Report finds the NCSC is under resourced and over tasked

Share
A capacity review into the National Cyber Security Centre (NCSC) Ireland was carried out by consultants between January and March 2021.

The National Cyber Security Centre Ireland is “under-resourced and over-tasked” and does not have the “organisational design or capacity” to meet its goals, a confidential report has found.

According to a report in The Irish Times, a capacity review into the NCSC was carried out by consultants between January and March of this year which compared the centre to other organisations of a similar scope internationally.

The confidential report from the consultants found that a “significant burden” rests on the cyber centre to deliver against the national strategy but “based on our review, it does not currently have the organisational design or capacity to achieve all of the objectives.”

It also anticipated a “considerable strain” being added to the centre in the coming years with forthcoming cyber initiatives planned in the EU.

The report found that in terms of wider engagement with national infrastructure, the NCSC is “under-resourced and over-tasked” when providing advice to around 120 operators of essential services.

The review has made 45 recommendations including to develop a cross-Government taskforce; to develop a strategy for the NCSC; and to ensure legislation allows for the detection and disruption of “sophisticated threat actors” and to enhance the technical monitoring capabilities.

The consultants found the workload in the centre has increased significantly since its inception and they also raised concerns about the fact it acts as an advisor and regulator in some sectors.

The report called for an increased headcount and said the operations team should be augmented “as a priority” to include a dedicated intelligence team.

It also called for the development of a five-year strategy that would outline the role of the NCSC as the clear lead authority in cyber security within the State.

Overall the report found leadership in the centre to have a: “clear understanding of the organisation’s role and purpose, as well as a good understanding of how they would like it to develop".

The report went on to say: "However, legislation that gives ‘statutory legal vires’ to the full operation of cyber security capability required by NCSC is critical for an effective future operational posture.

“Future legislation should provide an explicit mandate for NCSC to properly monitor for cyber threats; establish its status as an independent organisation; define its remit within the national security framework of which cyber security is a critical domain and secure a defined single budget to enable longer term planning and capability development," the report added.

Share

Featured Articles

Palo Alto Networks, Deloitte and The Push to Platformization

By expanding their partnership to EMEA, Palo Alto Networks is bringing to Deloitte the platformization needed in the modern cybersphere

Insurers Now Spotlighting Identity and Privilege Compromises

Delinea's latest survey reveals a sharp rise in cybersecurity insurance claims, pushing for advanced identity protection measures. Dive into how AI and met

Trend Micro Address AI Threat to Mobile Users with New App

Trend Micro Check is an all-in-one solution that recognises the threats that deepfakes are now posing to mobile users in elaborate scams

Solarwinds CISO Wants Global Cyber Laws After Winning Case

Cyber Security

Resurgence of Spam: Cisco Talos Sound Alarm on New Tactics

Hacking & Malware

Cloudhouse Head Talks Laws Incoming After Crowdstrike Outage

Operational Security