Charles Flanagan (Laois-Offaly, Fine Gael)
Link to this: Individually | In context | Oireachtas source

Good afternoon. All persons present in the committee room are asked to exercise personal responsibility to protect themselves and others from the risk of contracting Covid-19.

Our afternoon meeting today is with representatives from the Institute of International and European Affairs, IIEA, to discuss its recent publications on hybrid threats and threats to the national infrastructure.

I am pleased to welcome Dr. Barry Colfer, the director of research, and Mr. Cian FitzGerald, researcher in the area of security and defence. They are both very welcome.

The format of our meeting is in the usual manner. We will hear the opening statement followed by a questions and answers session with members of the committee. I ask members to be concise with questions to allow everybody an opportunity to participate. I would like to welcome Deputy Réada Cronin to our public session and acknowledge her contribution as a new member of the Joint Committee on Foreign Affairs and Defence. She is very welcome.

I advise witnesses and members of the long-standing parliamentary practice that we should not criticise or make charges against any person or entity by name or in such a way as to make them in any way identifiable, or otherwise engage in speech that might be regarded as damaging to the good name of the person or entity. Therefore, any statements that may be potentially defamatory with regard to any identifiable person or entity will result in a direction to discontinue the remarks. It is imperative that any such direction be complied with.

For witnesses attending remotely from outside the Leinster House campus, of which there are none, I was to advise on the limitations to parliamentary privilege, but it does not apply to today's meeting. I would also like to remind members that they are only allowed to participate in this meeting if they are physically located on the Leinster House campus. I would say for the benefit of our witnesses and guests that we are still operating a hybrid model insofar as is possible for members to attend remotely from their offices. I do not have any indication of any such attendance at today's meeting. If that changes during the course of the meeting, I would be happy to advise. I now call Dr. Colfer and Mr. FitzGerald to make an opening statement. I thank them for being here.

Dr. Barry Colfer:

Gabhaim buíochas leis an gCathaoirleach agus leis na daoine uaisle. Mar stiúrthóir taighde san Institiúid Gnóthaí Eorpaigh agus Idirnáisiúnta, táim an-bhuíoch an deis a thapú a bheith leis an gcomhchoiste inniu chun cúrsaí tábhachtacha polaitiúla a phlé. I thank the committee for the opportunity to address it on behalf of the Institute of International and European Affairs, IIEA. The IIEA is a public policy and international affairs think-tank in Dublin. Through a co-ordinated programme of research and events, we seek to contribute to public discourse across a wide range of matters and subjects that are of public interest and which I believe are of interest to this committee. This relates to, but is not limited to, EU policy and relations, economics, digital policy, development matters, climate and energy, foreign policy, health, justice, disability, UK-Irish relations, and indeed security and defence policy.

I will speak for a few moments about the IIEA's security and defence programmes specifically before handing over to my colleague, Mr. Cian FitzGerald, who authored the paper that has been circulated to the committee. Within this part of our work, the IIEA considers issues including the EU as a security actor, the future of defence capability, future force design, and the implications of all this for how conflict happens and wars are fought. Work in this area also relates to the changing character of warfare more generally, including the use and development of artificial intelligence, AI, drone technology, quantum computing, the future of nuclear proliferation and much more. Our security and defence programme resides within the broader geopolitical context that all of our work relates to, including Russia’s war in Ukraine, EU-UK relations following the UK's withdrawal, the future of NATO, the competition for rare earth minerals and scarce resources, the rise and repositioning of China and India, the politics and relations with Africa, climate change, populism, demographic change and much more.

Given the institute's particular interest in Irish-EU relations, and the future of the EU and Ireland's role within it, the changing security and defence context within the EU and its neighbours is particularly salient for our work in this area. It raises questions relating to the EU’s attempt to become a security actor through, for example, the promulgation of the EU’s strategic compass, which is essentially the EU’s security strategy. It raises questions relating to Ireland's unique position as a neutral country within the EU's evolving security and defence environment. EU relations with NATO and how the resources of Ukraine’s forces can be replenished are also of concern to our work.

Our recent paper that Mr. FitzGerald will present shortly, Black Swans in the Grey Zone: Defending Ireland’s Energy System Against Cyber Threats, examines the threat posed to critical energy infrastructure and Irish society by hostile cyberactivities. As Russia's armed forces continue to get bogged down in its war against Ukraine, Russia may increasingly seek to utilise other means to achieve its political aims by targeting European states such as Ireland, as has been well documented. In this context, the Russian Federation may increasingly seek to undermine western support for Ukraine through the use of grey zone activities, that is, the spectrum of threats that operate above the threshold of normal global politics but that falls short of kinetic warfighting, such as cyberattacks on services crucial for the normal functioning of society in Europe. Ireland, due to its importance in global technology and communications coupled with its limited defence capabilities, may be a target of this form of aggression. This paper explores how Russia conducts cyberwarfare operations, often cloaking them so that they appear to be run-of-the-mill cybercriminality. Aside from the obvious impact this has for people and businesses, this often seeks to undermine confidence in Governments and public authorities.

Finally, this paper examines how Ireland could enhance its resilience against such attacks by using a whole-of-society approach to national defence which could enhance the ability of the State to respond to and deter grey zone aggression. We hope that a discussion and better understanding of this topic can help to inform a debate in Ireland regarding future security and defence policy. With that, I hand over to Mr. FitzGerald.

Mr. Cian FitzGerald:

Good afternoon. It is a pleasure to be here to share the IIEA's work on hybrid and grey zone threats to Ireland. Ireland’s national security is the basis for its national and social prosperity. However, at present, we are seeing the rise of a growing type of threat to our security and prosperity that members may be familiar with already. That is grey zone threats, which are transnational and incremental, operate below the threshold of conventional conflict and do not respect borders, sovereignty, or delineations between civilian and military targets.

Since December 2022, the IIEA has been conducting a project that reflects on the changing character of warfare as a consequence of increasing international competition and tensions. Notably, revisionist actors such as the Russian Federation, which are dissatisfied with the present geopoliticalstatus quoand seek to tilt the balance of power in their favour at the expense of European states, are using a variety of instruments generally understood to be grey zone techniques. The grey zone as a concept is the spectrum of hostile and aggressive activities which exist above the peaceful normal activity of international politics but below the threshold of kinetic warfighting. They are generally low cost and low risk for the perpetrator but have a significant destabilising effect on the target state and its society.

Grey zone activities include the use, either in isolation or combination, of disinformation, election interference, espionage, intellectual property theft in key industries such as defence, life sciences and technology, and also the use of military manoeuvres designed to intimidate target states such as what was planned in February 2022 or cyberattacks designed to disrupt the normal functioning of society such as the attack on the HSE in 2021. Though occasionally some of the more high-intensity forms of grey zone activities attract headlines, these forms of activities are designed to be incremental and difficult to detect with the overall goal of changing the strategic landscape before the target state has realised what is happening. They are designed to sap the political and economic strength of the target state, to undermine social cohesion, and ultimately to leave them unable to respond to the revisionist state's increasingly assertive international posture.

