The National Cyber Security Centre says it has seen an increase in the number of significant cyber security incidents of up to 20%.
Most incidents are outages or mistakes caused by software or hardware failures - according to Director of the NCSC, Richard Browne.
He told RTÉ's News at One that "90% [of incidents] are failures, there’s no bad guy involved".
But he said the NCSC did see "a lot of" espionage, and a far smaller amount of sabotage, and also ongoing ransomware and theft, which remains "a really significant issue".
"At the edge of what we do are disinformation and misinformation, which aren’t strictly in our area, but they correlate with what we do."
In terms of espionage, Mr Browne described it as the organised theft of information held in Government, in academic circles, in NGOs by third parties, which are sometimes States, or can be criminal actors looking to make money.
Mr Browne said this happens "on an ongoing and regular basis", but said they have never attributed incidents to particular States.
However, he mentioned that other European countries had attributed similar threats from Russia and China.
Mr Browne said they would never have enough staff to deal with all threats, saying they could have 10,000 workers in the NCSC and still be fighting threats.
But he said that they had exceeded the planned staffing numbers.
The Centre has published a National Cyber Emergency Plan (NCEP) - which outlines the national approach for responding to serious cyber-attacks or incidents.
It is mainly aimed at Government departments and agencies, and potential victim organisations.
The plan says an effective response requires substantial planning and resources - and this capacity needs to be exercised regularly.
The plan outlines the process by which a National Cyber Emergency might be declared, managed and coordinated.
It also details how the Government would explain and communicate any attack to the public.
In the event of a national cyber emergency - a communications subgroup would be convened to issue information to the public, assisted by the Government.
We need your consent to load this rte-player contentWe use rte-player to manage extra content that can set cookies on your device and collect data about your activity. Please review their details and accept them to load the content.Manage Preferences
The plan defines a cyber emergency as any cyber event which causes or threatens to cause; death or serious injury or damage to property, the environment or the economy, or significant incidents impacting two or more critical sectors and which requires the activation of the National Emergency Coordination Group (NECG Cyber) to ensure an effective coordinated response for containment, mitigation and/or recovery.
The activities described in the NCEP rely upon three modes:
- Permanent Mode
- Warning Mode
- Full Activation Mode
Permanent Mode is the normal course of business, where situational awareness is maintained by various Government Departments and agencies.
Warning Mode is activated on receipt of evidence or communication from the NCSC or its members, other international organisations or partners which indicates a heightened risk of a cyber emergency type incident emerging.
Warning Mode can be used to decide if a Full Activation Mode is required.
Full Activation Mode is activated if an incident occurs which meets the threshold of a national cyber emergency - and would require the activation of the National Emergency Coordination Group.
The NCSC or the Minister for the Department of the Environment, Climate and Communications would make the decision to enter Full Activation Mode.
This decision may follow a period in which Warning Mode has been active, or if the incident is serious enough.
The plan says this mode "may also be activated if a 'large-scale cybersecurity incident’ is identified by the CyCLONe network at EU level or other international Peer organisations."
The National Cyber Security Centre says it will also perform periodic exercises to test the National Cyber Emergency Plan.
The plan says the private sector may be relied upon during a cyber security incident to mitigate any incident as quickly as possible.
The NCEP says a cybersecurity incident is usually a criminal act, and incidents should be reported in the first instance to An Garda Síochána or other regulatory agencies, such as ComReg or the Data Protection Commissioner.
An Garda Síochána has the primary responsibility for the investigation and any subsequent prosecution.
The NCSC says the attribution of cyber attacks to particular States is "particularly challenging".
"Attribution has many aspects - technical, political, diplomatic, legal and policy."
While the NCSC and gardaí. as well as private cybersecurity experts, might be able to attribute the attack to a particular bad actor, based on technical indicators, they might not be well-placed to consider the implications of singling out a country as responsible.
Therefore, the plan says; "public attribution of such attacks should be conducted by Government assisted by the advice of the NCSC".
