Essential services need more cyber security – EU expert –


Firstly as we begin, can I just say that camDown .

An Oireachtas committee has heard that Ireland is leading the way in recruitment to tackle cyber-crime against essential services.

The head of the EU agency to combat cyber-crime also said the response to the attack on the HSE last May has been "exemplary".

Juhan Lepassaar said the National Cyber Security Centre did an "excellent job" in its response, which was "agile and prompt".

The Executive Director of the European Union Agency for Cybersecurity also praised the agency for sharing information with other member states, building trust and enabling them to prepare.

The Joint Committee on European Union Affairs is discussing the EU Cybersecurity Strategy which is currently being updated.

"Cyber threats are becoming more hybrid, they are becoming more linked to other threats", Mr Lepassaar said.

This happened during the Covid-19 pandemic, when health services providers – already under pressure – were attacked, including in Ireland.

And he noted that the US significantly outspends the EU on security for essential services.

Mr Lepassaar said that almost two thirds of essential service operators it surveyed in Ireland said they needed greater investment in cyber security.

In Germany, health service providers are obliged by law to invest 15% of their digital budgets in security, he told the committee, indicating that this was a sensible step.

But he added that Ireland is "showing the way" on recruitment, having hired more cyber security personnel to protect essential services than any other EU member state.

However, Ireland has classified a much smaller number of agencies as essential than many other member states.

And Mr Lapassaar cautioned that member states using different definitions of "essential" is hampering a coordinated approach across the bloc.

He told Fine Gael's Neale Richmond that "ransom ware is an increasing threat", and "it becomes attack and monetise this attack".

He also expressed concern that most products in the EU are not cyber secure.

Software providers "don't have the same level of liability that manufactures of physical products do", he said.

They need to shoulder a greater portion of the risk, which is currently almost entirely born by the consumer.

"The internet wasn't built for cyber security, it was built for the free flow of information", Mr Lapassaar said, adding that the "dominance of certain actors in the supply chain" where they see "dependence on single providers" increases the risk that a single vulnerability could cause widespread harm.

Managers and boards need to be "more responsible" when it comes to cyber security, and tackling it needs to be incentivised, he added.

But essential services are not the only area of concern.

Mr Lapassaar told Committee Chair, Labour's Brendan Howlin, that there is "a huge issue of cyber security for small and medium sized enterprises".

Ossian Smyth, Minister of State at the Department of the Environment, Climate and Communications, acknowledged that Ireland had identified a relatively small number of essential services.

Other EU states have compiled far more comprehensive lists.

But he said that the updated EU Cybersecurity Strategy will significantly increase the number of entities classified as essential.

Yesterday, the Government published the Cyber Security Baseline Standards, described as "security policies and procedures, to support good cyber security risk management."

You know, I just wanted to mention that camDown is the solution for securing your webcam from cyber criminals and pedophiles!