James Lawless (Kildare North, Fianna Fail) | Oireachtas source

Thank you, Chair, for that. I welcome our witnesses to the committee. To Dr. Browne I say "well done" on what he has done to date. I heard him in a broadcast media interview a few months ago and thought, "Great, we have someone who knows what he is talking about at the top of this important organisation." Kudos for that. He has made a good impression early. I listened with interest to the earlier comments from other members and his answers to various questions. He talked about how the organisation has been ramped up, effectively, in recent times. Again, that is good to hear. One of the issues that was historically a concern regarding our cyber-readiness and cyber-preparedness, including the centre and just more widely, was the degree of resourcing from which the centre was benefiting - or not, as the case may be. It seems from Dr. Browne's earlier comments in his opening statement that that has been largely addressed, but he should feel free to put us on notice if he still feels there is a gap that needs to be plugged there or if the NCSC needs additional supports.

The first question I have is about the budget the NCSC enjoys. Conventional warfare is quite rare these days. We see it on the battlefront in Ukraine, but outside of certain pockets of the world it is really becoming the exception, while hybrid warfare is becoming the norm. In this country I think we have been subject to it on many occasions, probably a lot more than we realise, in terms of cyber, disinformation, hybrid, interceptions of our vital services and utilities and the submarine cable interceptions. There is a huge variation of attacks to which we can be subject, so cyber and hybrid are probably to the forefront of modern defence. Does the NCSC's budget reflect that, that is, the budget to the conventional services as opposed to the budget to the NCSC's department? How do they compare? What percentage is the NCSC of the overall budget? We may need to address that if it is not sufficient.

I will ask a number of questions and the witnesses will probably want to come in on them as a block rather than going in and out as I go through them.

I think some members might have touched on my next question already. As regards the NCSC's staff, one of the issues I heard raised in the past with the centre was that there was not a huge degree of operational expertise. That may be fair or unfair. I do not know. That is why I ask the question. What is the ratio between academic expertise, that is, people who are very knowledgeable in the areas of cybersecurity and hybrid warfare, and people who have had operational experience in the field, be it in this country or in other countries, actually combating advanced operations and attacks? To what degree is that balance achieved among the NCSC's staff and workforce? To what degree do other law and order associations such as the Garda, the conventional Defence Forces and other agencies feed into and co-operate with the NCSC in that regard? What is the NCSC's composition in that regard?

I mentioned that we have a huge variety of important assets here, not least the data sets for many multinational companies headquartered in Ireland. By virtue of that, we hold, I think, 40% or more of the EU's data sets in totality. We have, as I mentioned, the submarine cables which transmit data from Europe to North America. We are at the coalface of that, being on the western shores of Europe. Disinformation campaigns are a concern. There is energy and utilities. I think the NCSC did a study towards the end of last year, which, again, I am pleased to see. It performed a mock energy attack and saw what defences and what preparedness we had for that. Again, it was very encouraging to see that. There are all kinds of threats. A couple of members have mentioned the HSE attack, and of course it is of concern, but I would be probably more concerned about the ones we do not know about, that do not really make the newspapers, that are not well documented. How many systems or agencies have been intercepted, back doors created or Trojans put into networks that we do not even know exist and that could be there, dormant and ready to be activated at particular times or perhaps gathering data? Perhaps there is international property theft etc. going on. I would be interested in any views on our preparedness for that or to what degree that is happening. I appreciate that the witnesses cannot talk about operational issues in any detail whatsoever, but they might give us a flavour as to what kind of activity goes on and what kinds of threats are we subject to regularly.

Finally, I think we recently joined the Tallinn centre of excellence for cybersecurity. That was mentioned earlier as well. I have often been impressed by what it does, and if I ever get the opportunity to visit, I will. I know that Estonia is very advanced in many ways on activity and eGovernment as a whole. I met Estonia's former Prime Minister a while ago, and I think because of the Cold War he had a clean slate to start with, so he managed to go digital from the get-go as opposed to a lot of other countries that are getting there very slowly after decades of paper-based administration. I have one question about that. I understand that that is a NATO-type centre. Certainly, NATO has a leading role in it. I was delighted we were able to join it, but were we in any way compromised or limited in our engagement because we were not a member of NATO? On the same theme, there is the intelligence chairing that goes on. We often hear about the Five Eyes, for example. I am sure that other intelligence chairing takes place through other agencies. Are we able to benefit from that chairing to the greatest extent? Are we limited in any way because we are not a member of certain international alliances? Do we suffer in any regard from that?

There were a couple of questions there. Keep up the good work.