National Cyber Risk Assessment

The completion of a National Cyber Risk Assessment was one of the key measures identified in the 'National Cyber Security Strategy 2019-2024’. Measure four of the strategy stated that the National Cyber Security Centre (NCSC), with the assistance of the Defence Forces and An Garda Síochána, perform a detailed cyber security-focused risk assessment of all critical national infrastructure (CNI) within the State.

The National Cyber Risk Assessment 2022 report is the final output from the National Risk Assessment process, which was concluded in late 2022, with the assistance of a steering group consisting of members from An Garda Síochána, the Office of Emergency Planning, the Defence Forces, the National Security Analysis Centre, the Central Bank of Ireland, the Commission for Regulation of Utilities (CRU), and the Commission for Communications Regulation (Comreg).

The report examines the systemic cyber risks faced by the States critical services from a range of threats such as espionage, destructive cyber-attacks posed by nation state and criminal actors and hacktivist groups. There are three key recommendations in the report to strengthen the cyber resilience in the State, which have been incorporated into the mid-term review of the National Cyber Security Strategy 2019-2024:

1. Strengthen legislative provisions to ensure that the operators of essential and important services, service providers, and technology vendors embed appropriate cyber security measures in their products and services from the outset.
2. Develop a framework to manage strategic supply chain dependency risks for critical and sensitive services.
3. Establish a central register of all essential and important entities in the State.

A copy of the report is available on the Department of the Environment, Climate and Communications website at the following link: https://www.gov.ie/en/publication/5a871-national-cyber-risk-assessment-2022/