Irish gov’t admits cyber security department struck by ransomware attack

The Department of Communications, Climate Action and the Environment heads Ireland’s National Cyber Security Centre

The Irish communications minister has revealed that his department, which is responsible for protecting the state from cyber attacks, fended off a ransomware attack last year.

Richard Bruton admitted to the 2018 breach on the Department of Communications, Climate Action and the Environment’s IT systems in response to a parliamentary question from Fianna Fail defence spokesperson Jack Chambers, who questioned why the government’s National Cyber Security Centre was headed by Bruton’s department despite it lacking any security, defence or intelligence credentials.

Bruton said the ransomware was successfully isolated and removed but didn’t reveal any more details, such as the duration of the attack or suspected perpetrators. Chambers said the disclosure reflected the government’s backward approach of viewing cyber security as an IT management issue instead of a strategic security and defence issue.

“It is alarming that this has raised no red flag or received further in-depth security input. Cyber-security and defence continues to be viewed as an IT management issue, when it should be a strategic security and defence component for the Irish state,” he said.

Cyber criminals are increasingly targeting national and local government departments and public sector organisations with ransomware attacks due to their ageing infrastructure. According to a Tenable and Ponemon report, 88 percent of public sector organisations have faced at least one cyber attack since mid-2017.

While it’s not unusual for governments to hide cyber attacks committed against them from the public due to fears any information might compromise national security, it is rare for defence department’s to be  siloed from attempted cyber attacks, due to their increasing weaponisation by state and nonstate actors.

Ireland is no stranger to ransomware attacks. In January, hackers attacked the website of Dublin’s tram system Luas, threatening to leak the company’s private data if a ransom was not paid within five days. The operator later admitted 3,226 user records were compromised.

• Via The Times