RUSSIAN ESPIONAGE IS a ‘key risk’ to Ireland’s cyber security, an Oireachtas committee will hear today.

Richard Browne, director of the National Cyber Security Centre (NCSC), will warn that Ireland is not immune to cyber security threats, as governments and healthcare providers abroad see a rise in attacks.

“Events over the last few months show an ongoing worsening of the global cybersecurity environment, both in terms of new vulnerabilities and in the nature and extent of activity by threat actors,” he says.

Vulnerabilities in widely used applications, such as firewalls and VPN systems used for remote working have been “rapidly and extensively exploited” by bad actors.

According to Browne, Russia’s ongoing war on Ukraine continues to degrade Europe’s cybersecurity and problematic cyber tools are becoming more widely used.

“There are indications that the restraint previously shown around the use of these tools more broadly in Europe is fading.

“In particular, so-called hacktivist attacks are becoming more coordinated and effective and far larger in scale.”

Espionage, he says, remains a “key risk”, especially from the Russian military.

It is the risks associated with ransomware, Browne says, that are the most immediate threats to cybersecurity here, drawing on examples from abroad.

“In recent months, the ongoing pattern of ransomware has been punctuated by a significant number of incidents affecting large healthcare providers in the United States and elsewhere.

“In fact, there is now sufficient evidence to conclude that a combination of relatively poor cyber security practice and a demonstrated willingness to pay has resulted in somewhat of a feeding frenzy against some healthcare providers.”

In response to the concerns, draft legislation around the powers and responsibilities of the NCSC are being brought to Government.

This includes “a very substantial set of IT projects to support the increased number of subject entities”.

The NCSC currently has a staff of 58, but this is set to expand to 75, once those appointed pass security clearance.

Work is also underway to develop a national cyber security certification process, which organisations could use to demonstrate their compliance new standards.

At a European level, the Cyber Resilience Act and the Cyber Solidarity Act will likely be published later this year, he said.