Moreover, we expect to see a greater proliferation of the use of grey zone activities against European states, in particular those originating from the Russian Federation in connection with its war in Ukraine. Activities such as cyberattacks, and most recently the reported presence of Russian vessels mapping cable infrastructure, are designed to intimidate Europeans, to highlight their vulnerabilities and most importantly to undermine European support for Ukraine.

Ireland is increasingly and demonstrably at risk of such grey zone activity. Its ever-growing role in the interconnected economies of the Euro-Atlantic area, its importance in global technology and communications, its position in the EU and its relative diplomatic power, coupled with its limited capacity to protect itself, makes it a prime and under-defended target.

Russia has shown its willingness and preference for targeting civilian critical infrastructure as part of its grey zone campaigns to maximise disruption in target societies. What should be clear is that not only is the monetary cost of state-backed cyber warfare operations high, but the potential societal cost in terms of loss of confidence in the state’s ability to protect its citizens from harm is significant. As a second order consequence of cyberattacks, the effect on public trust in institutions could also leave societies more vulnerable to the disinformation campaigns that often accompany these types of attacks.

The paper published by the IIEA that Dr. Colfer mentioned, entitled Black Swans in the Grey Zone, which was circulated in advance of today’s discussion, focuses on threats posed to Ireland energy infrastructure as a part of grey zone activity. Examining the potential escalation trajectory of Russia's war in Ukraine, we believe that it is possible that as Russia military campaign continues to stall, in particular as it faces increasing volumes of western-supplied military hardware, the Russian Federation may choose to carry out cyberattacks against electricity infrastructure in Europe to try to erode Europe’s willingness to continue to support Ukraine.

Russia has demonstrated that it has the capability to carry out such an attack on energy grid infrastructure when in December 2014, after months of targeting and preparation, it carried out a devastating cyberattack on Ukraine’s power grid causing nearly a quarter of a million customers to lose power following a synchronized attack on three regional electric power distribution companies. Furthermore, the signalling from the Kremlin itself indicates that European energy infrastructure could be a target of some form of attack. In Vladimir Putin’s own words, "any critical infrastructure in transport, energy or communication[s] ... is under threat - regardless of what part of the world it is located, by whom it is controlled, laid on the seabed or on land".

With this in mind, the IIEA has identified that Ireland’s energy grid may be a preferred target for a cyberattack against the EU, either through repeated small-scale attacks or from a single large-scale attack. As a host to 30% of all European data, as well as cable infrastructure critical to global communications, sustained and large-scale power outages would not only likely disrupt Irish communications, society and undermine Ireland’s image as a safe and stable place to do business, but it would also have the potential to disrupt life in other EU member states.

What options are available to us to counter grey zone aggression? Though most of our recommendations focus specifically on protecting Ireland’s energy infrastructure, successful implementation would make Ireland’s society more resilient and better protected against the broader spectrum of grey zone threats. As a collective, our recommendations focus on how we can either make best use of or augment existing structures in Ireland.

Overall, we believe that the best means of defending Ireland against this form of aggression will require a mindset shift in how we approach national security. Ultimately, as Irish businesses, resources, people and society become the targets of grey zone activities, the security services of the State alone will not be enough to deal with these threats. Instead, it will require a whole-of-society approach to defence, which includes industry, NGOs, think tanks, academia as well as individual citizens, in protecting their society from harm by antagonistic actors.

Our first recommendation is that Ireland could enhance its resilience through greater co-operation between the public and private sectors. With private sector actors and Government having access to different types of data, in what we term the cybersecurity data gap, greater information sharing between the public and private sectors when it comes to cyber incidents would be mutually beneficial.

Second, the State needs to continue to build awareness in critical industries about cyber risks to operational technology and their role in national security.

Third, the State could enhance the resilience of Ireland’s electricity grid though greater redundancy and a focus on microgeneration programmes, such as the existing €2,400 grant for households to install solar panels. Not only would this assist the State in meeting its climate targets, but it would also enhance the State’s resilience to outages that may arise from a cyberattack against the national grid.

Fourth, we should consider the development of a threat-led penetration testing framework, modelled on the existing threat intelligence-based ethical red teaming, TIBER-EU-IE framework for our energy system. TIBER is an EU framework developed by the European System of Central Banks to stress-test individual banks' readiness in case of a cyberattack. Intelligence on cyber threats and best practices are shared across the framework’s EU network. Such a framework for the energy system would enable operators in Ireland to stress-test their ability to respond to cyberattacks in a systematised and regularised approach.

Our fifth recommendation is that Ireland should develop and enhance its intelligence capabilities to counter hybrid threats. At present, Ireland’s intelligence capacities are not in line with comparator countries. In short, they are insufficient for the present hybrid threat environment. By developing the State’s intelligence capacities, both in the Defence Forces and An Garda Síochána, the State will be able to make better and more rapid decisions in the instance of a crisis. This, coupled with a greater ability to attribute either hybrid or cyberattacks, should enable the state to deter this type of aggression and will potentially reduce the likelihood of an attack happening in the first place.

Our final recommendation is that the Government should examine the implications of the development of offensive cyber capabilities for defensive purposes to increase costs for perpetrators of cyberattacks against Irish critical infrastructure. This would also be in line with the 2022 Commission on the Defence Forces' recommendation for the development of a joint cyber defence command in the Defence Forces that would be able to conduct limited offensive cyber operations. We believe exploring the use of offensive cyber for defensive purposes would play an important role in changing the cost-benefit calculus for potential aggressors.

To conclude, we find ourselves in a changing and more threatening security landscape. Ireland faces a degree of threats that it likely has not faced before in its history, as potentially everything from social media to globalisation, international trade and the Internet can now be weaponised. Though before I close, I would like to emphasise there is cause for optimism. A mental shift to a whole-of-society approach to national defence would not only allow the full strength of the nation’s resources to be harnessed, but it would also give all stakeholders - Government officials, NGOs, the military, universities, business and, most importantly, the general public - agency in the State's future national security strategy, ultimately creating a more resilient and more robust society that is best positioned to deter would-be aggressors’ hybrid warfare campaigns. I thank members for their attention and I look forward to their questions.

Charles Flanagan (Laois-Offaly, Fine Gael)
Link to this: Individually | In context | Oireachtas source

Mr. Fitzgerald concluded on a note of optimism but it is one that is certainly couched in a pretty stark warning as to the vulnerability not only of the European Union and member states, but also in respect of Ireland.

I welcome Deputy Carthy to his first official meeting of this committee in his capacity of Opposition spokesperson for foreign affairs and defence. He is very welcome.

Matt Carthy (Cavan-Monaghan, Sinn Fein)
Link to this: Individually | In context | Oireachtas source

I might have to pop out for a few minutes for EU statements in the Dáil. I thank the gentlemen for their presentation.

I have a couple of follow-on questions in respect of the report. One of the recommendations is that Ireland develops its intelligence capabilities to counter hybrid threats. The IIEA representatives stated that we are not in line with comparator countries. Could they expand on who they consider to be comparator countries and what it is precisely those countries have in terms of capacity that we do not? The report referenced Sweden’s total defence model, which was highly regarded. I think the witnesses are suggesting that could be a model for Ireland. Going back to the reference to comparator states, do they consider that Sweden is above all of those comparator states and we are all behind or is it a case that Ireland is below all other comparator states and Sweden simply has the best model?

