One of the UK’s top cyber officials has warned of the growing threat to cross-border telecoms, energy and transport infrastructure in Ireland, as she praised continued close cooperation with the UK on security.
Speaking remotely at an Institute of International and European Affairs (IIEA) event in Dublin, National Cyber Security Centre (NCSC) CEO, Lindy Cameron, noted that the two countries have “shared cyber interests” and a strong bilateral partnership.
This will become increasingly important given the likelihood of escalating cyber-threats impacting both Northern Ireland and its southern neighbor.
“Energy security for Northern Ireland is based on gas pipelines and electrical interconnectors to both Great Britain and across the border, including the Single Electricity Market. The energy sector is dependent on operational technology — connected systems that monitor and control automated industrial processes — to function effectively and efficiently,” Cameron explained.
“It is a realistic possibility that this reliance on operational technology and the interconnected nature of the energy supply network on the island of Ireland combines to create a potential target for cyber-attacks.”
Other potential threats could include a ransomware attack on the rail link between Belfast and Dublin jointly operated by Northern Ireland Railways and Irish Rail, she added.
Cameron warned that state actors are a persistent threat and could make their presence felt in the telecoms sector – where targets could be compromised to enable espionage in other sectors – and as sources of customer and communications data in their own right.
“Some managed service providers that operate in Northern Ireland provide services both sides of the border. It is, therefore, a realistic possibility that a cyber-attack on a telecoms provider could impact services to both of our countries,” she continued.
“The governments of both UK and Ireland have been clear that they will not tolerate malicious cyber activity, and we have and will publicly call out state-level attacks.”
These threats are no longer theoretical: the Irish Health Executive was in May hit by a highly disruptive ransomware attack that Cameron claimed put patients’ lives at risk.
The NCSC worked closely with its partners in Ireland following the attack, although the threat actors themselves handed over the decryption key after a few days as a “public relations move,” she said.