This week’s column first appeared on Broadsheet.ie on Monday May 17th. I look at the massive ransomware attack on the HSE and the Dept of Health and remind us that experts have been warning for years that government is not taking cyber defence seriously enough.
We risk being the EU’s weakest link on cyber security despite our dependence on the digital economy.
Though I have related this Jeffrey Bernard anecdote here before, it still bears repeating. When Jeffrey Bernard was too “tired and emotional” to submit his weekly column to The Spectator, the editor would place an apologetic line explaining that there was no column that week as: “Jeffrey Bernard is unwell”.
There was also another one. It was longer, but less apologetic and appeared when the editor was feeling less charitable. It read: “Mr Bernard’s column does not appear this week as it remarkably resembles the one he wrote last week”.
Broadsheet’s editor could be forgiven for posting a similar renunciation here, as the discourse on the HSE cyber-attack I propose to put to you is effectively a re-statement of arguments and commentaries I’ve made many times over the past few years.
I have been warning about our failure to take national cyber-security seriously since late 2019. I highlighted it as a sub-plot in this column from Sept 2019 and then expanded on the problem in a column entitled: Pleading No Defence On Cyber Security.
I wrote this article for BEERG‘s weekly newsletter on Sept 23rd. The Newsletter goes to approx 1,000 senior HR professional across the EU and US.
I have been deeply involved in monitoring the development of the data privacy and protection issue since first working on the early legislative passage of the General Data Protection Regulation through the European Parliament and Council. This article features a link to an article I wrote for the EurActiv news-site in late 2012 on the complexity of GDPR’s employee data provisions.
I have added some extra paragraphs in this version that are pertinent to the Irish domestic situation and – not for the first time – I finish an article with my favourite LBJ saying/quote
This was the week when the stark reality of the Schrems II judgement became clear. When the rubber hit the road.
In last week’s BEERG Newsletter I portentously observed that the already complex position around Standard Contractual Clauses (SCCs) and other methods of transferring personal data to the US was about to become more complex. Little did we realise how quickly that would happen.
The Irish Data Protection Commission made a preliminary move to halt Facebook’s use of SCCs to cover the transfer of data from the EU to the US. Facebook has some 400m+ user in Europe. Facebook went to court.
Within days, the text of Facebook’s affidavit to the Irish High Court appeared online. Its contents fueled headline speculation in respected broadsheet newspapers and reputable media outlets that Facebook was threatening to quit the EU unless its concerns were addressed.
This column which looks (eventually) at Ireland’s ongoing political/policy neglect of data protection and cyber security and why the Defence Forces have a vital role to play in defending Ireland’s vital national infrastructure from cyber attacks. This column first appeared on Broadsheet.ie on July 20th 2020
Since I wrote my last Broadsheet column, An Taoiseach Michéal Martin has sacked a cabinet minister and reassigned three junior portfolios. According to his supporters this action, a mere 17 days after his first round of appointments, is proof of An Taoiseach’s cool decisiveness and a major rebuff to those who consider him a self-interested ditherer.
They may well be right, but either way his unplanned reshuffle does afford us the chance to look again at the choices made by An Taoiseach on June 27th and July 1st when he chose his team of senior and junior ministers.
Technically, of course, An Taoiseach did not choose most of them. Martin himself only got to name 5 cabinet and 8 junior ministers. 13 out of the 32 positions to be appointed. The rest, 6 Green and 13 Fine Gael were chosen by their respective party leaders and, we are told, beyond the allocation of portfolios, there was no consultation on the identities of any of those to be named.
So let’s look at some of those decisions. Actually, let’s not.
This Broadsheet column was written last Sunday aand appeared online on Monday morning (April 20th 2020) under the headline: They should be in it together
In 1945, just as the Second World War was ending, Britain faced a general election. Would post-war Britain be shaped by the Conservatives under Winston Churchill or by Clement Attlee’s Labour Party, a partner in the war time unity government.
The choice was clear, but the voters had no doubt who they wanted. They resoundingly rejected Churchill, the man who had led Britain to a victory that had sometimes seemed uncertain and opted instead for Attlee, the understated but progressive social reformer.
While historians offer several reasons for Churchill’s defeat, it boils down to voters seeing that a good wartime leader is not necessarily a good peace time leader. The skills (and policies) required to lead a country through a time of crisis and external threat are not the ones you need when you are trying to rebuild after that crisis. And vice-versa.
This week’s Broadsheet.ie column revisits the issue of #CyberSecurity. In it I look at three specific aspects:
The gaps in Ireland’s cyber security strategy and
The critical role the Irish Defence Forces should play in delivering that strategy
The opportunity this presents for Ireland to be a centre of excellence within the EU on cybersecurity
Several times over the past few years I have written about the need for a mature and grown-up public debate on Irish security and defence policy.
It is why the recent initiative by the folks at Slándáil, headed by former Irish Army office, Dr Gerry Waldron is so welcome. Launched at the end of September, Slándáil has set itself the not unambitious task of generating and encourage such informed debate with a two-day policy forum/summit at DCU next February.
While the forum itself will look at a range of global and national factors from the implications of climate change to the future of the Defence Forces and of policing, much of the discussion will focus on contemporary cyber challenges, as Waldron explained in a recent interview with the Irish Times.
The pity is that this awareness of the cyber threat has not yet filtered through those with political responsibility for the defence agenda in government.
This column appeared on Broadsheet.ie on September 24th and looks at the current government’s ongoing issues with grasping the critical importance of data and data privacy to our continuing economic growth and development. While the governments response to the Data Protection Commissioner’s findings that it broke its own laws in expanding the scope of Personal Service Cards shows a cavalier attitude to data protection, the total inadequacy of the states response to real cyber-security threats is frightening. The State must immediately given the Defence Forces a lead role in building cyber security capacity and give it the resources right now, including the ability to recruit and train the next generation of cyber security experts.
Twenty years ago (last Sunday) the first ever episode of The West Wing premiered on US TV.
Though anyone who has ever served in government can confirm that The Thick of It or Yes, Minister are more realistic portrayals of life along the corridors of power, The West Wing still represents the ideal, the way we would like to think it is.
This is due, in part, to the excellent characterisations, but it is mainly down to the quality of writing. The dialogue not only fizzed, it was informed by actual policy debates.
There were prescient. Much of it is still cogent despite all that has happened in the intervening two decades.