The national energy security framework stated in April 2022 that the risk of cyberattacks on energy infrastructure was deemed unlikely. I take it that the witnesses consider that to be a misjudgment or an undervaluation of the actual threat.

It would be useful if the witnesses elaborated and explained where is the risk. In terms of the myriad of issues, I will leave my contribution at that and come back in later.

Charles Flanagan (Laois-Offaly, Fine Gael)
Link to this: Individually | In context | Oireachtas source

I will take questions from a number of members in the first instance and then revert to Dr. Colfer and Mr. Fitzgerald.

Réada Cronin (Kildare North, Sinn Fein)
Link to this: Individually | In context | Oireachtas source

I thank the witnesses for very comprehensive presentations at this tense time.

They mentioned the issue of conveying the message that there is a threat to our critical infrastructure and national grid. Mr. Fitzgerald mentioned the €2,400 grant for households to install solar panels on roofs. Many of the people who come into my office cannot afford the upfront fee so they cannot apply for the grant. If the worse came to the worst, I do not want a situation whereby the wealthier people in society have access to electricity but not ordinary middle-income earners and working people. I thank the witnesses for their interesting presentations but we must convey their message to ordinary people. How can we convey the message? I ask because it is easier to communicate with businesses than with people at home who are just getting on with their lives, and working to keep a roof over their heads and food on the table. Regarding resilience, how can we make people more aware of that? What does IIEA think we should do?

I was a member of the Joint Committee on Climate Action and the committee discussed brownouts and blackouts but we never discussed the possibility of a threat to the national grid that might lead to people not being able to get power from the plugs or whatever in their homes. It is imperative that we convey the importance of producing our own power. Does the IIEA recommend that the Government makes it easier, perhaps by providing interest-free loans to people who cannot afford the upfront costs to install solar panels?

Charles Flanagan (Laois-Offaly, Fine Gael)
Link to this: Individually | In context | Oireachtas source

We have a number of questions of a diverse range of issues associated with cybersecurity and national security. I will revert to Dr. Colfer and Mr. Fitzgerald and then come back with members starting with Senator Wilson.

Dr. Barry Colfer:

Deputy Carthy asked what comparative countries have that we do not and Mr. Fitzgerald will answer his question as he is expert in that area. However, I will reflect on what the Deputy said about the likelihood of an attack on the energy grid. When I was a scout, we were trained to bí ullamh. Our paper does not seek to say an attack will happen. In fact, we did not attempt to measure the likelihood of an attack on the energy grid but merely pointed out its vulnerability. Perhaps in the next phase of our research we could focus on the likelihood of an attack. We are not scaremongering and do not propose that an attack is imminent but simply point out that vulnerabilities exist so that this group and others are aware of that.

Senator Ardagh asked some great questions. On spending on defence being relatively limited, Mr. Fitgerald will pick up on that as well. The Senator asked whether the Garda are best placed to undertake matters of cybersecurity or whether there is cause for a new strategic body, and my colleague will also answer that question.

On regulating the Data Protection Commission and the wave of digital legislation that is coming our way, between the alphabet soup of the AI, the Digital Services Act, DSA, and the Digital Markets Act, DMA, there is a huge amount of public policy happening around the digital space and data protection in Ireland. Indeed, Ireland is trying to position itself as a frontrunner. From January, Ireland will take over the chair of the D9 group of digital EU countries. It is not a question of whether Ireland should; Ireland must take a leadership role given that it is something we are good at but also because we play host to so much data and so much of the global tech activities around the world comes through or is adjacent to Ireland. The short answer is "Yes".

With respect to the grey zone and disrupting elections, Mr. Fitzgerald only brushed up against the issue in his remarks but it is contained in our paper that, absolutely, there were disruptions to elections and disinformation. I mentioned in my presentation that the grey zone is any hostility or aggression that falls short of kinetic warfare, which mainly seeks to undermine confidence and faith in democratic institutions. Thankfully, in Ireland, compared with many countries, our institutions remain robust. We have a vibrant media and think tank landscape that helps with that but we must not be hubristic. The threats to our forthcoming elections from hostile actors and elections all around the democratic part of the world should be foremost in all our minds.

The next issue is the Russian vessels. In the exclusive economic zone or adjacent to our waters, it is not our fault that they are there. I do not think there is any shortcoming on the part of Irish policymakers that the Russian vessels are in or adjacent to our waters. I draw attention to the fact that we have recently had interaction with peer think tanks and policymakers in the Nordic countries, and it is something that peers in those countries are really seized with. It was covered by the national broadcaster this morning. There have been very unusual patterns of activity in the waters adjacent to our neighbours in the Nordic countries, which is potentially Russian authorities seeking to plot - and this is something the Cathaoirleach has been interested in - against the security of our subsea cables. That is something which is of major interest to Ireland, but not just Ireland, which is the point I am making. Norway, Denmark and Sweden have noticed this as well.

With regard to weaponising migration, this is indeed something the IIEA is working on as part of our Global Europe project. We are looking at the modern context of migration in Europe, which has obviously been a thing since Roman times and before. People have moved around Europe. However, we are in a different moment, and Ireland is experiencing a migration moment which we have not before with respect to refugees from the conflict in Ukraine, who have found refuge and help here in Ireland. It is a delicate matter to put it in the terms the Senator sought to, but I understand why she did . The idea of weaponising people, given that these are the victims of the conflict and that they are having to flee their homes and their communities, is a tragedy. The concern is to support these people rather than label it as part of any form of weaponisation. However, it is certainly something the Russian authorities have done in the past, and they will do again.

Regarding Deputy Cronin's question, I will make a couple of remarks, because there are some very interesting things there. Obviously, getting the message out is our core business. We deal in ideas at the IIEA, so we try to understand as objectively as possible, and to provide a space for debate around everything. I journey through the wide range of stuff that we talk about. First, getting the word out is absolutely our core business. However, with respect to the affordability of, for example, putting solar panels on people's homes, there are many people in Ireland, myself included, who would love to own a home where they can put panels on. That is obviously for policymakers. Would it not be great to have greater access to resources and funding to allow people to contribute to the energy resilience of the country by yielding energy from the sun? That would be great. When anything happens at scale, it becomes easier, so if the Government could support people doing it more often then things become cheaper. To use the Deputy's language, absolutely, access to electricity cannot just be for the rich. I am paraphrasing her a small bit. However, it certainly contributes to what we have been talking about, and what Mr. FitzGerald may come in on in a moment. To be more energy resilient, and more energy independent, allowing people to yield their own energy and to trade their energy, one of his recommendations on microgeneration is actually a fairly easy win for Government when it comes to this conflict we tried to describe.

I do not have much more to say, other than that the all-of-society approach really is important here. There is a lot of scary stuff. We all walk around with telephones in our pockets that can be easily exploited by relatively affordable technology. It is an easy answer for a think tanker to say. However, public information and education is needed regarding the very real threat we can all face through phishing, smishing and everything else. Part of it, I would like to think, starts now, and continues with public education in members' constituencies and at future committee meetings.

