Cost of protecting government bodies from cyberattacks jumps to €2m
THE cost of protecting government technology infrastructure from hackers has risen almost eightfold in just two years, it has been revealed.
The National Cyber Security Centre (NCSC) saw its budget increased by the Department of Communications in 2017 to just under €2m, excluding the cost of staffing, up from just €250,000 just two years earlier.
Communications Minister Richard Bruton detailed the budget for the NCSC in a written parliamentary answer but declined to reveal details of its operational work or of recent cyberattacks that it has dealt with for “security reasons”.
A recent report by the Comptroller and Auditor General found that the NCSC had no strategic plan and requires a review of its funding. An oversight body set up to monitor the centre’s performance had not met since 2015 despite fears that have been raised on a number of occasions that the State is not well equipped to deal with cyberattacks.
There have been calls previously for the NCSC to be moved to the Department of Defence.
The NCSC was established in 2011 with a view to “securing critical national infrastructure” with an annual budget of €250,000, which remained unchanged until 2016 when it was trebled to €750,000, with a further hike to €1.95m last year, the new information revealed.
The NCSC provides a range of cybersecurity services to owners of government IT infrastructure and critical national infrastructure, with experts in computer science, software engineering, malware analysis and information technology forensics.
It is also home to the national Computer Security Incident Response Team (CSIRT-IE) and provides advice to government and analysis on cybersecurity issues, as well as co-ordinating significant incidents. It is expected to act as a central contact point in the event of a government or nationwide cybersecurity incident.
“The NCSC has been assigned a number of new roles under the recently signed Security of Network and Information Systems Regulations, which taken together, will mean that the State will have co-ordinated systems for the management of cyber-related risk to Critical National Infrastructure, and for the assessment and response to incidents,” said Bruton.