Gerry Horkan (Fianna Fail) | Oireachtas source

We knew the origin of the HSE attack but we have never said the state was directly responsible for it, which is a diplomatic distinction. I obviously will not be doing that now. It is very safe to say that the international assessments are that the majority of offensive cyber actions can be associated with groups in four countries, namely, Russia, China, Iran and North Korea, DPRK. That has not really changed; that has been the case for a very long time. The extent to which these are state-backed or state-funded or even where the state is aware of them varies by incident and by the period. It is safe to say that the ransomware industry is, by and large, heavily premised on activity in Russia. Is that not the case? It does not necessarily mean always based in Russia or in any way working under the auspices of the Russian state. There is, however, a heavy emphasis on the Russian criminal ecosystem in that world.

Beyond that, it is important to note that offensive cyber tools are in use broadly across the world but the manner in which they are used and the ends to which they are used differ. There is a clear distinction that can be drawn between different actor types. If members are looking for a more detailed outline of this, in the middle of last year we published a national cyber risk assessment. It called out both the major sources of these kinds of activities and the effects. I think the effects really matter as well. Calling something an attack is all well and good but some incidents have very low impact and some incidents have very high impact. That should be taken into account in all of this too. The assessment was published in July of last year.