Gerard Craughwell (Independent) | Oireachtas source

I welcome Dr. Browne and Mr. Stephens. First and foremost, I must compliment the witnesses. When we first mentioned cybersecurity in this House, at that stage we were struggling to get proper terms and conditions for the organisation but I believe the NCSC is happy with that now. It has moved quite a distance there. Certainly, internationally, as I travel around Europe, I am aware of the liaisons the NCSC has across Europe and I compliment it on that and on its proactivity in that area. Many people speak to me about the fact that Dr. Browne is very much a seen person in Europe and that is an important thing for the Irish National Cyber Security Centre.

I have a couple of issues. The first one is that the NCSC is located in the Department of communications. We both know that I have always thought it should be somewhere else. How many tiers does the NCSC have to get through if it wants to speak to the Taoiseach? If there is a major crisis in which the NCSC needs to talk to the Taoiseach, does the centre have direct access and can it get that? That is the first question.

The second issue is that we floated an idea some time ago - I do not know if we ever got it into the centre - on the notion of a cyber fianna in Ireland, if you will. That is, there would be the National Cyber Security Centre, the people involved in cyber for consultancies and the like and then a third line of reserve, which might be the Civil Defence or the Reserve Defence Force or somebody like that. Generally speaking, I mean people who could help to reinstall software and to get things up and running fairly quickly.

I am extremely concerned about the lack of awareness amongst CEOs and CFOs. If asked about their state of cybersecurity, they will refer one to their IT department. We both know that IT departments might be great at making machines talk to one another but they do not always have a security lens. The course run by Professor Tom Acton in Galway, which is going to lead to cyber officers in organisations in the future, is a good move and I would be interested in Dr. Browne's view on that.

I am not going to hog the day. On national schools, the National Cyber Security Centre was very good to endorse the idea of bringing in cybersecurity training and awareness to national school kids from the age of nine and upwards. We are currently trying to get a national geographic project off the ground with the Department of education and I thank the NCSC for its assistance and its staff in that regard.

I have one last point and that is that we have discussed the issue of critical risk analysis tools before and Dr. Browne and I have seen the output from one of those. Is the NCSC going to license the users of these CRAs? It strikes me, and I am aware that Dr. Browne had some concerns about the amount of information that could be gleaned from a CRA, that it is great when dealing with somebody that can be trusted and who will do the right thing but bad actors come in all shapes and sizes. Is the NCSC going to start or does it already have a register of what CRAs are in use in the country, and who has access to them? I will leave it at that and I appreciate the Chair letting me in on the time.