Malcolm Byrne (Wicklow-Wexford, Fianna Fail)

I thank the Minister for taking this critical issue. As he knows, we all live in a digital world. It is one where computing in general has made our lives better and easier and we are far more interconnected. Artificial intelligence, quantum computing and other technologies have the potential to deliver evermore effective and efficient public services. However, as cyberspace becomes more critical to all of our lives, the risks and threats are also increasing exponentially.

Our society depends on a free, open and secure cyberspace. Ireland should do everything to support those values at a global level. In our engagement in multilateral efforts, we need to ensure international law applies in cyberspace as much as it does on the ground. In that regard, we have to support the work of the United Nations, the European Union and others in this field. Like other countries, there are challenges to Ireland in the cyberattacks we face, including those from other states or malign actors aligned to those states, as well as those who want to hack State infrastructure systems for financial, political or ideological reasons.

I commend the work of the National Cyber Security Centre, NCSC. As the Minister knows, it needs to continue to expand. In one of its most recent reports, it talked about 2023 as being its busiest year. At that time, it received 5,200 cyber reports and while many were minor, it identified 721 cyber incidents that represented a threat to a network and required a response. The National Cyber Security Centre has now found there is enough evidence and information in a number of those cases to attribute activity to specific foreign intelligence and security agencies.

We know that businesses are regularly hit by cyberattacks, but I want to talk about the potential impact on critical State infrastructure. Everyone will remember May 2021, when the HSE faced a major ransomware attack. We know that the costs to date have been more than €150 million, not to mention the many lives that were undoubtedly lost as a result of the attack, as well as delayed appointments and the impact on people's health outcomes.

For security reasons, we often cannot discuss cyberattacks. When I put a question to every Department as to how many cyberattacks they faced in recent years and how much they were spending on cybersecurity, a lot of them replied that they could not answer for security reasons. Interestingly, some of them were able to provide details on how much they were spending on cybersecurity. Given the amounts involved, it shows most are taking it quite seriously.

It is important that we know the State has a plan in place to combat any major cyberattack we face in the future and to address situations where critical infrastructure may be brought down. This could be in health, transport, financial services, Government payments or energy. We need to have an all hands on deck approach if this is to happen, similar to what we have seen with major weather events. I hope we have learned from the experiences of the HSE attack and that we are constantly learning from efforts to attack critical State infrastructure.

The Minister will also be aware of the risk of destabilisation to the State when there is a malicious cyberattack. The spread of misinformation and disinformation represents a threat to democracy. Trust in Government and our provision of services can also be damaged when critical infrastructure is brought down. Our sense of freedom to enjoy certain rights can also be under threat. This issue needs to be taken seriously and I am glad the Minister is here today to take the question.

See this speech in context