Britain’s top cybersecurity chief has said meetings with Irish agencies this week, along with planned meetings next year, are aimed at developing an “enhanced cybersecurity partnership” between the two countries.
Ciaran Martin, from Tyrone, is chief executive of Britain’s National Cyber Security Centre, set up in 2016 as part of the signals intelligence agency GCHQ.
Addressing the Institute of International and European Affairs, Mr Martin said he had met Ireland’s National Cyber Security Centre (NCSC), attached to the Department of Communications, on Wednesday, and was due to meet Garda and Defence Forces staff later yesterday.
“We are trying to work out co-operation at all ends at a state level, the most serious threats to the state, and the most serious criminal conspiracies, and then, more general harms to society,” he said.
“I would hope we come out of this and we come out of a planned series of meetings we’ve got in store for 2019 with really enhanced cybersecurity partnership between the UK and Ireland.”
Mr Martin told those attending, including senior civil servants from key departments and representatives of both the Garda and Defence Forces, that Brexit would not have an impact on co-operation between Britain and Ireland and other EU countries.
Mr Martin said co-operation, including transfer of classified information, does not depend on EU legal powers or agreements.
He welcomed the increased attention towards developing Ireland’s focus on cybersecurity. “In Ireland, there is a lot more attention on it, there’s clearly a focus on building up institutional capability and in the UK we’ve been through that journey,” he said.
The issue received particular focus recently, both in the report of the Policing Commission and an examination by the Comptroller and Auditor General.
The commission said Irish governmental institutions, infrastructure, and companies are “all at risk” from cyberattacks, as are the many foreign tech firms based here that are important to the economy.
It said Ireland needs to develop its capacity, both within the Garda and the NCSC, adding: “This was a matter not only of resources but also of the security apparatus of government”.
It said the NCSC should answer to a new national security co-ordinator and that a comprehensive national cyber security strategy should be published.
The C&AG highlighted similar issues and said a top-level Government committee tasked with developing cybersecurity policy had not met since July 2015.
It said the NCSC was in the main working out of accommodation in UCD and that the department’s funding of it in 2012-15 (€250,000 annually) was less than a third of the amount in 2011 (€800,000), though it rose to €1.95m in 2017.
Staffing grew from five to eight between 2012 and 2016 and to 14 in 2017.
Mr Martin said his centre boasts 850 staff, and was set to grow to 950 by 2021, and receives an overall budget of £250m (€280m).
He said it is up to the Irish Government to respond to the C&AG report, adding that what matters is that his agency has a competent body in other countries with which to share information.
He said the British and Irish bodies have shared information.
“There is already an existing exchange of threat information, some of which is classified. There is information flowing in both directions, so we have a capable partner, but we want to do more.”
Mr Martin said the major US tech companies in Ireland “spend multiples on security” of his agency.
He said he “doesn’t obsess about structures” and that the British model of having a central body, which is part of an intelligence service, may not be suitable for other countries.
Part of his mission, he said, is to “de-glamourise” cybersecurity and the fear and mystique attached to it. “I want to replace fear mongering with evidence-based risk assessment,” he said.
Mr Martin said an “essential part” of the work of his agency is public communication and giving out as much information as possible, including “large-scale declassification” of information which, he said, is a challenge for security and intelligence agencies.
He said the benefits far outweigh the risks involved and that improving the cybersecurity of individuals and small companies, as well as big corporations, has a significant aggregate effect on the state’s national security.
Mr Martin said there are serious threats from certain states, including Russia. “Since 2016, there’s clear evidence of a Russian campaign to try to destabilise some western political systems, most obviously pointed out by the US; also various parts of Europe and UK,” he said.
It was, he asserted, a “very serious priority” of the British centre to protect the British electoral system. He said Russia was also blamed for setting a Ukrainian power station on fire.