'Aggressive response' needed to tackle cyber threats facing Ireland

This is because Ireland is a host to some of the world’s largest tech providers and cloud computing facilities as well as the worsening geopolitical situation and the threat posed to Europe resulting from Russia’s war of aggression in Ukraine.

The centre said it “regularly observes state-aligned threat actors carrying out scanning and other reconnaissance activities” targeting Irish government and State-owned networks.

Publishing its 2025 National Cyber Risk Assessment, the NCSC said Ireland was at risk from cyber attacks on “shared critical infrastructure”, such as gas and electricity pipelines connecting Ireland to the UK and France.

The risk assessment is being published on Tuesday at the NCSC Conference 2025 in Dublin.

In the assessment, NCSC director Richard Browne said the report underlined the need for a “coordinated” national approach to cyber security, including a whole-of-society approach.

Security and prosperity 

“It is also clear that the accelerating nature of some of the risks demands an aggressive response by the State, including by making full and active use of EU legislation,” he said. 

“Our future security and prosperity relies on our maintaining Ireland’s position as a digitally advanced, secure, and trusted partner within the European and global cyber domain.” 

In his foreword, justice minister Jim O’Callaghan said: “Ireland's digital infrastructure underpins all sectors of our society, delivering essential services that keep our hospitals, public transport, communications and energy supply functioning.” 

He said that identifying and developing comprehensive responses to risks that threaten these services was “essential to protect our security and overall resilience”.

The report said cybercrime “remains the foremost cyber threat” to Irish citizens, businesses and national infrastructure.

It said Ireland continued to observe “a rising prevalence” of activity from hackers, noting that, across the European Union, such activity accounts for approximately 80% of recorded cyber incidents. It said this was driven primarily by low-level Distributed Denial of Service (DDoS) activity.

Hostile states 

“While some cyberattacks are ideologically motivated, state-aligned threat actors are seizing the opportunity to blend their activities in with these disruptive cyberattacks, executing attacks under the guise of hacktivism, as observed by the NCSC during the recent European elections in Ireland," the report said.

It added: “State-aligned threat actors continue to pose a significant threat to Ireland’s national security. Although the likelihood of a successful cyberattack directly targeting Ireland’s critical infrastructure remains relatively low, Ireland’s strategic interests and international profile make it an attractive focal point for sophisticated state-aligned actors.” 

The assessment said that as a democracy and EU member state, Irish interests are “valuable targets” for state-aligned threat actors intent on weakening democratic processes, generating division within the EU, as well as eroding economic, stability and destabilising western societies.

“Given Ireland’s position as a digital hub, a centre for innovation and research and its pivotal location along subsea interconnectivity routes, these factors collectively influence Ireland’s visibility as a target within the global cyber threat landscape,” it said.

The report said Ireland’s critical infrastructure includes electricity, transport, water and waste water, phone and internet connectivity, financial transactions and its democratic institutions.

It said “Ireland and the EU” continue to experience the impacts of Russia’s war of aggression in Ukraine and that the EU has identified a broader range of offensive cyber activities by groups aligned to Russia and China.

It said this poses a threat to Ireland’s public administration services, critical infrastructure and political institutions.

The report pointed out that Ireland’s essential services rely on both onshore critical infrastructure and shared critical infrastructure with the UK and EU. It said that as geopolitical tensions rise, hybrid attacks, including cyber, targeting shared infrastructure have increased globally. 

Geography immaterial

The NCSC said a country's geographic location was often “immaterial” to threat actors seeking to conduct cyberattacks.

The report said: “As Ireland forms a crucial link in the global digital supply chain, there is a growing risk that its services could be impacted as a second-order consequence from attempts by malign actors to compromise systems or services elsewhere.” 

It said that cyber espionage — seeking access to sensitive information or intellectual property — was typically perpetrated by advanced, well-funded and resourced groups.

“As a central hub to many of the world’s leading multinationals and a centre of excellence for research and innovation initiatives, Ireland presents an attractive target for malicious actors seeking to obtain sensitive information via cyber-espionage operations,” the assessment said.

“The NCSC regularly observes state-aligned threat actors carrying out scanning and other reconnaissance activities targeting Irish government and state-owned networks. Given the global reach and ambitions of many of these threat actors, this is unsurprising and is certain to continue and likely to increase in the future.” 

It said targeted disruptive and destructive cyberattacks represented one of the most serious threats to critical infrastructure.

Water attack 

It said that in November 2023 operational technology used in Irish water facilities were accessed by a state-aligned threat actor.

It said that by defacing the technology with politically motivated notices, the attack had “direct operational impacts” on a private water scheme in the west of Ireland, leaving up to 160 Irish households without water for up to 48 hours.

The NCSC said that cyber activity as part of “information operations” was a growing security threat to the EU and its member states, including Ireland.

“With increasing frequency and intensity, hybrid activities combine a mix of information operations, such as Foreign Information Manipulation and Interference (FIMI) and ‘hack and leak’, with disruptive cyber activity, often conducted by state-aligned threat actors under the guise of hacktivism,” the report said.

European election

It said that in June 2024, the Irish electorate went to the polls to cast their vote in the European elections.

"On the afternoon of the elections, several websites hosting election and transport information were targeted by DDoS attacks, conducted by a hacktivist threat group," the report said. 

"These cyberattacks followed a similar pattern to attacks targeting elections across Europe. The sophistication of the attacks was low, and the impact was minor as affected sites were able to implement basic mitigation strategies to prevent major disruption.” It said that, overall, these cyberattacks had little observed impact on the conduct of the elections and received little media attention, but the attackers broadcasted the success they had against these websites on their public Telegram channel.

“The NCSC has increasingly observed instances of state-aligned threat actors adopting or using hacktivist fronts to mask their identity when conducting such cyberattacks, while greater cooperation between criminal groups and pooling of resources has increased the level of disruption possible,” the report said. 

Ransomware

It said ransomware attacks can impose substantial financial losses on companies targeted and disruption on crucial services, highlighting the ransomware attacks on major UK retailers Marks & Spencer, Co-op and Harrods last April.

The assessment recommended that Ireland expand the State’s monitoring and detection capabilities in cyber and hybrid (which also includes physical attacks), including timely intelligence reporting through existing national security structures.

It called for an expansion in the scope and scale of the NCSC Sensor Programme to actively detect malicious cyber activity across entities.