*Check against delivery
RDS, Ballsbridge, 1st November 2017
Ladies and Gentlemen,
It is a pleasure to join you again for this year’s Dublin Information Sec.
I’d like to start by complementing the organisers of today’s event. The line-up is really remarkable and the range of topics equally impressive.
The diversity of the agenda reflects the complexity of the topic at hand. Cyber Security is a multi-disciplinary topic – a complex topic – that demands nuanced responses. That’s why today’s event is so important, bringing together key stakeholders from around the country and around the world.
A year is a long time in politics but it’s an even shorter year in the cyber world. Since I spoke to you this time last year, we have experienced a major worldwide and domestic cyber security threat in the form of a ‘ransomware’ attack. Every week it seems we read about a new alleged interference in a business or political system.
We are trying to keep up on the legislative front…
One of the last Bills I enacted as Minister for Justice & Equality this year was the Criminal Justice (Offences Relating to Information Systems) Act 2017.
This Bill represents landmark legislation in this jurisdiction as it is the first Irish statute specifically and solely dedicated to cybercrime. Considering the increased reliance on information and communications technology in the modern world, it’s vital that we seek to protect key infrastructures and to maintain users’ confidence in the safety and reliability of such systems. It’s in the best interests of businesses, the government sector and individual citizens alike.
The Act creates new offences relating to:
- unauthorised accessing of information systems
- unauthorised interference with information systems or data on such systems
- unauthorised interception of transmission of data to or from information systems, and
- the use of tools, such as computer programmes, computer passwords or other devices, to facilitate the commission of these offences relating to information systems.
The legislation also contains significant new search and seizure powers for the Garda Síochána in relation to information systems and their data.
In May , I also published the General Scheme of the Data Protection Bill 2017. Clearly this will have significant implications in both the public and private sector, and in my new role, as Minister for Business, Enterprise & Innovation, I will be working with SMEs to ensure they are ‘GDPR ready’.
Given our reliance on networks and connected devices for everything, as individuals, organisations or States, any threat to the availability, authenticity, integrity or confidentiality of data or systems themselves pose a real risk to our society and economy.
We have all learned that there are a range of entities out there wishing to take advantage of this dependence – sometimes for mere monetary gain, sometimes to attack critical infrastructure and sometimes to undermine the very basis of our democracy.
States all over the world are struggling to adapt to these evolving challenges, as are international organisations. The speed at which attacks can arise, and the dynamic way they can morph in nature and shift around the world is genuinely something new and different. It poses some very difficult questions for States and business alike.
In the last decade, a mode of responding to these issues has evolved, based on trust, voluntary reporting and sharing information on threats and appropriate responses.
This works, to a point. But around the world, Governments are deciding that we need to go further.
As everyone will be no doubt be aware, in Europe, this decision has given rise to the EU Network and Information Security Directive. This is a game changer for Cyber Security in Europe.
For the first time, Critical Infrastructure operators across the EU will be bound, by law, to meet a set of security standards and to report incidents to Member States.
Moreover, key Digital Service Providers, or DSPs, will also be bound by a different set of security rules and to report incidents to the Member State in which they are based. These include cloud computing providers and search engines – meaning that Ireland will have a very significant role in managing this new system.
The Directive is currently being implemented by my colleague, the Minister for Communications, Climate Action and Environment, Denis Naughten, with a transposition deadline of 10th May 2018. That Department has already identified the Critical Infrastructure Operators likely to fall under the purview of the Directive, and will shortly be publishing the draft security measures for these operators for public consultation.
The National Cyber Security Centre, an office of the Department of Communications, Climate Action and Environment will manage this process, in addition to their existing roles around protecting Government systems and data and the ongoing incident response work they conduct around critical national infrastructure.
Our role, as a location for so much of the European data economy, puts Ireland in a unique position. For a start, we are home to significant operations of the world’s leading cyber security firms, both because they want to serve those other companies based here, and to sell their services across the rest of the EU.
The top 5 worldwide security software companies are in Ireland. And there are over 6,000 cyber security jobs now in place here.
Secondly, the value and importance of this data, and the processing power that supports, is extremely significant. It confers upon us a strategic importance that we may never have had before. In all of this, there are some very real challenges and some equally real opportunities.
In the first instance, we have some real issues around protecting this infrastructure, and maintaining this position. In the second, we have an opportunity to create a self-sustaining cyber security ecosystem here, one where indigenous SMEs and multinationals can work together, and make Ireland a real centre of excellence in this space.
I know that Minister Naughten is in the early stages of preparing the next National Cyber Security Strategy, and that this question will be at the forefront of his mind in drafting this. I look forward to working with him on this – indeed I know that officials from my Department and from the IDA are already in discussions with Minister Naughten’s Department.
Finally, I wish you all the very best with the day ahead. There is much to discuss and much to learn about.