Mr. Cian FitzGerald:

I will respond to Deputy Carthy's point. I know he is no longer with us, but I will answer his question regarding Sweden as the model. The reason Sweden was chosen as the model as part of our research was it was a participating member of the Commission on the Defence Forces. It had already been identified as a comparative country by the Irish authorities. Second, the reason we chose Sweden's Total Defence document was that at the time, Sweden was a neutral European country. It had a similar-sized defence force, it had a similar outlook towards defence and its foreign policy and, therefore, it provided a workable template that we could draw on to augment our response to these types of threats. These were the primary reasons Sweden was chosen as a model.

Regarding the specific ways in which we could augment our intelligence capacities, one of the ways would be through the use of defence attachés, as was mentioned by the Commission on the Defence Forces. Relatively strategically placed defence attachés in major metropolitan areas such as Washington, D.C. and London would allow us to tap into existing defence attaché networks to leave us better informed of the types of threats that are out there. This would enable us to make better and more rapid decisions, and provide policymakers with better information.

An additional element that we could also examine is greater collaboration with the EU Intelligence Centre, which is going to be augmented as part of the EU strategic compass implementation plan. That also provides an opportunity for us not only to collaborate on an EU project, but also to have greater intelligence sharing with our fellow member states.

Regarding the methodology for our approach, ultimately it is about looking at how we make best use of the limited resources at our disposal. We kind of know what the defence budget is going to look like over the next period, so it is about how we make use of these resources. That is why the approach we took was trying to make best use of existing frameworks, or augmenting their use. These include the €2,400 grant that exists, which maybe leads me to stay with this €2,400 grant. Overall, the approach we would like to look at with this grant is changing the way in which we approach it. It has been approached from an environmental perspective and how we enable Ireland to reach its climate targets. What we are trying to highlight is that there is an additional consideration here. It also has a national security consideration and it could be either promoted among the general public, or more resourcing could be provided.

As Dr. Colfer said, there is also a potential vulnerability where in a scenario, if it were to happen, that only a certain segment of society had electricity while another segment did not, and the dividing line was economic circumstance, that would leave Ireland more open to disinformation campaigns. These would continue to sow social division, and would continue to undermine trust in public institutions. As Dr. Colfer said, these grey zone techniques are designed to operate within the cognitive domain. It is designed to operate within people's minds, and to undermine confidence in the State's ability to protect its citizens. In turn, that constrains that State's ability to respond to the external pressures being placed by revisionist states, such as the Russian Federation. We have seen this with their misinformation campaigns in the United States' elections.

This draws me to the question around misinformation in elections. One of the key ways of countering this, and sometimes these solutions are quite simple, is media literary courses. We can expand them, run them in schools and make sure that people are able to identify misinformation, report that it is misinformation, or are simply able to decide in their own minds what is and is not disinformation, or to know what is true and what is not true. That would be a key and easy win for Government, if it just expanded its media literacy programmes. They are in existence. I hope that has captured all of the questions.

Dr. Barry Colfer:

Regarding what Senator Ardagh said about cybersecurity, and whether it is best to reside with An Garda Síochána or a separate entity, I wonder whether Mr. FitzGerald would have something further to say.

Mr. Cian FitzGerald:

Again, what we focused on is enhancing the existing structures. It is about trying to provide the Defence Forces and An Garda Síochána with more resources. At the same time, we also have the National Cyber Security Centre, so again it is about providing more resourcing to that. It would provide, again, a reasonably easy win in using the resources already at our disposal and enhancing them by bringing them to an additional level. Coupling that with greater co-operation at the EU level would leave us better protected than we are now from these types of grey zone threats.

David Stanton (Cork East, Fine Gael)
Link to this: Individually | In context | Oireachtas source

The witnesses are very welcome, and I thank them for a very interesting presentation.

If we thought about it for long enough, it was probably one of the most frightening presentations we have received since our committee was established. War is spoken of as boots on ground, but this war is fingers on keyboards. It is invisible and extraordinarily dangerous. We should almost have a full-time committee dealing with this.

The HSE was attacked, possibly by a state-sponsored actor, a little while ago and it cost us tens of millions of euro, if not more. Are we, as part of the West, in a war? Can the witnesses say whether any attacks been deterred? Maybe they can; maybe they cannot. It is a cross between "The Matrix" and the 2020 film, "The Perfect Weapon". I am sure the witnesses have seen the latter. It was quite scary. They mentioned interference in elections. We know about the national Democratic campaign in the US 2016 elections, when emails were hacked and leaked and other things happened. That is frightening. The witnesses might say something about the European Centre of Excellence for Countering Hybrid Threats, Hybrid CoE, in Finland and what our involvement with it is.

If you are in a war situation without war having been declared and if you are being attacked, you have to defend yourself.

Interestingly, the witnesses stated that the Government should examine the implications of the development of offensive cyber capabilities for defensive purposes - "offensive" means attacking someone else and going on the offensive – to increase the cost for perpetrators of cyberattacks, or in other words, to make it not worth their while. If people attacked us, they would come away from it worse off because we would attack them in return. This is a war by another name. It is hidden and in the cyberspace – the Matrix, as it were.

I am not sure about the witnesses' point regarding the microgeneration programme. If our national grid was attacked, damaged and shut down – I hope that does not happen – I am unsure as to how panels on houses could compensate at that stage. We have wind energy, but I presume the wind generation infrastructure would also be impacted, given that the whole grid would have been attacked. Other agencies could be attacked as well, for example, financial institutions. From what the witnesses are saying, the cables across the Atlantic do not need to be cut for a cyberwar to inflict immense damage.

Will the witnesses explain the deterrence playbook that the Hybrid CoE has discussed? How do we deter these attacks from happening and should we put more money and resources into deterrence and taking it more seriously? They referred to a black swan event, which is effectively something that does not exist until it does. The Black Swanis an interesting book. The witnesses referred to the military and the civilian working together and getting the best from both. Is that happening in Ireland to the extent it should and what can we do to ensure it is?

How does all of this interfere with our neutrality? Does it change our definition of "neutrality"? What does "neutrality" mean? Can we sit back, not do anything and let everyone else get on with it or must we side with the West, which would scupper our neutrality? If we are in a war situation with someone else, would the triple lock come into play? We normally think of war as boots on the ground, but this is fingers on keyboards and can be far more damaging in some ways. The first time this happened was the Stuxnet attack, when a nuclear power station in Iran was allegedly interfered with by the US. Iran did not know what was happening and the whole station just shut down and things went very wrong. It took Iran a long time to figure out what happened, but I understand a malware worm was sent into the power station's systems and caused a great deal of damage. That could be happening constantly.

I have asked a few questions and have not even discussed the bots yet. My colleague mentioned AI. We have seen how AI can mimic even the Chair's voice and use it to activate secure systems and so forth. We are only scratching the surface of AI.

I thank the witnesses for their presentations, which were not only interesting, but extremely important at this time.

Charles Flanagan (Laois-Offaly, Fine Gael)
Link to this: Individually | In context | Oireachtas source

Next is Deputy Cowen, followed by a further question from Deputy Cronin, after which we will revert to the witnesses.

