Mr. Pat Larkin:

It is my pleasure to attend the committee today, give an opening statement and answer any questions that members may have. The last time we were here, members asked contributors about the emerging trends we saw in the cybersecurity realm affecting our clients and what was required to mitigate such threats. The last hearing took place in the ominous shadow of the HSE attack. Since then, cyberwarfare threats have escalated in a manner and in a timeframe which has blindsided the majority.

On foot of the Ukraine invasion, Ward Solutions, the organisation of which I am CEO, notified our clients in our situational security advisories of what we believed to be significantly increased risks to them, including increased criminal activity capitalising on the emotive curiosity arising from the war; increased cybermilitia activity from both global and local activists, attacking Russia, Ukraine or western countries with commensurate direct or collateral damage and the associated problems with attribution and blame; increased nation-state activity responding to geopolitical objectives, for example, cyberactions as part of hybrid warfare, malicious reaction to sanctions and counterstrikes to actual or perceived nation-state cyberactivity; failure of risk transference mechanisms, such as cyberinsurance, arising from policy exclusions for cyberevents originating from nation-state activities or acts of war; attacks and disruption to nearstream and downstream supply chains of national and global critical national infrastructure providers such as finance, health, utilities, telecoms, cloud services, software-as-a-service and transportation; the lack of capacity issue for already stretched cyberservice providers to support wider-scale attacks; and accelerated segregation or cyberbalkanisation of the Internet.

We continue to advise our clients on actions that should be undertaken, based on urgently revising risk assessment, mitigation and security operation plans. This encompasses increasing awareness, increasing security controls, performing basic and advanced cybersecurity tasks better, testing and rehearsing incident response plans, and disaster recovery. We have advised our clients of the need to maintain a hypervigilant security posture for the long term, planning their programmes and resources accordingly.

When we consider the tragedy and adversity of the Ukraine invasion, where Ireland is not politically neutral, along with the previous HSE cyberattack, where Ireland was at that time in a politically neutral state, we can see that neither aligned nor non-aligned status offers us effective protection from nation-state, militia or criminal cyberattacks. On a daily basis, Ward Solutions continues to deal with ever-growing operationally and financially crippling cybercriminal activity against our clients, regardless of the current geopolitical situation.

Once again, I am appealing to this committee and to anyone who will listen. I am advocating the need for a more comprehensive, robust, better resourced and highly innovative national cybersecurity strategy that is integrated as part of our national security strategy to protect Ireland. We have started the journey and made some inroads, but we are nowhere near the levels of protection we require for this decade and the rate at which the threats are developing. Time is of the essence. We have seen malevolent nation-state activity for over 15 years. Ireland has been hit both directly and indirectly. National cybersecurity strategy, practice, capacity, resources, research and capability is not something that we can switch on in days and weeks in response to a specific crisis. It requires deliberate planning and constant adaptation to extract short- and long-term success. The strategy is needed to protect our society, citizens, public and private services and our prosperity. If it is well executed, it will also bring very significant economic benefits to Ireland. The direct cybersecurity market is estimated to be worth $270 billion by 2026. There is a significant digital sector, which is heavily cybersecurity-dependent. An effective national cybersecurity strategy offers multiple levels of payback which can not only fund the strategy but also return real profits in terms of investment, jobs, export revenue and corporate taxes from the direct cybersecurity sector and from the cybersecurity-dependent sectors. The State’s role in this strategy should be that of leader, co-ordinator, enabler, incubator and accelerator.

I am also a member of Cyber Ireland, the chairman and cluster manager of which made a presentation to the joint committee in 2021. We have been steadily working over the past four years to co-ordinate the triple helix of industry, government and academia in order to make Ireland a cybersecurity global leader. As part of our work, Cyber Ireland recently commissioned an international expert study of the cybersecurity sector in Ireland and will launch this study and an accompanying sectoral policy paper in May 2022. Both will be submitted to this committee. We believe they will be invaluable to members' considerations on Ireland’s cybersecurity strategy.