We use cookies to collect and analyse information on site performance and usage to improve and customise your experience, where applicable. View our Cookies Policy. Click Accept and continue to use our website or Manage to review and update your preferences.


Ireland's plan to deal with cyber-emergencies
Pic: Shutterstock

06 Aug 2024 technology Print

Ireland's plan to deal with cyber-emergencies

The National Cyber Security Centre (NCSC) has published a plan setting out how Ireland should deal with any future cyber-emergency.

The centre says that the plan has been developed after extensive engagement with the public and private sectors, and two sector-specific emergency exercises in 2022 and 2023, as well as lessons learned from the HSE ransomware attack in 2021.

It outlines how a national cyber-emergency will be declared, managed, and co-ordinated, and sets out the roles and responsibilities of Government departments, public-sector bodies and private-sector cyber-security companies.

Critical sectors

The plan defines a ‘cyber-emergency’ as any cyber-incident that causes or threatens to cause:

  • Death or serious injury or damage to property, the environment or the economy or significant incidents impacting two or more critical sectors, and
  • An incident that requires the activation of the National Emergency Coordination Group (NECG Cyber) to ensure an effective co-ordinated response for containment, mitigation, and/or recovery.

Critical sectors include energy, transport, banking/financial market infrastructures, health, water, digital infrastructure, public administration, and space.

‘Complex undertaking’

The activities described in the plan rely upon three co-operation modes:

  • Permanent Mode: The normal course of business, during which situational awareness is maintained and incident preparedness activities are carried out,
  • Warning Mode: Activated when evidence indicates that there is a heightened risk of a ‘cyber-emergency’ incident emerging in a specific sector or sectors, this involves communications with stakeholders across Government and in the private sector as appropriate, and
  • Full Activation Mode: Activated if an incident occurs that meets the threshold of a national cyber-emergency that requires the activation of the NECG.

NCSC director Richard Browne said: “Responding to cyber-security emergencies effectively at a national level is a complex undertaking, due to the very wide range of potential incidents, and the diverse nature, extent and consequences associated with these.

“This plan establishes an architecture for coordinating the Government response in accordance with Irish and European legislation and policy.”

Gazette Desk
Gazette.ie is the daily legal news site of the Law Society of Ireland

Copyright © 2024 Law Society Gazette. The Law Society is not responsible for the content of external sites – see our Privacy Policy.