Skip to content

Pat Larkin, Chief Executive and Co-Founder of Ward Solutions – an Ekco company – addressed the Houses of the Oireachtas Transport and Communications Committee on Wednesday 30th March. His opening statement, which you can watch below, covered the increased cyber security risks, caused by the Russia-Ukraine conflict, that face Ireland today.

“We have started the journey and made some inroads,” Pat said, “but we are nowhere near the levels of protection required for this decade and the rate at which the threats are developing. Time is of the essence. We have seen malevolent nation-state activity for over 15 years. Ireland has been hit both directly and indirectly. National cyber security strategy, practice, capacity, resources, research and capability is not something that you can switch on in days and weeks in response to a specific crisis.”

The Houses of the Oireachtas play a crucial role in the democracy of Ireland, and it’s a testament to Ward’s presence and expertise that Pat has been invited to speak on multiple occasions.

Pat’s opening statement in full

The last time we were here, you asked contributors about the emerging trends we saw in the cyber realm, affecting our clients and what was required to mitigate such threats. This last hearing took place in the ominous shadow of the HSE cyber-attack. Since then cyber-warfare threats have escalated in a manner and in a timeframe, which has blindsided the majority.

On foot of the Ukraine invasion, Ward Solutions notified our clients in our situational security advisories, of what we believe to be significantly increased risks:

  • Increased criminal activity capitalising on emotive curiosity arising from the war.

  • Increased cyber militia activity from both global and local activists, attacking Russia, Ukraine or Western countries with commensurate direct or collateral damage and the associated problems with attribution and blame.

  • Increased nation-state activity responding to current geopolitical objectives. For example cyber actions as part of hybrid warfare, malicious reaction to sanctions and counterstrikes to actual or perceived nation-state cyber activity.

  • Failure of risk transference mechanisms, such as cyber insurance, arising from policy exclusions for cyber events, originating from nation-state activities or acts of war.

  • Attacks and disruption to near stream and downstream supply chains of national and global critical national infrastructure (CNI) providers such as finance, health, utilities, telecoms, cloud/SaaS, transportation etc.

  • The lack of capacity issue for already stretched cyber service providers to support wide-scale attacks.

  • Accelerated segregation (“cyber-Balkanisation”) of the Internet.

We continue to advise our clients on actions that should be undertaken, based on urgently revising risk assessment, mitigation and security operation plans. This encompasses increasing awareness, increasing security controls, performing basic and advanced cyber security tasks better, testing and rehearsing incident response, disaster recovery. We have advised our clients of the need to maintain a hyper-vigilant security posture for the long term, planning their programs and resource accordingly.

Out of the tragedy and adversity of the Ukraine invasion, where Ireland is not politically neutral and previously the HSE cyber-attack, where Ireland was at that time a politically neutral state – we can now see that neither aligned nor non-aligned status offers us effective protection from nation-state, militia or criminal cyber-attacks.

On a daily basis, Ward Solutions continues to deal with ever-growing operationally and financially crippling cyber-criminal activity against our clients, regardless of the current geopolitical situation.

Once again, I am appealing to this committee and to anyone that will listen, advocating the need for a more comprehensive, robust, better-resourced, highly innovative national cyber security strategy, integrated as part of our national security strategy to protect Ireland. We have started the journey and made some inroads, but we are nowhere near the levels of protection required for this decade and the rate at which the threats are developing. Time is of the essence. We have seen malevolent nation-state activity for over 15 years. Ireland has been hit both directly and indirectly. National cyber security strategy, practice, capacity, resources, research and capability is not something that you can switch on in days and weeks in response to a specific crisis. It requires deliberate planning and constant adaptation to extract short and long-term success. This strategy is needed to protect our society, citizens, public, private services and our prosperity. If well-executed, it will also bring very significant economic benefit to Ireland – the direct cyber security market is estimated to be worth $270 BN by 2026. There is a significant digital sector, which is heavily cyber security dependent. An effective National Cyber Security strategy offers multiple levels of payback not only funding the strategy but also returning real profits in terms of investment, jobs, export revenue, corporate taxes from the direct cyber security sector and from the cyber security dependent sectors.

The state’s role in this strategy should be that of leader, coordinator, enabler, incubator and accelerator.

I am also a board member of Cyber Ireland, whose chairperson and cluster manager presented to you in 2021. Cyber Ireland has been steadily working to coordinate the triple helix of Industry, Government and Academia in order to make Ireland a Cyber Security Global leader, over the last 4 years. As part of our work, Cyber Ireland recently commissioned an international expert study of the Cyber Security sector in Ireland and will be launching this study and an accompanying sectoral policy paper in May 2022. Both will be submitted to this committee. We believe these will be invaluable to your considerations on Ireland’s cyber security strategy.

Thank you for the opportunity to make this statement today.

Question?
Our specialists have the answer