Government agrees significant expansion of the National Cyber Security Centre

  • 20 additional posts created in response to cyber security threats

The Minister for the Environment, Climate and Communications Eamon Ryan TD and Minister of State with special responsibility for Communications and the Circular Economy, Ossian Smyth, TD are pleased to announce that the Government has agreed to an expansion of the National Cyber Security Centre (NCSC) from 25 to 45 staff over the next 18 months, and to 70 within 5 years. The associated budgetary increase for the NCSC for 2022 is estimated at €2.5 million.

A significant package of other measures to further strengthen the capacity of the NCSC to respond to the growing threat from cyber criminals was agreed by Government today, including the development of legislation to establish the NCSC on a statutory basis with a set of formal powers and a legal mandate.

The overall package of measures approved includes:

  • That the role of Director of the NCSC be re-advertised at a salary of €184,000 (Deputy Secretary scale) to reflect the scale and importance of the role and to attract experienced candidates
  • The Director will have responsibility for building and leading the NCSC, further developing the operational capacity and expertise of the NCSC and supporting the development of the policy and legislative framework relating to cyber security in the State
  • A single HQ for the NCSC which will provide the required security infrastructure and capacity. The NCSC will be accommodated within the Department’s new Headquarters (HQ) in Beggars Bush
  • Developing a 5 year technology strategy for the NCSC that scopes its internal requirements, and its relationship with academia and industry
  • In addition to the recruitment of 20 additional fulltime roles, a cyber security graduate training programme will be initiated by the NCSC in 2021, with four computer science graduates recruited each year on contracts of three years duration.

Minister Ryan said:

“This investment marks a step change in the evolution of the National Cyber Security Centre. The expansion we are announcing today will enable the organisation further develop its competence and capacity to help defend and protect IT systems and our key services into the future.

“As Ireland is a leading digital economy, protecting the cyber security of Government IT and critical national infrastructure is vital. The NCSC has an important role in gathering intelligence on cyber threats and in sharing that information and providing expert guidance. The Government is committed to ensuring that the NCSC has the appropriate level of resourcing to enable it deliver on its important mandate.”

Minister Smyth commented:

“Today’s positive action by Government is being taken against the backdrop of a steady increase in the number of significant cyber incidents in the past number of years, including the recent incidents affecting the HSE and other healthcare providers internationally, as well as Colonial Pipeline in the US, and more recently, Kaseya.

“This trend is reflected across the globe, with many Governments and supranational organisations, such as the EU and UN, recognising that the threat of malicious cyber incidents can have potentially devastating security, economic, social, and humanitarian consequences. While individual organisations and citizens need to take appropriate steps to protect themselves in an online world, today’s decision will ensure that NCSC has the appropriate mandate and resources to continue to support them.”

The government decision today follows recommendations made by Minister Ryan on receipt of a Capacity Review of the NCSC by an independent third party, which was already underway before the recent HSE cyber attack.

The capacity review was one of the measures in the National Cyber Security Strategy published in late 2019 which set out a broad range of measures to be taken to improve the security of public and private IT systems in the State.