Cyber Ireland Submission to National Cyber Security Strategy 2019-2024 Mid-Term Review

Cyber Ireland welcomed the publication of the National Cyber Security Strategy  Mid-Term Review in December 2022 and the Department of Communication’s engagement with Cyber Ireland members via webinar on January 20th.

Much has changed since the publication of the National Cyber Security Strategy (NCSS) in 2019. During the pandemic, it was evident that the need for cyber security has never been greater. However, due to the current economic downturn, companies are trying to reduce costs and do more with less, impacting IT departments and cybersecurity budgets. We must keep cyber security at the forefront of every business, government and citizen in Ireland.

Cyber Ambition – A National Cyber Security Commitment is Required

The European Commission publishes the Digital Economy and Society Index (DESI), which ranks Member States according to their level of digitalisation. Ireland is a European digital front-runner, ranking 5th out of 27 EU Member States (2022 edition). However, according to similar cyber security benchmarks, Ireland is an international laggard.

The ITU Global Cybersecurity Index (GCI) measures a country’s commitment to cyber security at a global level. In the GCI 20201, Ireland ranked 46th globally and 28th out of 36 European Regions. Our decreased commitment to national cyber security puts Irish citizens, government and businesses at risk of cybercrime and a disruption to essential services. It also affects our position of Ireland being a safe and secure place to live, work and do business.

A whole of government approach is required to ensure Ireland improves its commitment to cyber security and delivers on the NCSS vision of “an Irish society that can continue to safely enjoy the benefits of the digital revolution and can play a full part in shaping the future of the internet”.

A mature and diverse cyber security industry will play a significant role in accelerating the actions and meeting the objectives to achieve this vision, which has been demonstrated internationally by leading cyber security nations that have established robust cyber security industry sectors, like the USA (Rank No. 1), UK (2), Australia (12), Netherlands (16), and Israel (36) GCI 2020.

Government can play a central role in developing the Irish cyber security industry, and a strong industry sector will drive economic growth and support the state’s national cyber resilience. The Cyber Ireland position paper calls for an increased role for government as a driver of the cyber security industry, as a “Coordinator, Catalyst and Accelerator”. This opportunity should be reflected and integrated into the vision and objectives of the National Cyber Security Strategy:

  • As a coordinator of relevant departments and agencies to drive the development of the cyber security sector, setting out an enterprise development strategy, ambitious targets for growth and branding Ireland internationally. 
  • As a catalyst of cyber security start-ups and innovation addressing the needs of businesses, government and society. 
  • As an accelerator of cyber security companies in Ireland to scale and mature, deliver high value solutions and become internationally competitive.

By acknowledging the rapid change in the digital landscape since publication of the NCSS strategy in 2019, we must plan accordingly for future technological developments and transformation; the NCSS must be forward-looking. An analysis of the technological, economic and societal trends impacting our cyber security should be completed, with a plan of what will be required by 2030 drafted to ensure Ireland’s national cyber resilience.

To address current challenges, support coordination and ensure future cyber resilience, Ireland should invest in a cyber security campus to bring key stakeholders that contribute to our national cyber resilience from government, industry and academia under one roof. 

The campus would provide a centre for state cyber security, coordinate government departments and agencies, support enterprise development and offer training and enhanced technological innovation. The centre should also engage with the public to provide cyber security awareness training and education , strengthening our digital society. 

International examples of such a centre exist, like the French Cyber Campus, the Hague Security Delta Campus Netherlands, the Cybercampus Sweden, and CSIT in Belfast – the UK’s Innovation and Knowledge Centre (IKC) for secure information technologies.

Further detail on specific measures to achieve the NCSS vision through public-private partnerships and enterprise development is available under the relevant strategy sections below.

8. Public Sector Data and Networks
1. NCSC accreditation scheme for companies providing cyber security services to the public sector
2. Cybersecurity Baseline Framework for companies supplying the public sector

9. Skills (incl. R&D)
3. Multi-annual Cyber security skills in the Irish labour market Report
4. NCSC Accreditation of 3rd level Irish cyber security courses
5. A national cyber education and career programme for young people (11-18 year olds)
6. Research & Development, EU Funding
7. Strategic Advisory Group of Cybersecurity Research Stakeholders
8. ‘National Cyber Security Support Centre’
9. Establish a European Digital Innovation Hub on cybersecurity

10. Enterprise Development
10. Strategy on the development of the cyber security industry in Ireland
11. National Cyber Innovation Hub
12. Improving Cybersecurity Public Procurement for sector development