This week’s column first appeared on Broadsheet.ie on Monday May 17th. I look at the massive ransomware attack on the HSE and the Dept of Health and remind us that experts have been warning for years that government is not taking cyber defence seriously enough.
We risk being the EU’s weakest link on cyber security despite our dependence on the digital economy.
Though I have related this Jeffrey Bernard anecdote here before, it still bears repeating. When Jeffrey Bernard was too “tired and emotional” to submit his weekly column to The Spectator, the editor would place an apologetic line explaining that there was no column that week as: “Jeffrey Bernard is unwell”.
There was also another one. It was longer, but less apologetic and appeared when the editor was feeling less charitable. It read: “Mr Bernard’s column does not appear this week as it remarkably resembles the one he wrote last week”.
Broadsheet’s editor could be forgiven for posting a similar renunciation here, as the discourse on the HSE cyber-attack I propose to put to you is effectively a re-statement of arguments and commentaries I’ve made many times over the past few years.
I have been warning about our failure to take national cyber-security seriously since late 2019. I highlighted it as a sub-plot in this column from Sept 2019 and then expanded on the problem in a column entitled: Pleading No Defence On Cyber Security.
I wrote this article for BEERG‘s weekly newsletter on Sept 23rd. The Newsletter goes to approx 1,000 senior HR professional across the EU and US.
I have been deeply involved in monitoring the development of the data privacy and protection issue since first working on the early legislative passage of the General Data Protection Regulation through the European Parliament and Council. This article features a link to an article I wrote for the EurActiv news-site in late 2012 on the complexity of GDPR’s employee data provisions.
I have added some extra paragraphs in this version that are pertinent to the Irish domestic situation and – not for the first time – I finish an article with my favourite LBJ saying/quote
This was the week when the stark reality of the Schrems II judgement became clear. When the rubber hit the road.
In last week’s BEERG Newsletter I portentously observed that the already complex position around Standard Contractual Clauses (SCCs) and other methods of transferring personal data to the US was about to become more complex. Little did we realise how quickly that would happen.
The Irish Data Protection Commission made a preliminary move to halt Facebook’s use of SCCs to cover the transfer of data from the EU to the US. Facebook has some 400m+ user in Europe. Facebook went to court.
Within days, the text of Facebook’s affidavit to the Irish High Court appeared online. Its contents fueled headline speculation in respected broadsheet newspapers and reputable media outlets that Facebook was threatening to quit the EU unless its concerns were addressed.
This column which looks (eventually) at Ireland’s ongoing political/policy neglect of data protection and cyber security and why the Defence Forces have a vital role to play in defending Ireland’s vital national infrastructure from cyber attacks. This column first appeared on Broadsheet.ie on July 20th 2020
Since I wrote my last Broadsheet column, An Taoiseach Michéal Martin has sacked a cabinet minister and reassigned three junior portfolios. According to his supporters this action, a mere 17 days after his first round of appointments, is proof of An Taoiseach’s cool decisiveness and a major rebuff to those who consider him a self-interested ditherer.
They may well be right, but either way his unplanned reshuffle does afford us the chance to look again at the choices made by An Taoiseach on June 27th and July 1st when he chose his team of senior and junior ministers.
Technically, of course, An Taoiseach did not choose most of them. Martin himself only got to name 5 cabinet and 8 junior ministers. 13 out of the 32 positions to be appointed. The rest, 6 Green and 13 Fine Gael were chosen by their respective party leaders and, we are told, beyond the allocation of portfolios, there was no consultation on the identities of any of those to be named.
So let’s look at some of those decisions. Actually, let’s not.
This column appeared on Broadsheet.ie on September 24th and looks at the current government’s ongoing issues with grasping the critical importance of data and data privacy to our continuing economic growth and development. While the governments response to the Data Protection Commissioner’s findings that it broke its own laws in expanding the scope of Personal Service Cards shows a cavalier attitude to data protection, the total inadequacy of the states response to real cyber-security threats is frightening. The State must immediately given the Defence Forces a lead role in building cyber security capacity and give it the resources right now, including the ability to recruit and train the next generation of cyber security experts.
Twenty years ago (last Sunday) the first ever episode of The West Wing premiered on US TV.
Though anyone who has ever served in government can confirm that The Thick of It or Yes, Minister are more realistic portrayals of life along the corridors of power, The West Wing still represents the ideal, the way we would like to think it is.
This is due, in part, to the excellent characterisations, but it is mainly down to the quality of writing. The dialogue not only fizzed, it was informed by actual policy debates.
There were prescient. Much of it is still cogent despite all that has happened in the intervening two decades.
I have written several times about the developing crisis in Irish Defence policy-making and the impact this is having on morale and retention in the Irish Defence Forces. In this Broadsheet post from June 11th, 2019, I suggest how swapping ministers of state might help in the short-term to start the process of addressing this crisis.
It takes a rare political talent to make the Irish defence brief controversial, yet the hapless Paul Kehoe appears to have somehow managed it.
Stories of declining morale, chronic low pay, skills shortages and personnel retention problems fill the airwaves, and still the crisis worsens. Defence force strength which should today stand at 9,500 has been hovering perilously below 8,500 for months.
The 9,500 figure is itself misleading. The 2000 Defence White Paper set the number at 10,500. The reduction in 2009 to 9,500 was only intended as a temporary measure, yet it has entered the political psyche as some fixed upper limit.
While very little of the blame for these crises attach personally to Kehoe, realpolitik dictates that the time has come for him to move on. Kehoe must go.
This is a brief overview of some data protection issues for business to watch out for in 2018. It first appeared in this week’s BEERG weekly newsletter under the heading: #GDPR – 132 Days to go… but there is a lot more ahead.
Note my GDPR countdown clock to the right (or below on Mobiles) of the screen
Derek Mooney writes: No one needs reminding that the General Data Protection Regulation, 2016/679 (GDPR) the EU’s new pan European data protection law comes into force on May 25 – in 132 days, or 94 business days, (from Jan 12) 2018 will be the year of data protection as everyone -regulatory authorities and individual organisations alike – struggles to get used to the new regime.
Will Data Protection Authorities and individual companies be able to source sufficiently experienced Data Protection Officers to oversee the new laws? And if having the GDPR come into effect in 2018 is not a sufficient strain, you can add the issue of what happens to data transfers to the UK post Brexit?