Report finds the NCSC is under resourced and over tasked

A capacity review into the National Cyber Security Centre (NCSC) Ireland was carried out by consultants between January and March 2021.

The National Cyber Security Centre Ireland is “under-resourced and over-tasked” and does not have the “organisational design or capacity” to meet its goals, a confidential report has found.

According to a report in The Irish Times, a capacity review into the NCSC was carried out by consultants between January and March of this year which compared the centre to other organisations of a similar scope internationally.

The confidential report from the consultants found that a “significant burden” rests on the cyber centre to deliver against the national strategy but “based on our review, it does not currently have the organisational design or capacity to achieve all of the objectives.”

It also anticipated a “considerable strain” being added to the centre in the coming years with forthcoming cyber initiatives planned in the EU.

The report found that in terms of wider engagement with national infrastructure, the NCSC is “under-resourced and over-tasked” when providing advice to around 120 operators of essential services.

The review has made 45 recommendations including to develop a cross-Government taskforce; to develop a strategy for the NCSC; and to ensure legislation allows for the detection and disruption of “sophisticated threat actors” and to enhance the technical monitoring capabilities.

The consultants found the workload in the centre has increased significantly since its inception and they also raised concerns about the fact it acts as an advisor and regulator in some sectors.

The report called for an increased headcount and said the operations team should be augmented “as a priority” to include a dedicated intelligence team.

It also called for the development of a five-year strategy that would outline the role of the NCSC as the clear lead authority in cyber security within the State.

Overall the report found leadership in the centre to have a: “clear understanding of the organisation’s role and purpose, as well as a good understanding of how they would like it to develop".

The report went on to say: "However, legislation that gives ‘statutory legal vires’ to the full operation of cyber security capability required by NCSC is critical for an effective future operational posture.

“Future legislation should provide an explicit mandate for NCSC to properly monitor for cyber threats; establish its status as an independent organisation; define its remit within the national security framework of which cyber security is a critical domain and secure a defined single budget to enable longer term planning and capability development," the report added.

Share

Featured Articles

UK police cyberattack a reminder of third party risk

Cyber criminals use back-door suppliers cyberattack to spread alarm through Britain's biggest police force

Building Cyber Resilience into ‘OT in Manufacturing’ webinar

Join Acronis' webinar, Building Cyber Resilience into ‘OT in Manufacturing’, 21st September 2023

Trustwave report on hospitality industry security threats

Nearly 31% of hospitality organisations have reported a data breach in their company’s history, according to a Trustwave cybersecurity report

Barracuda Managed XDR uses AI to uncover cyber incidents

Technology & AI

Imperva: 32% of work data breaches could have been avoided

Operational Security

Supply chain cyberattacks seen as catastrophic for business

Cyber Security