Ossian Smyth (Dún Laoghaire, Green Party) | Oireachtas source

The Deputy asked about the information provided to staff to prevent these types of events from happening. There is a parallel with public health advice that it is not the Department of Health that prevents one from being infected but the information it provides to the public and the hygiene habits that, in this case, translate to security habits. It is the information and education about not clicking on links, using strong passwords and all the messages that have to be repeated again and again and making sure that people do that, it is audited and so on. Every staff member has to adopt those habits. That said, we must have in-depth defence. There cannot be a situation where an organisation can completely implode because somebody clicks on a link. The strength in defence and depth and having a secure organisation goes beyond securing the end points and preventing people from getting into one's organisation; once they have penetrated it, one wants to ensure they may only move very slowly throughout it. That requires advice about how one sets up one's networks. Again, that comes back to education. The role of the National Cyber Security Centre is to perform risk analysis of these organisations and to advise on a set of measures to strengthen them and to provide incident response teams when those things happen.

How do we get resilience? We have to keep improving all the time. It is an arms race. One is continually being attacked. It goes back to the parallel with the real life virus which mutates into variants. Computer viruses are upgraded all the time and are mutating and come back stronger and we need to come back stronger all the time. That is why last year we needed to triple our budget for cybersecurity staff. It will go up again next year. The number of IT staff in the HSE doubled in two years. Hundreds of millions of euro are being spent but it will be more in the future because it is an arms race against well-funded cyber criminals.

We are getting support and co-operation from other countries through a number of organisations, Europol, ENISA and we have had direct contact from member states which have also suffered attacks by this particular crime gang. They have kindly shared the information about the signs, when one can see it coming and the remedies that can be applied. We will offer that same information to New Zealand today. I spoke to the National Cyber Security Centre about that.

See this speech in context