Barry Cowen (Laois-Offaly, Fianna Fail)
Link to this: Individually | In context | Oireachtas source

I thank the witnesses for their presentations. They were interesting, enlightening and alarming. It is obvious that the concept of defence as presented within the Government framework in years past is no longer the same and everything is fair game and under attack. It is crucial that we up our game at greater speed and find ways to address disinformation, misinformation, the abuse of educational tools and the way in which the youth especially are being infiltrated. We initially laughed when disinformation played a role in interfering with the electoral process and at the amount of disinformation in that sphere, but we have a significant responsibility to be able to counteract such disinformation so that it cannot be used against us in a way that is unimaginable. At its most basic level, platforms such as Facebook, Twitter and so on contain abuses and people are allowed to create identities that are obviously not their real identities, yet carry weight in society, debates, arguments and the formulation of policies by political parties and others. Deputy Stanton stated that this was not to be brushed aside and we had to take it seriously.

I noted the witnesses' comments on the project being taken on by the European Commission in terms of Sweden being the model for how others might react and form a uniform approach to these issues. I hope that adequate funding and expertise are available to ensure that whatever emanates from that project has the potential to succeed for nations across Europe. We are starting in a handicapped position and we are carrying more weight than some of the other countries.

What the witnesses raised was not a question as such. Rather, it is something that we as a committee have to get up to speed on to ensure that we can make a contribution on behalf of other Oireachtas Members so that the Government is best informed and the EU plays its role in ensuring there is sufficient capacity, capability and funding to back that up and we can respond in the way we should.

Réada Cronin (Kildare North, Sinn Fein)
Link to this: Individually | In context | Oireachtas source

The witnesses mentioned how the Russian invasion of Ukraine was not going as Russia had expected and that cyber warfare may be its preferred tool in future. Currently, our cyber defences are handled by the Department of the Environment, Climate and Communications, with seconded personnel from the Department of Defence. Where should responsibility for our cyber defences sit?

How should we build our cyber defence protection? Where would we get the best level of expertise and the best minds? This relates to intelligence sharing as well. If I could ask a question that might be a bit odd, when there is intelligence sharing across Europe, or indeed across the world, would that be open to bad actors or bad-faith actors? Would that be an issue in that area or field?

Charles Flanagan (Laois-Offaly, Fine Gael)
Link to this: Individually | In context | Oireachtas source

I thank Deputy Cronin. I will go back at this stage to Dr. Colfer and Mr. FitzGerald on the specific questions that have been raised and then we will have another round.

Dr. Barry Colfer:

I thank the contributors. I will start with Deputy Stanton's remarks. I think I noted 11 different themes. I will pick up as many of them as I can and I will bounce a few of them on to poor Mr. FitzGerald because he is the expert when it comes to matters of cyber and security in general.

The Deputy asked if we are in a war. War is traditionally declared. We are certainly being attacked. The whole West is being attacked and our values are being attacked. I do not want to make any great statements regarding whether we are in a war but we are certainly not absent from the conflict that is happening in our neighbourhood and that has been visited on our neighbours. As to whether attacks have been deterred, I can say two things certainly. I obviously cannot provide any details but it is widely known that there have been close calls throughout Europe and sustained attempts by, as members will know from reading Mr. FitzGerald's paper, actors that are sponsored by the Russian authorities, the various hacking collectives that are now household names. You are not necessarily going to get hacked by somebody sitting in the Kremlin but someone sponsored by it.

Regarding elections, which the Deputy raised and also came up in a previous contribution, this really is an area where the entire West, including Ireland, is vulnerable. I do not want to go over the same territory too much but I would restate the fact that Irish elections are very involved and are, let us be honest, relatively civilised. We have very robust and inclusive debate in Ireland compared with some other places but that is extremely precious and extremely fragile. We have talked about the national grid, the HSE and financial services. All these things are extremely valid to protect but every bit as important is obviously our democratic discourse and our fully free and fair and involved elections.

Regarding the hybrid centre of excellence in Finland, I know a small bit about it but I will bounce that one to Mr. FitzGerald because I think he can speak more eloquently about it.

Regarding what Deputy Stanton said about the offensive part of the recommendations - no pun intended - in terms of microgeneration, I will defer to the Deputy and his knowledge on the matter. The point we are trying to get at in the paper is that one way Ireland will be more independent, more secure and more resilient in terms of our energy security but also in terms of the transition to net zero is to diversify into as many forms of energy as possible in order to move away from fossil fuels. One progressive and inclusive way is through supporting homes, as Deputy Cronin said, to be able to access microgeneration through solar panels. That is not a major part of the paper so I will not dwell too much on it.

The Deputy asked if we should put more money into these matters. That is an easy one for me because I can say in good conscience that that is something for policymakers. Our attempt here is to paint a picture and to identify some of the weaknesses and some of the options. What I can say is that picking up any of the challenges that are there and closing the gaps would of course require resources but it would also require leadership, expertise and intelligence.

I am very interested in the question about co-operation between the military and civilian areas and what can be done there. That is explicitly in the paper as one of the recommendations so I am going to ping that one on to Mr. FitzGerald as well.

The ninth issue the Deputy raised was neutrality and the triple lock. I can say comfortably that this is not actually about that. However, that is a very interesting debate that we very much hope to continue to contribute to as part of the institute and on behalf of the IIEA. Here, we are talking about vulnerabilities to our communities, society at large and to businesses and the policy decisions that could be made to protect the citizenry. That obviously interacts and is in the same space as the debate about neutrality but I contend that it is not related to this paper. That is for future papers. I can also refer to an excellent paper by Professor Patrick Keatinge that the IIEA produced before Christmas on the European neutrals, that is, the remaining depleting club of neutral countries left within the EU.

I take away what the Deputy said about it not being boots on the ground but fingers on keyboards. That is absolutely the case. I hope much more of what we have said has already landed but if nothing else lands, let it be that. The very nature and character of warfare has evolved so much. Boots on the ground, armaments, tanks and the rest are very much a part of the tragic and horrific war that is taking place but this is also happening on both sides, both from the aggressor and the defender. There are very heroic accounts of people in Ukraine and in adjacent countries with technical skills who are also helping to defend and protect. The hybrid nature of warfare is laid bare so vividly in the tragic context in Ukraine.

AI bots are highly significant. I hope that might be for another presentation because it is a part of the puzzle here.

Deputy Cowen asked about capacity, funding and expertise. I would say two things in that regard. It certainly is not cheap. However, not only is it vitally important to protect the citizenry and our infrastructure but also I keep going back to the point regarding our precious institutions and ways of doing politics and public policy. There is an opportunity there. We are in the midst of a transition, as I already mentioned, away from a certain way of doing business, away from fossil fuels and towards a greener economy. There are certainly opportunities for really good high-quality employment, for example around what Deputy Cronin raised about solar panels. We also need an army of people to protect and defend the digital infrastructure in the country. Let us never have a HSE attack again. Let us ensure the subsea cables are protected. People have to do that and there is an opportunity to train people with really good quality employment and skills. As we are celebrating the European Year of Skills, we are out for our great universities and technological universities.

