The "robustness and security" of Ireland's crime-solving DNA database will be "kept under active review" by an oversight group tasked with monitoring its operation and security.

This comes as a top computer systems academic has said the database could be vulnerable to a cyber-attack.

Concerns centre on a lack of independent security testing for the merging of Forensic Science Ireland’s IT infrastructure in to the Department of Justice. Forensic Science Ireland (FSI) operates the DNA database.

The DNA Database System Oversight Committee, which monitors the DNA database’s operation and security, expected the IT migration and security test to be completed by last year.

A domain collapse – or the merging of FSI’s IT assets in to the Department of Justice – and independent security testing was expected to happen by the end of 2021.

Expressing disappointment in the report, it said the "robustness and security" of the systems underpinning "the successful and safe functioning of the DNA Database System" will "continue to be kept under active review" in 2022.

The committee added "the issue of security" was a priority for it "throughout 2022 and indeed remains so".

"It had been planned and expected that the domain collapse would have been completed prior to the end of 2021.

"The Committee had previously requested that independent security penetration testing of the system be completed following this domain collapse.

"As at 31st December 2021 neither the domain collapse nor the security testing has been achieved.

"It is acknowledged that this undertaking is one of immense complexity and involves a very large body of work," said the committee.

"The commitment of both the Director and staff of FSI and their counterpart unit in the Department of Justice for the successful and timely completion of this project has been outstanding.

"Nevertheless, it is disappointing that as at 31st December 2021 the completion of the domain collapse has not been achieved," it added.

Risk exposure

Dr Simon Woodworth, a lecturer in business information systems at University College Cork, told RTÉ's Morning Ireland he was concerned a cyber-attack could happen.

"The problem is that with any delay in this sort of work, there is a risk exposure," said Dr Woodworth.

"We know the DNA data has to be preserved with absolute integrity.

"What would bother me slightly is that without a penetration test being done on its eventual location that a criminal syndicate, or a well-organised crime gang, might finance or contract a Russian hacker team, or something similar, to go and attack that database itself.

"If the integrity of the data is undermined or it is suspected that the integrity of the data is compromised that DNA data is not going to stand up in a court of law.

"I think that concern will remain until a thorough penetration test is completed," Dr Woodworth said.

FSI confirmed the IT work described in the DNA Database System Oversight Committee's report will not be done until the end of the third quarter of this year.

Its Director General Chris Enright confirmed the IT system behind the DNA Database is safe.

"We are following all of the appropriate procedures and policies in relation to data retention, deletion, so we are doing all of those as best we can until this new IT infrastructure is put in place," Mr Enright said.

"A big focus for us over the last couple of years is to simplify and consolidate the various IT platforms that we have in place and collapse them under a single department of justice IT domain.

"What that means is completely refreshing the IT hardware we have and consolidating all FSI information technology under Department of Justice infrastructure that will come with best practice security, server upgrades on an ongoing basis.

"That’s our plan. We hope to complete that in Q3 of this year.

"Once it is completed we plan to do an independent security assessment to give the DNA oversight committee some insurance that the appropriate processes and robustness is in place."

The report states in its findings that "the committee is satisfied with measures employed by the Director of FSI to ensure that the DNA Database System us not improperly accessed by any person".

It added that it "continues to emphasis the importance of the security system as an integral part of the FSI IT programme".

Morning Ireland asked the Department of Justice if it is satisfied the DNA database is safe from cyber-attacks.

It responded: "The Department takes its responsibilities seriously with regard to cyber security and uses technologies and procedures to secure its networks.

"For reasons of operational and national security it would not be appropriate to disclose details of the Department’s cyber security arrangements, or those of State offices, agencies and bodies under the Department’s remit."

The DNA Database Oversight Committee’s report also shows the number of profiles in the DNA Database System grew by 20% to 58,703, while 920 crime investigations, including robberies, firearms offences, serious sexual assaults, aggravated burglaries and other crimes, were assisted by the database.