Gardaí working with North's PSNI on joint response to all-island cyber attack

The Irish National Cyber Security Centre was also present as an observer.

Detective Inspector Gerard Doyle of the Garda National Cyber Crime Bureau (GNCCB) told the Irish Examiner any significant cyber event would “likely” affect both sides of the border.

He said the exercise, known as Ludgate 3, was designed to test “resilience and cooperation” of gardaí and the PSNI in response of a “live attack scenario”.

The scenario took the form of a ransomware attack, including theft of sensitive data from a private health organisation, and blackmail.

The perpetrator was a cross-border organised crime group involved in human trafficking, drugs trafficking and extortion, enabled by cyber capabilities.

Det Insp Doyle said it was third time the exercise had taken place after being set up less than three years ago, in October 2023.

He said the focus this year was from an “operational perspective” in how responding police act, and cooperate with each other, when a cyber-attack happens.

The core agencies are the GNCCB and the PSNI CCIT (Cyber Crime Investigation Team).

“It takes a network to defeat a network and cyber crime has no borders,” Det Insp Doyle said.

“PSNI are our closest neighbours in law enforcement and we need to share knowledge and build connections.

“Any significant cyber event would likely affect both north and south — and Ludgate is about simulating our joint response.” 

Other Garda units involved in the exercise included Organised and Serious Crime, Garda National Economic Crime Bureau and Major Emergency Management.

The exercise is named after Percy Ludgate (1883-1922), an Irish amateur scientist from Skibbereen, Co Cork, regarded as a pioneer of computational mathematics.

Det Insp Doyle said the exercise had a range of objectives: develop cross-border communication procedures and response protocols; promote collective learning and skill sharing; promote responses to specific cyber-related crimes; examine the sharing of intelligence and develop joint media strategies.

For the exercise, there were six teams, each made up of facilitators and observers.

“It had all the elements of an actual attack,” he said. “There was a call into 999 from an organisation saying our computers are all down with an email stating what they were to do. Their data had been stolen and there was a ransom demand.” 

He said each of the teams were tested to see how they responded and their investigative skills.

Det Insp Doyle, who heads the Cyber Forensic Section of the GNCCB, said the scenario was similar to an actual attack on Extern in April 2024.

The well-known charity operates in both jurisdictions and works with socially-excluded children, adults and communities, involving the storage of sensitive data.

Det Insp Doyle said the threat from ransomware, still the single biggest form of cyber crime, had expanded as people could now apply it without having much technical knowledge.

He said people, including teenagers, can buy ransomware tools on the dark web, which shows them how to deploy it.

This has brought far more “randomness” to the attacks, making the job of police and intelligence services more difficult to predict and analyse.

He said AI was “enhancing” the scale and quality of the attacks, including by cloning voices and even video.

But he said “using his forensics hat”, AI was not just a threat but also an opportunity to “protect systems from attack”.