Intelligence on threats to national security should be shared between government agencies and with the private sector, the body responsible for communications security has said.
According to the Commission for Communications Regulation (ComReg) it is not possible to guarantee secure telecommunications networks within the State without access to intelligence on national security risks.
Ireland’s increasing reliance on telecommunications networks means their security has now become a “matter of critical concern”, it said in its submission to the Government’s public consultation on national security strategy.
Along with the Garda, Defence Forces and the National Cyber Security Centre, ComReg is responsible for guarding Ireland’s networks against attack, including cyber attacks.
With the ongoing rollout of 5G technology, nation states or groups acting on their behalf pose the biggest threat to cybersecurity, ComReg submitted, citing a recent EU cyber security report.
ComReg’s view of increasing cyber threats from State actors echoes those expressed in a defence policy review provided to Cabinet last month which warned that increased spying by foreign intelligence agencies poses a risk to national security and to foreign direct investment.
According to the National Cyber Security Strategy released in December, Ireland is particularly vulnerable to attack due to the large numbers of data centres here. By some estimates, Ireland is home to 30 per cent of all EU data.
New 5G technology will benefit society and technology but will also “increase the attack area of the network. It will also result in an increase in threats to and vulnerability within a network,” ComReg director of markets George Merrigan wrote in the submission.
Vendors of 5G technology, which allows for much faster internet speeds, have the capacity to cause devastating cyber attacks, especially when induced to do so by foreign governments, ComReg stated, citing the EU report.
Western governments and intelligence agencies are particularly worried about the role of companies with close links to the Chinese government, such as Huawei, in manufacturing 5G technology which may be vulnerable to espionage.
December’s National Cyber Security Strategy document stated there have been a number of “serious cyber security incidents” in recent years but the Government declined to provide further details.
Currently, the vast majority of information on national security threats, including threats of cyber attacks, is kept closely guarded by the State’s security services. Even when a major cyber attack occurs, information is scant.
ComReg called for the establishment of a mechanism for sharing and accessing national security intelligence “in a controlled way” and “particularly among State agencies”.
It said this should be achieved using a security clearance framework. Other countries allow personnel in both the public and private sectors to be granted varying levels of access to classified information, subject to background checks.
As well as allowing State agencies access to intelligence, the Government should also grant access to public companies responsible for communications networks, ComReg said.
This would mean allowing certain staff in companies like Vodafone or Eir access to classified intelligence on threats.
ComReg offered to assist in the development of a process to allow this to take place.
Such intelligence-sharing protocols are common in other countries, said Brian Honan, a cyber security expert and advisor to Europol on cybercrime.
These mechanisms operate as a “two-way street” which allows governments to share information with businesses and vice versa, he said.
“It also enables industry to raise specific concerns, observations or intelligence on attacks they have observed themselves with those government agencies.”
More and more, governments are relying on privately run companies to provide information on threats, he said. “While the government agencies can get specific data about suspected criminals and terrorists on foot of court orders, these agencies do not have visibility into the more widespread illegal and abusive activities that may be happening.”
Mr Honan added that if information is to be shared in this way, it is vital strict guidelines are in place to guard against misuse of personal data.