Good afternoon, Ladies and Gentlemen
I would like to thank the IIEA for the invitation to address the closing session of this conference. I wish to extend my congratulations to Brendan Halligan and his colleagues on hosting a very successful event today which has brought together a broad range of stakeholders for discussion on this key global issue, which brings with it both challenges and opportunities.
It is fitting that this conference is taking place in Ireland – the Internet Capital of Europe – and I believe that we are well placed to contribute to the worldwide effort to confront these challenges and to take maximum benefit from the opportunities presented. In my remarks today, I would like to focus on some of these issues and offer my own perspective on how we can keep cyberspace open and secure for all.
I am sure that you have all been closely following and discussing the news this week of the data breach at the Loyaltybuild company in which credit card details of 80,000 Irish customers were were compromised and many hundreds of thousand more were out at risk. The initial indications are that these breaches were an external criminal act. It is a timely reminder of the potential costs of cyber crime to individuals, businesses and government bodies in terms of financial and reputational damage. We recognise this, and swift action has been taken by the Office of the Data Protection Commissioner and An Garda Síochána to investigate the matter.
A number of countries have already had to respond to similar threats. Earlier this year, the people of the Republic of Korea experienced a coordinated cyber attack. At midday on the 20th March the hard drives of 30,000 PCs were wiped clean. It marked the beginning of a coordinated attack on six of the country’s banks, in a suspected state-sponsored cyber attack. Financial services were disrupted and taken offline as access was denied to the country’s ATMs. The President’s website and national broadcasting companies were also targeted.
The Government of the Republic of Korea has responded robustly to this attack, which caused over €500 million of damage to the economy. By 2017, it will have trained 5,000 additional cybersecurity experts and double its cybersecurity budget to €7 billion.
The lesson from both of these attacks is clear: individuals, businesses and government must be constantly vigilant and ensure that our systems evolve to meet the ever-growing threat.
We are gathered here today because of cyber-incidents such as this and their potential impact on us as citizens, businesses and governments. For a highly globalised country such as Ireland, responding to the global implications of cyber security is essential to protect the human rights of our citizens and the pursuit our economic interests.
Managing the risks arising from malicious use of cyberspace will allow us to continue to benefit from the vast opportunities in the digital economy, which currently accounts for almost 100,000 jobs in Ireland. It is also of critical importance in the broader economy where the Internet is a key enabler for job creation, modernisation and for generating economic growth.
I know that there has already been a great deal of discussion here today on the costs to business of global cyber crime, estimated at 2.7% of the annual turnover for Irish organisations, and also regarding the responses which are required in both the public and private sectors to address these threats. There is a compelling case for the public and private sectors to work together with a view to responding to these challenges. Such cooperation in addressing cyber challenges is vital, and also needs the involvement of civil society.
Initiatives such as the development and implementation of the Joint Government Industry ICT Action Plan have demonstrated that joint cooperation can allow us to achieve our common priorities.
Cooperation between my Department, the state agencies and the private sector has enabled us to promote the expertise Ireland can provide in areas such as information security, cyber crime, forensics and cloud computing. I would note here the excellent work being done by the UCD Centre for Cybersecurity and Cybercrime Investigation: leading by example, as the innovators stay one step ahead of the cyber-criminals.
However, we do need to build on this cooperation if we are to be successful in continuing to grow the digital economy and expand our thriving ICT sector. We must work to make cyberspace a secure place for our citizens to communicate and do business with each other, without fear of attack or surveillance. As I have previously said, I believe strongly that states should not bug friendly states and I reject out of hand the notion that extra surveillance should take place, just because the technology permits it. Such activity puts at risk our efforts to keep cyberspace open and free.
Internationally, Ireland is deeply involved in work with partners on the issues you have discussed today, such as capacity building, technical standards, norms and confidence-building measures. In these discussions, we bring to the table our experience of economic transformation at the vanguard of the ICT industry and our commitment to the values of openness and transparency.
We see an open and secure internet as an international public good and we reject efforts to transform the debate on security into one of control and repression. The protection of human rights must apply online as well as offline, notably in relation to freedom of expression and access to the internet. Problems in cyberspace must be peacefully resolved and without recourse to hasty responses.
Last year, as Chair in Office of the OSCE, Ireland took the lead in promoting internet freedom, addressing cybercrime and developing mechanisms to reduce the risk of conflict in cyber space.
We initiated a process to develop mechanisms, known as confidence-building measures, aimed at co-ordinating the joint response of the 57 OSCE participating states to cyber incidents. The primary objective of this process is to ensure that cyber incidents do not degenerate into conflict.
During the Dublin Conference on Internet Freedom which I hosted last year, we examined broader internet governance issues in OSCE participating States. Civil society actors, representatives of the ICT sector and the media discussed how to ensure that the internet remains an open, global and public forum for exercising freedom of opinion and expression and for facilitating the enjoyment of other human rights and fundamental freedoms.
Through a successful joint collaboration with Google, we continued those discussions here at the Mansion House, where conference participants had the opportunity to connect with representatives of the ICT sector.
During the OSCE’s Annual Police Experts’ Meeting, we focussed on the issue of “Fighting the Threat of Cyber Crime” and shared Ireland’s expertise in this area with representatives of police forces from the OSCE participating states.
Our EU Presidency earlier this year made good progress on a number of initiatives aimed at supporting and stimulating growth in the digital economy in areas such as data protection and reaching agreement among Member States on a framework for the implementation of the EU Strategy on Cyber security.
Let me conclude by assuring you all: representatives of civil society; business; the EU and other organisations represented here today, that Ireland will remain actively engaged on cybersecurity at the EU and international levels with the objective of strengthening resilience and improving international responses to cyber threats. It is an area where we need more Europe and more international cooperation, as the issues we face are too great for one country or one company to tackle alone.
Only a global coalition of citizens, businesses and governments can ensure that cyberspace remains a positive tool at our disposal.
At the national level, I will be working with my Cabinet colleagues to intensify cooperation across government Departments and within wider society. While much has already been achieved, keeping cyberspace open, secure and free will require constant vigilance and I look forward to working with you all in achieving this aim.
Thank you.