Deputy Cronin asked where this should sit. I am a little ambivalent as to which part of Government or which Department should be responsible. It is very clear from knowing a good bit about politics and public policy in Ireland, and a decent amount about other European countries, that there probably is something to be done in Ireland about communication between the different entities that would be relevant. Ireland is a relatively small country, as we all know too well. There is a great opportunity here for replication or communication deficits. I am ambivalent as to who does it but I certainly feel there is an opportunity here to ensure there is a shared mission, a shared understanding and good communication between relevant entities.

Réada Cronin (Kildare North, Sinn Fein)
Link to this: Individually | In context | Oireachtas source

Would Mr. FitzGerald have an opinion on that?

Dr. Barry Colfer:

I have one more thing to say and then I will pass on to him. If he has anything more to elaborate on with regard to that, I ask him to please do. The Deputy's last remark was about whether intelligence could be accessed by bad actors. It absolutely can. It happens all the time, which is-----

Réada Cronin (Kildare North, Sinn Fein)
Link to this: Individually | In context | Oireachtas source

Is it very common in that space?

Dr. Barry Colfer:

Absolutely. I mentioned this as a side remark but we all carry around very powerful devices on us. It comes out with public leaders, such as the likes of Angela Merkel having had her phone tapped by opening an errant message. It is happening every day all the time. As I said to Deputy Cowen, there is an opportunity here for the Government to take this seriously, to create a systems infrastructure and good quality employment to do our best to deter it.

Mr. FitzGerald may wish to address any issues I left out.

Mr. Cian FitzGerald:

I will begin by responding to Deputy Cronin's remarks on where these capabilities could lie. As Dr. Colfer stated, we are relatively ambivalent with regard to who oversees it. I will focus on the Defence Forces. The Commission on the Defence Forces has proposed the creation of a joint cyber defence command. At present, the Defence Forces generally focus on maintaining their communications internally. It is about operating within theatre and being able to have their communications operating properly. As the report stated, the joint cyber defence command would be a step up in the level of ambition in order that the Defence Forces would be able to play a role in the national cyber defence of the State, rather than just seconding people to the National Cyber Security Centre. Our recommendations in the paper focus on that aspect primarily. It is about levelling up the capabilities of the Defence Forces to be a player within the State's cyber defence.

On the question regarding intelligence, an additional matter we should consider is the role of open source intelligence. It is not just classified intelligence. Open source intelligence is playing an extraordinarily large role in the war in Ukraine. With pictures being posted on social media, it is quite easy to follow what is happening on the front lines. These images often raise questions but the ambiguity within these sources can also be used to construct information or disinformation. A good example is the questions relating to the presence of a drone over the Kremlin. It has yet to be identified but that is an example of open source intelligence with an ambiguous interpretation that could be used by both sides. I hope we will eventually find out who is behind that.

On the question regarding how we build our cyber force, there is a significant amount of expertise in Europe and the United States. We are already a member of groups on which we could draw. Deputy Stanton referred to the hybrid centre of excellence in Finland. There is also the NATO Cooperative Cyber Defence Centre of Excellence in Estonia. We are already a member of that centre. If we decide to enhance or level up the capabilities of the Defence Forces to be in cyber defence, we could draw on the expertise of those centres to help us in that regard. In the context of staffing in that regard, many armed forces in Europe have direct entry models. That is potentially something on which we could draw. We could draw on universities and recruit people directly in. Ideally, however, we would, in time, be able to train people internally within the Defence Forces to be part of the State cyber defence.

As regarding Russia's overall lack of progress in Ukraine and the potential expansion of the theatre towards Europe, members may remember that in February 2022, Russia's campaign was expected to last three days. It probably had systems in place for a two-week campaign at best but there has now been well over a year of fighting. As Russia continues to face repeated setbacks and fails to make progress and as Europe continues to provide support for Ukraine, we could see an increase in the level of threatening behaviour, such as the cable and the suspicious manoeuvres of boats, not just in Irish waters but also in the waters of our European neighbours.

I will jump to Deputy Stanton's questions regarding whether we are in a war. To echo the remarks of Dr. Colfer, war is normally declared. An additional element is that it depends on how we conceptualise this. Some analysts believe that Russia considers itself to be in a confrontation with the West. As Dr. Colfer stated, it is important for us to focus on and understand the fact that we are under attack and there are deliberate efforts to undermine the stability of our democracy and states and to limit our ability to act and make choices for ourselves. It is not just Ireland facing this threat; Sweden has also identified it in its national security strategy. This is not unique to Ireland but it creates an impetus for us to respond effectively. I hope that implementing some of the recommendations in my paper would constitute a very small part of that effective response.

As regards the request for examples, there are good examples. Estonia recently managed to thwart a large-scale attack on its institutions. Another example relates to the ongoing attacks on Ukrainian critical infrastructure as part of Russia's hybrid warfare against Ukraine. Its power systems are still being targeted but Ukraine has built resilience into its system. The first time the system was attacked, it was very disruptive, with a quarter of a million people losing power, for example. By the third or fourth such attack, however, Ukraine had reverted to analogue systems, such as using walkie-talkies to communicate, rather than digital systems. In addition, it has good backups on which it can draw. Much of this is about having the decisions made in advance rather than worrying about what happens if we are under a cyberattack. It is about having protocols in place to ensure that, in the event of a cyberattack, disruption is minimised.

As regards the use of offensive cyber, this is based entirely off recommendations from the Commission on the Defence Forces. The key word in this regard is "limited". I cannot comment on what that would mean. What it looks like is a question for policymakers. The commission recommends that the joint cyber defence command should have the capacity to carry out strategic reconnaissance, that is, to see inside other people's networks, or to conduct limited offensive cyber operations for defensive purposes.

As regards the deterrence playbook, which is from the European Centre of Excellence for Countering Hybrid Threats, Hybrid CoE, overall this paper tries to encapsulate some of the ideas that come from the cyber deterrence playbook. In general, the way I have conceptualised the paper is that we arguably have two parts to this deterrence. The first section is deterrence by denial, that is, making sure society is prepared. It is the equivalent to building a castle. The second part is exploring the use of deterrence by punishment, which is the use of limited offensive cyber operations to change the cost-benefit calculation. Ultimately, this is to try to make Ireland sufficiently resilient that we would not be targeted in the first place. It is about deterring attacks, rather than just being resilient in the case of an attack. It is also about trying to make sure we minimise the risk of an attack occurring. As Dr. Colfer stated in the context of the risk of a cyberattack against the energy grid, it is about pointing out what the vulnerabilities are. Of course, there are other vulnerabilities that exist in that regard. Making society resilient and ensuring all the boxes are ticked minimises the risk of those other vulnerabilities, not just the energy grid, being targeted.

