This time I have a non-OSINT piece, but something with a local flavour. This post is about the current and future challenges for policing the Irish cyberspace.
The article was originally published in the printed special edition of the IPA Journal for the centenary of the Irish police service, An Garda Siochana.
Policing the Irish cyberspace - the challenges for 2022 and beyond
In the context of the last 100 years of policing history in Ireland, cybercrime seems like a small blip when compared to the traditional challenges that An Garda Síochána has faced in that time. However, being a recent phenomenon that has emerged over the last decade or so, cybercrime is probably the most rapidly developing threat for both the Irish public and the security of the Irish state.
In the last few years in particular, we have witnessed an unparalleled intensification of cyberattacks, most of which (but not all) are financially motivated. The most recent and most severe challenge was the Conti ransomware infection of the HSE networks, which proved how serious and sophisticated the capabilities of foreign threat actors can be.
Without doubt, there is a lot more going on in the Irish cyberspace that the general public are aware of – especially when it comes to cyber-related operations of hostile, state enabled or state sponsored groups.
Being prepared for what is coming next in cyberspace does not rely solely on investments in new technologies and infrastructure. Organisations cannot fight cybercrime without the necessary well trained and experienced personnel. Furthermore, nobody can do it alone – that is why international cooperation with the European and global partners is essential for succeeding in the Irish cyberspace policing efforts.
With that in mind, I have composed a subjective list of challenges that lie ahead of An Garda Síochána and other Irish State agencies responsible for cybersecurity.
* STATE SPONSORED CYBER WARFARE
While Ireland is a neutral country – this does not mean that every other country or group perceives us in this way. Culturally and economically, Ireland is very much part of The West, which means that by virtue of those facts alone, we are automatically considered to be in opposition to many authoritarian regimes or rogue states.
Besides, given our country’s strong ties with the US and the presence of many US and multinational corporations here, Ireland and its cyberspace are very much perceived as a “legitimate target” for adverse cyber operations by those opposed to ‘The West’. This means that everything from hacking and data exfiltration attacks, disruption of services, state-sponsored cybercrime of all sorts, social media disinformation campaigns and more could be directed at this country.
One of the main issues with state sponsored cyber warfare is the attribution of the attack and establishing who exactly is behind particular actions. Unlike traditional warfare, and state sponsored cyber-attacks are effectively acts of war, cyberspace has no set borders to cross and there are no easily identifiable opponents occupying a delineated territory.
Crucial requirements in dealing effectively with these types of issues are working partnerships between An Garda Síochána and private institutions in Ireland – because virtually everybody is a stakeholder when it comes to cyber safety.
* JURISDICTION AND LEGAL ISSUES
The global IT infrastructure is becoming more complex, with wider distribution and greater decentralisation with each passing year. Often, we see information systems spread out across many data centres, located on different continents; cyberattacks against those don’t happen in any particular country, but “in the cloud”.
This creates many ambiguities when it comes to responding to cyber incidents, like: who exactly is the owner of the affected systems? How can individuals be held responsible for their actions if they commit attacks from non-compliant jurisdictions? What can be done if the legal processes between Ireland and another state are incompatible when it comes to responding to cybercrime?
This issue cannot be resolved without building strong partnerships between Irish State agencies and their counterparts abroad. It also requires mutual legal agreements and the simplification, standardisation and modernisation of laws governing cyberspace.
In the last few years, the Irish government empowered An Garda Síochána with some legislation in this area – but there are challenges to enforcing and executing these laws, especially when it comes to proactive efforts outside the State.
* INFRASTRUCTURE VULNERABILITIES
This is a very broadly defined challenge – but essentially, it concerns absolutely every organisation and entity operating in Irish cyberspace, as has been highlighted numerous times over the past year and more, with a number of indiscriminate ransomware attacks against both State owned and private networks.
The evolution of ransomware operations towards the “ransomware as a service” model and beyond means that absolutely anybody can be a target.This also means that Ireland’s State Agencies, like An Garda Síochána and other Departments must focus not only on securing the critical infrastructure and the government owned resources, but they also have to ensure that there are as few weak links as possible in the whole cybersecurity ecosystem.
Thousands of small and medium enterprises often can’t afford to ensure their own digital security and safety. Country-wide, the progressing and adoption of 5G networks is compounding the already existing vulnerabilities of the IoT (Internet of Things), devices that are widely being used in households and commercial entities across Ireland.
Outdated, unsecured and misconfigured devices and systems (both IoT and others) are often referred to as “digital asbestos” – they are so widespread that nobody knows their exact count; their exploitation by hostile actors can have detrimental consequences to organisations and to individuals. Policing this sphere requires proactive efforts in identifying vulnerable systems and assisting their owners mitigate the risks before disaster strikes.
* SPECIALISED PERSONNEL AND RETENTION
One of the most serious challenges for An Garda Síochána is the acquisition and retention of qualified, experienced staff in the fields of cyber incident response, network intrusions, malware analysis, digital forensics, cybercrime investigations and others.
The demand for expertise is increasing rapidly, and shortages of adequately qualified people is creating tough competition in all areas, creating many challenges in the hiring processes. To remediate this problem, an in-depth look at An Garda Síochána’s recruitment policies in respect of trained personnel in this area may be necessary.
It would take a major change in recruitment policy for the organisation to hire specialists directly for cybersecurity related roles without the prerequisite for such Garda members to serve several years in uniform in other roles, but this is a fast moving area and speed will be of the essence in dealing with it.
In today’s world, qualified and experienced personnel in this field are in much demand in the various areas of the private sector where such expertise is acknowledged and valued accordingly. The increasingly tough working conditions during the Covid-19 pandemic, coupled with the wide availability of career opportunities in the private sector makes the retention of highly qualified specialist even more challenging.
A multi-layered approach to combating this problem will always include dedicated specialists working in specialist’s roles, and since the foundation of the State, An Garda Síochána’s most valuable asset has always been the brave, dedicated and selfless people who make up the force.
I have no doubt that this will continue to be the case and I wish An Garda Síochána every success in all aspects of their work in the coming years.