Good morning. I am delighted to be here this morning to open Dublin Info Sec 2016.
Firstly, I would like to acknowledge the work that has been undertaken by the organisers in preparation for this event.
We need only look at the Agenda to glean a snapshot of the breadth and complexity of the issues that arise in the cyber security field.
Along with our increasing reliance on digital services and technology is an increasing level of awareness of the risks and threats we face to our digital assets - be they websites or social media channels, portals, our databases including personal data, data centres and the rest of it.
We live in a digital world where everything is becoming interconnected, bringing huge opportunities for business and society. Our homes are becoming smarter, from TVs, to fridges, alarms, heating and air conditioning. All of these are being networked and accessible for personal convenience and enhanced control. With this new level of accessibility and interconnectedness comes new risks and dangers.
Government has been aware of the growing importance of information security for some time. In 2011, the Department of Communications, Climate Action and Environment was designated by the Government as the lead Department for this issue. That Department has established the National Cyber Security Centre, which includes the Computer Security Incident Response Team, which involves seconded staff from An Garda Síochána and the Defence Forces.
Last year the Government adopted Ireland's first National Cyber Security Strategy, which built on the long standing recognition of the State's own role in facilitating improved security in the on-line world. The Strategy set out how we would protect our digital assets, including personal data and infrastructure.
It calls for an enhancement of the National Cyber Security Centre’s capabilities to include critical national infrastructure and calls for awareness raising, training and education of individuals and businesses and for improved co-operation between stakeholders.
In recent weeks, my colleague the Minister for Communications, Climate Action and Environment has signalled his intention to place the National Cyber Security Centre on a statutory footing as a distinct office of his Department. A significant programme of recruitment is also underway for that unit.
The National Cyber Security Centre already plays an active role in dealing with Cyber Security incidents here, and also works with industry and across the public sector to inform them of critical developments elsewhere.
Much of the work on the issues being discussed here today is happening at a European level. Indeed, the Digital Single Market is a key priority for the European Commission. The ongoing work to tear down online is creating benefits and opportunities across the EU, but also involves new risks.
As many of you will be aware earlier this year, the European Union agreed a Directive on the security of network and information systems, which needs to be transposed into national law by May 2018 in along with the General Data Protection Regulation.
The Directive is a major change in how countries in Europe approach cyber security, and involves a shift in approach towards a more formal type of regulatory relationship in certain key industries.
In some essential services, we will be required to identify critical infrastructure operators, and to require them to report incidents on a mandatory basis and to meet certain security standards. In practical terms, this means that across the energy, transport, finance, health, water supply and digital infrastructure sectors, we will be actively identifying which physical infrastructure we regard as critical.
We will be working with these operators to ensure they measures to secure themselves against attack.
There is an ongoing public consultation on the Directive and I invite those of you with suggestions on the approach Ireland should take to make those suggestions known.
Earlier this year I published legislation dealing with attacks against information systems. The Criminal Justice (Offences Relating to Information Systems) Bill, defines criminal offences in the area of cyber attacks on information systems and the information held on them and seeks to establish effective penalties for such offences. The Bill creates new offences relating to
· unauthorised accessing of information systems,
· interference with information systems or with data on such systems
· interception of transmission of data to or from information systems,
· and the use of tools, such as computer programmes, passwords or devices, to facilitate the commission of these offences.
I intend to bring this legislation before the Houses of the Oireachtas as soon as possible.
The recently published Modernisation and Renewal Programme of An Garda Síochána sets out the significant work that is being taken forward to ensure the further development of law enforcement capacity in regard to cybercrime and cyber security
A dedicated Garda Cyber Crime Bureau has been established to ensure An Garda Síochána has the capacity and capabilities to deal with cyber crime and cyber security. The allocation of additional and support staff for the Bureau is ongoing.
In closing, I believe that we must all continue to work on finding solutions to the cyber security threat. Events such as today’s seminar allow for a space where ideas can develop to become potential solutions for the future and this exploratory work is vital.
I wish you well in your discussions today and hope that your conference is productive and provide longer terms benefits to us all.