As regards co-operation between the civilian and military , this is the overall impetus of the paper. What we have seen in states, including Ireland, other European states and other, much bigger states, is that, in general, running the whole spectrum of grey zone threats, modern militaries are struggling to deter or respond to these threats adequately because the threats target societies, not military installations. Ultimately, militaries are drawn from society but they are only one small part of this. In general, grey zone threats or grey zone antagonist activity is designed to circumvent the ability of the military to respond. The military has a role to play in countering disinformation, as well as in cyber defence and, for example, in ensuring Russia is not able to sabotage our cables. We are arguing, through this whole-of-society approach, that it is not just about the military. This also relates to other elements of the State security services, as well as to private businesses, which are often the targets of these cyberattacks. Universities are targets of cyberattacks, as are the multinational tech companies that operate here. There is an enormous amount of expertise and knowledge here already and a whole-of-society approach enables us to harness it to protect the State, rather than relying on a single section of society, namely, militaries, to do a job they are not best equipped to do.

Their best job is protecting the State against kinetic threats.

Charles Flanagan (Laois-Offaly, Fine Gael)
Link to this: Individually | In context | Oireachtas source

Thank you. This is very useful. I call Deputy Stanton.

David Stanton (Cork East, Fine Gael)
Link to this: Individually | In context | Oireachtas source

I thank the witnesses for their responses, which are very interesting. Grant Thornton maintains that in 2022 the cost of cybercrime in Ireland was €10 billion, which is an enormous. Some of these state-sponsored actors have their own helpdesk and if they get into trouble, they can actually get help - there is that level of professionalism and sophistication.

The witnesses mentioned that through mobile phones we are all interconnected and the fact that all of our mobile phone networks are controlled from outside the State in many ways. We know some high-profile individuals, Ministers included, have been hacked here, and another Minister came forward in the past week or two to say that he had been hacked. I have been told there are high-profile individuals in Dublin whose phones are being targeted all of the time. The witnesses might comment on that and also on the €10 billion cost outlined by Grant Thornton. I know it is slightly removed from what we are talking about but it is in the same space, if you will pardon the pun.

Mr. Cian FitzGerald:

I hope I am not speaking out of turn but the cost of cyberattacks to businesses in the State is billions of euro, as the Deputy acknowledged. The concern is that should more critical entities be targeted, there would be an accompanying misinformation or disinformation campaign designed to erode confidence in public institutions. One of the additional concerns, which we have noticed as part of our investigation, is that we often see either hackers for hire or groups acting on behalf of state entities who carry out what are seemingly ransomware attacks but are really wiper attacks. The concern is that we may see businesses being targeted and that we misidentify the threat as run-of-the-mill cybercriminality that is opportunistic, when, in fact, there may be something more co-ordinated behind it. That is the whole point about this area. Grey zone warfare is designed to operate so it is incremental and slow, and we are not supposed to notice it until suddenly everything has changed. This is certainly part of it.

Charles Flanagan (Laois-Offaly, Fine Gael)
Link to this: Individually | In context | Oireachtas source

I will ask a couple of questions under three headings, some of which have been referred to, and on others perhaps Dr. Colfer and Mr. FitzGerald would like to leave us with a message: first, Russia; second, what we are doing nationally; and, third, our international role. On the issue of Russia, I note that the IIEA presentation mentions Russia at least 15 times. It is quite unusual in the context of a presentation to us that it should be so specific in its messaging. In response to the IIEA response to the questions, both of our witnesses have been remarkably, or refreshingly, frank and direct in their responses. That is not something that is always apparent in our engagement and we very much welcome it.

On Russia, the witnesses very directly and heavily identify Russia as a threat. I ask them to comment on the fact that we in this committee have been critical of the very strong engagement of Russia in Ireland, with particular reference to numbers, activity and the role of official Russian ambassadorial engagement in Ireland. The witnesses quote Russian President Vladimir Putin, who said: "[A]ny critical infrastructure in transport, energy or communication infrastructure is under threat - regardless of what part of the world it is located, by whom it is controlled, laid on the seabed or on land". This is against the background of what the witnesses have said and what we have been saying here regarding our own critical telecommunications infrastructure in Irish waters under the seabed, yet we have a significant complement of Russian officials, technicians, experts and operatives working on a daily basis in this capital city and across the country. Would the witnesses associate that with Ireland's vulnerability and would they have any message for committee members in that regard?

From a national perspective, I note that in response to the question from Deputy Cronin about lead Departments or Departments of greater influence or priority than others, Dr. Colfer said he was ambivalent as to the lead Department. Maybe I could invite him to review his ambivalence in the context of what we are doing under, for example, the National Security Analysis Centre, which in 2019, in an unprecedented move from a security point of view, brought all of the security and related agencies - the Garda and the defence, communications and energy agencies - under the Department of the Taoiseach for the first time. There was a period of public consultation in 2019 and, thereafter, legislation, which to the best of my knowledge has not yet been enacted, that would place this office or centre on a statutory footing. One could say that any element of tardiness, if, indeed, there was tardiness, may well have been due to Covid and the fact that we, as a Legislature, were not operating at full throttle over a period of years. I ask the witnesses to give us their assessment of the workings of that centre and if they see any immediate gaps in the system, particularly in regard to the connectivity or otherwise between the Garda Síochána and the Defence Forces, the resourcing of that centre in the Department of the Taoiseach, and, given their experience, whether over the past four years the level of co-ordination has been sufficient.

The IIEA also identifies in one of the recommendations the need to ensure a greater level of co-ordination and co-operation between the public and private sectors. That, of course, is very important in the Irish context, having regard to the expertise and experience that is potentially available to us given the siting of many of the leading global technology companies in Dublin. Do the witnesses think we can gain from their expertise? What type of collaboration do they see as appropriate in the circumstances? This is work that we can do nationally but I question whether this is being done with the speed and intensity the IIEA paper seems to suggest we might.

On the international stage, we have been engaging quite actively in recent times in the EU strategic compass. We appear to be fulfilling what might be described as active engagement. I do not want to call it our "obligations", but our activity and involvement is not only in terms of finance but in terms of the personnel and targets that have been agreed. Do the witnesses see that as being a way forward? Do they see any connectivity or potential conflict between what the strategic compass is doing and what other international organisations such as NATO might be engaging in, particularly in the context of what Deputy Stanton said about Europe being at war?

In terms of the European jigsaw, we are actively engaged as members of the EU but our nearest neighbour is no longer a member, yet we continue to have a special security relationship and engagement with that neighbour. How do the witnesses see that jigsaw working in a timely and essential manner, having regard to the changed European landscape with war on the Continent?

Dr. Barry Colfer:

There is a lot there. I will do my best to get through as many of those interesting and important points as possible and will hand a couple over to Mr. FitzGerald. On our messaging in the paper and in our work and the direct identification of Russia as a threat, Russia caused this war so that is an easy one. It invaded its neighbour, causing this atrocious war. The Kremlin, as the Cathaoirleach quoted from our paper, has said critical infrastructure is fair game. It has also said countries providing armaments to support Ukrainian forces are engaged in a confrontation. This is shaking up German domestic politics, for example, as the Cathaoirleach knows. This is the context in which we call Russia out as the aggressor. I think that is fairly uncontroversial.

