness campaign here in Ireland. I am aware of the Webwise initiative that is rolled out by the Department of Education, which is tasked with giving parents, teachers and children the tools around cybersecurity. I am not sure how well that initiative is resonating with people. I am probably showing my age but I refer to the campaigns on road safety and the green cross code. Perhaps some of the other committee members will be aware of those campaigns. I am sure some of them will remember the song that went along with the campaign. The campaigns resonated and stuck with people in respect of safety issues around roads and how to cross roads etc. There is no campaign that delivers that powerful message not just to young people, but to people right across the board in terms of the security, their responsibilities as consumers and how to use the online world safely. Serious focus within our own national strategy must be placed on how we are going to get that message across. Going back to the core point, there needs to be national campaign with the resources behind it to promote it and ensure that when people go online, the message of "security, security, security" is there. The areas that I wanted to touch upon are the national responsibility of the Irish State, the failures, as I see them, around its primary responsibilities in cybersecurity, and at the other end, the consumers and the need for a comprehensive campaign around cybersecurity.