Report finds the NCSC is under resourced and over tasked

A capacity review into the National Cyber Security Centre (NCSC) Ireland was carried out by consultants between January and March 2021.

The National Cyber Security Centre Ireland is “under-resourced and over-tasked” and does not have the “organisational design or capacity” to meet its goals, a confidential report has found.

According to a report in The Irish Times, a capacity review into the NCSC was carried out by consultants between January and March of this year which compared the centre to other organisations of a similar scope internationally.

The confidential report from the consultants found that a “significant burden” rests on the cyber centre to deliver against the national strategy but “based on our review, it does not currently have the organisational design or capacity to achieve all of the objectives.”

It also anticipated a “considerable strain” being added to the centre in the coming years with forthcoming cyber initiatives planned in the EU.

The report found that in terms of wider engagement with national infrastructure, the NCSC is “under-resourced and over-tasked” when providing advice to around 120 operators of essential services.

The review has made 45 recommendations including to develop a cross-Government taskforce; to develop a strategy for the NCSC; and to ensure legislation allows for the detection and disruption of “sophisticated threat actors” and to enhance the technical monitoring capabilities.

The consultants found the workload in the centre has increased significantly since its inception and they also raised concerns about the fact it acts as an advisor and regulator in some sectors.

The report called for an increased headcount and said the operations team should be augmented “as a priority” to include a dedicated intelligence team.

It also called for the development of a five-year strategy that would outline the role of the NCSC as the clear lead authority in cyber security within the State.

Overall the report found leadership in the centre to have a: “clear understanding of the organisation’s role and purpose, as well as a good understanding of how they would like it to develop".

The report went on to say: "However, legislation that gives ‘statutory legal vires’ to the full operation of cyber security capability required by NCSC is critical for an effective future operational posture.

“Future legislation should provide an explicit mandate for NCSC to properly monitor for cyber threats; establish its status as an independent organisation; define its remit within the national security framework of which cyber security is a critical domain and secure a defined single budget to enable longer term planning and capability development," the report added.

Share

Featured Articles

Why CISOs Remain Crucial in the Age of Rampant Ransomware

As ransomware attacks escalate, the CISO has emerged as an indispensable guardian for the cybersecurity of companies

Q&A: Protiviti's Sameer Ansari on CISOs' Growing Challenges

Managing Director - Global Cybersecurity and Privacy Lead at Protiviti, Sameer Ansari discusses his views on the growing challenges CISOs now face

How Partnerships Proved Pivotal for UnitedHealth After Hack

When hackers hit UnitedHealth subsidiary Change Healthcare with a huge cyber attack, its partnership with Vyne Dental proved pivotal in managing fallout.

Transforming Cybersecurity: IBM & Palo Alto's AI Integration

Technology & AI

C-suite Indifference to Cyber Could Cost Business £145k

Operational Security

Why Avast Warn of Social Engineering in Cybersecurity

Operational Security