National Cyber Risk Assessment published by Government

The Minister for the Environment, Climate and Communications, Eamon Ryan TD, and Minister of State with responsibility for Communications, Ossian Smyth TD, has published the National Cyber Risk Assessment 2022, which outlines the cyber security risks faced by Ireland and the measures required to strengthen our cyber resilience.

This report, led by the National Cyber Security Centre (NCSC), includes an analysis of the risk that Ireland faces from a range of threats such as espionage and destructive cyber attacks posed by nation state actors, criminal organisations and hacktivist groups. The report also highlights the importance of supply chain security in digital technologies, which has become a key focal point of cyber risk in recent years. 

The report makes three key recommendations to strengthen the cyber resilience of Ireland’s critical national infrastructure (CNI) and services, and to mitigate systemic cyber risks in the State:

1. Strengthen legislative provisions to ensure that the operators of essential and important services, service providers, and technology vendors embed appropriate cyber security measures in their products and services from the outset.
2. Develop a framework to manage strategic supply chain dependency risks for critical and sensitive services.
3. Establish a central register of all essential and important entities in the State.

The report supports the ongoing development of measures to strengthen cyber resilience within Ireland’s CNI. It does this by identifying pathways that could lead to systemic cyber risks — which have the potential to adversely affect the State’s essential services.

Speaking upon the publication of the report, Minister Ryan stated:

“We’ve taken the decision to publish the National Cyber Risk Assessment, which was drafted in 2022, to inform people of the cyber risks Ireland faces.

“Today’s increasingly inter-connected world is dependent on digitalised processes, and it is vital that we work cohesively to ensure there is a high-level of cyber resilience across the State’s critical services. This can be achieved through a number of measures, including by strengthening the potential for current and upcoming cyber security-related statutory regulations.

“By examining potential cyber-risks across a range of sectors, this work provides an invaluable insight into an ever-evolving geo-political and technological environment and protects against potential threats posed. The report was carried out by my Department’s National Cyber Security Centre (NCSC), with the assistance of the Defence Forces and An Garda Síochána, along with other members of the report’s steering group.”

Minister of State Smyth added:

“The cyber risks facing a country, economic sector or individual party are intertwined with each other and with other types of risks. As a response to the pandemic, there was a rapid acceleration in the digitalisation of commercial, educational and social activities, which allowed these activities — which would otherwise have stalled — to continue.

“A large-scale digital breakdown post pandemic could cause more societal harm than it otherwise might have pre-pandemic, further underscoring the importance of robust cyber resilience across all sectors. The publication of today’s report provides a robust assessment of systemic cyber risks”.

The completion of a National Cyber Risk Assessment was one of the key measures identified in the ‘National Cyber Security Strategy 2019-2024’. Measure four of the strategy stated that the National Cyber Security Centre (NCSC), with the assistance of the Defence Forces and An Garda Síochána, perform a detailed cyber security-focused risk assessment of all critical national infrastructure (CNI) within the State.

The National Cyber Risk Assessment 2022 report was prepared by the NCSC, with the assistance of a steering group consisting of members from An Garda Síochána, the Office of Emergency Planning, the Defence Forces, the National Security Analysis Centre, the Central Bank of Ireland, the Commission for Regulation of Utilities (CRU), and the Commission for Communications Regulation (Comreg).

The report can be viewed and downloaded here.

See more stories here.