Michael Lowry (Tipperary, Independent) | Oireachtas source

I welcome Dr. Browne to the committee and thank him for his presentation. On this occasion he is here in his capacity as director; the last time he was here he was acting director. He is coming here at a time when it is critical to develop and expand the services. His report today is encouraging in that it is progressive. Much is happening and we are moving forward to ensure that we have the capability to defend this space.

Dr. Browne said that work to fill the 20 permanent positions is at an advanced stage. I presume there was an international competition. What skill sets are available to us here in Ireland? Do we have people with the required competences in Ireland to fill these positions? I get concerned when I hear people talking about something being at an advanced stage because it is a phrase that is used frequently by the HSE when it is filling positions and we find that something at an advanced stage could still take a year. Is Dr. Browne satisfied that these appointments will happen imminently?

He mentioned temporary facilities. Obviously, to set up the kind of facility the NCSC needs requires considerable technology and expense. What does he mean by temporary? Will the NCSC be moving on to somewhere else? He mentioned the plan to increase to 45 personnel by the end of the year. Is that achievable? Obviously, it is necessary, but can it be done? He mentioned the capacity review involving devolving the compliance role to existing regulators. What regulators is he referring to?

There is a significant increase in the number of fake messages people receive. The public are alarmed at the expanding range of scams and the financial extortion involved in them. Is the NCSC taking mobile communications under its cyber remit?

Since the HSE network was hit, there has obviously been an increased awareness of the possibility of cyberattacks. Industry is taking it very seriously.

The HSE has spent millions of euro redressing the problem. Remediation of this type of damage is extremely costly. Several companies have advised me that they have moved to insure themselves against attack and the cost of an attack. They have been told the insurance companies are refusing to include cyberattacks on their policies. Insurance companies are saying that they treat cyberattacks as acts of war, which is similar to a clause that is used in the case of flooding, which they say is an act of God. This is obviously going to become a serious issue if it is not addressed. What is Dr. Browne’s feedback in that regard, and what is his view on insurance cover?