We live under a constant threat from the technology which is embedded into almost every aspect of our environment: from the very basic of phishing scams, through the distortion of fake news to the threats to business and even national infrastructures.
The cyber world is fraught with danger and we need a robust cyber security ecosystem to counteract the evolving threats.
As one of the leading technology business locations in the world, Ireland needs to be at the forefront of cyber security to retain that position and based on feedback from an industry forum event in 2017 the establishment of a national cyber security cluster was called for.
Cyber Ireland was officially launched in Cork in May and since then almost 100 organisations have joined the cluster.
It aims to represent the cyber security sector ecosystem in Ireland at a national level; to bring together the key players in the cyber security sector which includes start-ups, indigenous SMEs, multinationals and academia —the various higher education instututes.
“We had the official launch of the organisation in May at Cork County Hall but that was mainly a publicity event,” says Dr Eoin Byrne, Cluster Manager, Cyber Ireland.
“We actually started the project in November 2018 and spent the first six months mapping out Ireland's cyber security sector: who are the key players from industry, academia and government.”
One of the first tasks for the cluster was a stakeholder engagement process involving three cluster initiation workshops held across the country, one each in Cork, Dublin and Galway.
“More than 110 companies’ representatives attended those events along with academics and government policy makers as well,” says Mr Byrne.
“That was about getting the word out there that we had a call for a cyber security organisation and we had identified the key challenges from engaging with industry and we wanted their feedback.
“We had panel discussions around what does Ireland need to do to become a leading cyber security location globally; we took that feedback and also ran a survey about what should be the role of a national organisation to represent the sector and to address these key challenges.”
That feedback was developed into a strategy for the cluster organisation; a cluster board was formed which comprised eight people from industry, three people from academia and three from government and they had the objective to implement what the companies were looking for over the next two years.
Mr Byrne says a number of the key challenges were identified in the workshops back in 2017 but the number one challenge was in the area of skills: “This was a big problem for the cyber security companies and also the wider tech companies because they are all looking for graduates and other people with cyber security expertise.
"And this is a huge international problem as well —it is predicted that there will be three-and-a-half million unfilled roles over the next few years."
One of the primary initiatives of Cyber Ireland is mapping all of the courses throughout Ireland that can get people into a career in cyber security; at the moment it is difficult to identify what are the particular courses and who is providing them both at the higher institutes of education and at the training provider level as well.
Mr Byrne says there is a difficulty in understanding the variety of cyber security roles: “A lot of people identify cyber security with computer science graduates, coders and tech guys —geeks even —but there are a lot more roles in cyber security than that; there is huge number across GDPR, Law, Education, Training, Management and so on.
"We are trying to create awareness of those types of careers for people, where you can do courses to get into those careers and our objective is to put that online on the Cyber Ireland website to address the talent and skills gaps.”
Here in Cork over the past 10 years, the Department of Computer Science, at CIT, have developed a suite of programmes with cyber security acting as a central pillar, including BSc in IT Management and the MSc in Cyber Security.
Several companies who have established operations in the region state that a key factor in their decision to locate here was the talent pipeline available (and at postgraduate level) from CIT.
A second key challenge identified by the cluster was around research and development: that there was a need to connect industry with academia to do cyber security R&D in Ireland.
“What came out of the workshops and what came back from the survey was companies felt that cyber security research needed to be promoted at a national level,” says Mr Byrne.
“The Irish cyber security R&D landscape is very fragmented throughout the country with a lot of research groups and centres in a number of universities, institutes of technology and the SFI centre.
"For example there is a cyber crime investigation centre in UCD; there is another research group in Athlone IT; there is data analytics and security centre in NUIG, and an enterprise security centre in CIT among many others, but the key point is there is no national cyber security research centre.”
Mr Byrne says a national cyber security research centre will bring together all of the key academic institutes from CIT, UCC, in particular UCD, and UL among others but, he adds: “The industry perspective comes from Cyber Ireland and we will be making the case for that to the various funding like SFI and Enterprise Ireland.”
Cyber Ireland’s remit is to represent the industry perspective of the challenges of cyber crime, and the reason it is so important is that cyber crime affects everyone.
“There are vast amounts of reports to show that cyber attacks and cyber threats are increasing every year,” says Mr Byrne.
“They are posing huge threats to governments and to elections as we have seen in the US and the Brexit.
"Cyber crime can also pose a critical threat to national infrastructure like utilities, telecoms and key important sectors that are so important to everyone’s lives, for instance, in Ukraine where the electricity grid was shut down by a cyber attack.
"Ireland could face significant threats because we are a very international country in terms of the multinational companies that have bases here; we are known as one of the best places to do business in the world and the IDA have had great success in attracting the top multinationals.
“Ireland not only needs to be a competitive place to do business, it also needs to be one of the most safe and secure places to do business if you want to keep the top tech companies here.
"We also have a huge number of data centres in Ireland, in Dublin alone there are 49; we have to ensure that those data centres are secure but also that the government is taking cyber security seriously as well.”
But aside from government and the larger multinationals one of the top groups facing huge risks from the cyber threat is the SME sector.
“They are at the most risk of cyber attacks,” says Mr Byrne. “So we have to ensure that there is security across all sectors and not just the tech and digitally dependent ones but also the strong sectors in Ireland like agritech.
“This sector is already facing challenges from Brexit and the Mercosur deal, and even climate change, but if Ireland wants to stay at the forefront of being an agritech leader we need to be making sure that when these companies are moving to digital technologies and the Internet-of-Things that they are cyber secure as well.”
The cyber crime ecosystem is constantly evolving and there are new trends emerging all of the time: one of those trends is the use of AI (artificial intelligence) and machine learning.
“We have to understand how to defend ourselves against them,” says Mr Byrne. “But up to 75% of cyber attacks are actually the most basic and standard types of attacks like phishing scams where the issue is really around wider training, awareness and education.
"So while we can get caught up in these new cyber attacks and trends a lot of it goes back to education and awareness.”