The Cathaoirleach mentioned Russians in Ireland and whether this is part of our vulnerability. I would say it is not specifically. We all know Russians in Ireland and they are citizens, taxpayers and parents as much as anybody. I would not identify them as a cohort we reflect on in our paper but if there are Russians in Ireland who are part of the attempt by the Russian Federation to undermine the State, that needs to be carefully monitored and called out. I will assiduously avoid comment on the fact the Russian ambassador is still here other than to say I believe fundamentally and to my fingertips in the power of diplomacy and the importance of maintaining political and diplomatic interactions as far as possible, even deep into a conflict.

Regarding the ambivalence I expressed, the Cathaoirleach’s point is well made and well taken. There is much happening in Ireland now - and this has evolved even in the past half-year - in terms of a robust, informed, interesting debate on Ireland’s security context and defence posture. This includes the entities the Cathaoirleach named, the Department of the Taoiseach, the Garda, Defence Forces, Department of Defence, Department of energy and various forms of public consultation. My ambivalence is more about not picking a favourite. It is important that somebody does it and that there is good co-ordination between entities. Co-ordination could always be better. I was trying to hint at that. It was potentially the most indiscreet part of my remarks. It is not peculiar to the security and defence environment we have been talking about but, as a relatively small, hyperconnected place, there are opportunities for replication and miscommunications to happen. It would be really good if they were prevented from happening through co-ordination between actors and entities. If that takes a statutory body, as Deputy Cronin said, that is the bit I am ambivalent about. I do not mind who does it provided there is good hard co-ordination, given how serious the matters we have discussed are.

On the collaboration between public and private bodies and actors, Mr. FitzGerald may come in on this, but it can be done. It is part of Ireland’s industrial policy. We have a high density of good quality employment, US foreign direct investment and other forms of direct investment. Given the amount of intellect, knowledge and expertise in the country by dint of these actors, who members know and who are household names, there could be easy wins co-ordinating between really smart people working in the public sector and in the private sector.

I will step back to something Deputy Stanton said because it just occurred to me. It concerns the dangers of hacking into our phones and of affordable, easy-to-use technology that can be bought off the shelf in the dark parts of the Internet and used to exploit people, hack and cause damage. We should remember, given we play host to so much data and high-tech industry, that it is also an instrument for good, even in this conflict, from keeping in touch with people to President Zelenskyy's famous remarks to the public, including in the hours after the initial invasion. If members have not seen these recordings, I encourage them to do so. He interacts with various social networks and he let the Ukrainians know he was there. Talking about disinformation, it was being circulated by the Kremlin that he fled and the people were left leaderless. He was able to stand in the centre of Kyiv – it is very moving – and with the phone in his hand say, “I’m here”. While there are threats, there are great opportunities. It is fairly morbid, but there is widely documented evidence of high density of mobile telephony being used to identify where troops are massed. It is a multifaceted thing and not just about hacking, but other things as well.

On the international stage and the EU’s strategic compass, Ireland finds itself, as we all know and members perhaps know better than anybody, in a radically changed international context. It is not just because of the UK’s withdrawal, but we are still coming to terms with the fact Ireland is in the EU and the UK is not. It raises major questions for defence co-operation on these islands. It was reported very effectively yesterday in a national broadsheet that once the discussion regarding the war in Ukraine and the EU strategic compass is done, we have to get back to that one about how Ireland and the UK need to co-operate effectively in this new reality.

On NATO and the EU security jigsaw, I will pass that on to Mr. FitzGerald. He is probably better placed to comment.

Mr. Cian FitzGerald:

Regarding the Cathaoirleach’s comments on the role of Russia, we would not be the first people to acknowledge the potential threat Russia poses to Ireland. In previous Defence Forces reviews, the outsized presence of the Russian Embassy in Ireland was acknowledged. We focused on how, as Russia's war in Ukraine continues, Russia continues to be aggressive towards European states and to threaten not just Ukraine but also EU member states. It may try to look for weak points in Europe. There is the potential that Ireland may not be attacked because it wants to attack Ireland but as a vector of attacking the EU as a whole.

As to what we are doing nationally, one of the key points we are trying to focus on is jointness. The Commission on the Defence Forces has acknowledged there needs to be greater jointness in the Defence Forces organisation itself. It is about trying to find jointness then through the Civil Service as well in responding to emergencies. We are also trying to find jointness in bringing in private sector actors. This provides opportunities drawing on the Swedish model.

They include private sector actors, such as local mayors, in their emergency planning for disaster relief and in drills for mass casualty events. They include the private sector in that and try to ensure that as much of society is involved in the response to make sure it is as effective as possible.

On top of that, regarding co-ordination and drawing on the private sector, I would like to reflect back on my first recommendation on data sharing, and my point about having access to different types of data. One of the advantages that governments have is that they have access to geostrategic-type data and classified intelligence reports. We have access, through the EU Intelligence and Situation Centre to a different type of data and we have our own capabilities. The challenge is that a lot of the incident data is held in private hands. It is either not reported to the State when the cyberattacks happen, or it is held by insurance companies or the companies that have been targeted themselves. That is the gap in information that exists between the private sector and the Government. Certainly, greater communication in that area, and trying to do it in a way that respects the proprietariness of the data, could enable the State to have a better idea of the full range of the threats that it is facing and the types of threats it is facing.

I would also like to reflect on Ireland's international role and the EU Strategic Compass for Security and Defence. Overall, the role that the EU is playing with the strategic compass is trying to find out how it can become complementary to NATO. It is an ongoing experiment and a negotiation that has been going on against the backdrop of war right on Europe's doorstep. We have had to do the negotiation very rapidly, and we have taken tremendous strides. We probably would have seen the progress be made over a much longer timeframe if Russia had not invaded Ukraine. Certainly, what we are seeing with the EU is that it is playing a greater role in the European defence industry. The act in support of ammunition production, ASAP, directive was recently proposed. It focuses on providing ammunition for Ukraine, as well as ensuring that the EU is producing enough ammunition for its own armed forces. That is certainly a role that the EU can play. It already has experience in industrial policy, and it can draw on that experience.

Regarding Ireland's role within the strategic compass and perhaps the EU military assistance mission to Ukraine, there are certain capabilities that we have, such as the quite highly developed demining capability. It was a wonderful opportunity for Ireland to be able to contribute a small cohort of soldiers to participate in that mission to help train Ukrainian soldiers to demine their country, which is now the most mined country in Europe. Going forward overall, there will be smaller capabilities that Ireland will have, and it will be able to lend its expertise as part of the EU strategic compass. This will not be the last time that Ireland will have an opportunity to share its expertise.

Charles Flanagan (Laois-Offaly, Fine Gael)
Link to this: Individually | In context | Oireachtas source

It is nearly 5 o'clock. Unless there are other questions from members, I suggest that we bring matters to a conclusion and move into private session. In doing so, I thank Dr. Colfer and Mr. Fitzgerald for their interesting presentations and an important engagement with members thereafter. I thank them for meeting with the committee and for dealing with the questions, observations and queries that members raised. I also take the opportunity to thank the IIEA for the important role that it plays across Irish society in respect of our role in Europe and the world. I suggest to members that we continue this engagement and that we establish links with the IIEA to ensure that the institute is aware of the work that we are doing, and that we are even more aware of the very valuable contribution that the institute makes to Irish public affairs. I thank the witnesses for that.