A former director of military intelligence has called on the Government to establish a “lessons learned” group to analyse what led to last week’s cyberattack of the HSE to ensure that such an attack does not happen again or to a more vulnerable sector.
The HSE said that no systems are back up and running yet following last week's cyber attack, with the health sector remaining under massive pressure today with widespread cancellations.
The attack was "a wake-up call for the State", Michael Murphy, who is now a security consultant, told RTÉ radio’sshow.
It was lucky that the attack was not a case of national survival, it could have been an attempt to poison the water system or to shut off power.
“It could have put us back to medieval times,” he said. “This is what can happen, there are new threats out there.”
Mr Murphy asked what had been learned from the previous cyberattack in 2017. “I don’t think they learned from that.”
No system was 100% secure, he said, adding “that’s not possible.”
There should be a national prevention team that constantly tested the system and coherence between all Government departments and agencies.
At present cyber security was split between different services and departments.
Mr Murphy pointed out that the National Cyber Security Centre had a budget of only €5m per year while the Data Protection Commission had a budget of €70m.
Having a national security policy was important along with coherence between Government departments. There should be a national security intelligence adviser – one person who would have the authority to get things done across all departments and services.
At present there were many small groups “trying to do their best”, but he warned that the weakest point would be found.
Mr Murphy questioned why so many details were required to register for the Covid-19 vaccine, saying that that information was “a treasure trove for criminals”.
If any group got into that information it could be detrimental for so many people, he said.
“What else did they need for a criminal to get into your bank account? Your favourite colour?" he said.
“Why was that amount of information required in the first place? A PPS number should have been enough.”
Mr Murphy said he expected the Taoiseach to form a “lessons learned” group to ensure that this did not happen again or to a more critical sector.