Minister for Justice and Equality, Mr. Charlie Flanagan, T.D.,

Dublin Information Sec 2018


I am delighted to be here today to open Dublin Information Sec 2018, Ireland's largest annual cyber security conference.


Firstly, I would like to acknowledge the work that has been undertaken by the organisers. We need only look at the agenda to see the breadth and complexity of the issues that arise in the cyber security field. There is a fascinating line up of speakers today and I have no doubt they will all be extremely informative. 


Cybersecurity matters because the extent to which society relies on digital technology is now so all-encompassing.  This technology can no longer be viewed as being at a remove from everyday life. Almost all aspects of our lives have a digital dimension, and while the ubiquity of connected devices - the “Internet of Things” - has brought truly massive benefits to our society, it has also opened up a number of new and unpredictable threats.


Increased interconnectedness means increased vulnerability to external interference, in the same way that a bridge linking two towns is only as strong as its weakest point. The advent of the Internet of Things means that connected devices will provide many millions more access points that threat actors can target to launch cyber-attacks. As we are all too well aware, cybercrime and attacks on information systems have become increasingly problematic and challenging across the world.  Cyber attacks can have a devastating effect on the finances and reputation of businesses and of course on individuals who can also be the target of serious crimes such as fraud and theft.


It is clear therefore that there is an intimate cross-over between the security and crime elements of malign cyber activity – they are increasingly becoming inseparable.

From the government’s point of view, while we take a cross cutting approach in tackling the threats posed by cybercrime and cyber security, the Department of Communications, Climate Action and Environment leads on matters relating to cyber security.  And I know that officials there are in the process of developing a new National Cyber Security Strategy, which is due to be published in early 2019 and is a follow on from the existing strategy.


My Department, on the other hand, is responsible for policy in relation to cybercrime and I would like to take this opportunity today to speak briefly about the measures we are taking to combat this fast growing and increasingly innovative form of crime. 


As noted by the UN Secretary General Antonio Guterres last May, cybercrime is now estimated to generate some $1.5 trillion USD in revenue per year. Some EU Member States now report that the recording of cybercrime offences may have surpassed those associated with traditional crimes. The incidence of cybercrime in Ireland has also significantly increased; according to a recent survey of industry by Price Waterhouse Coopers, in 2018 61% of Irish organisations reported that they had suffered cybercrime in the last two years, up from 44% in 2016. This represents an obvious concern for Ireland’s digital economy and for investors looking at Ireland as a business destination.


Given the ease of entry into cybercrime, the use of cyber tools and services by traditional organised crime groups is likely to become more commonplace, as these crime groups seek to enhance or expand their capabilities.


The governance of cyberspace is different to that in the offline world. This is because cyberspace is less regulated than the offline world and its control primarily resides with private, commercial entities. As such, the private sector, in cooperation with law enforcement, plays a crucial role in the regulation of cyberspace. The Irish Government and An Garda Síochána recognise the importance of collaboration with the private sector and the vital, partnership role of the cyber security industry in effectively policing cybercrime.


There is, of course, a significant role for strong legislation tackling cybercrime with effective, proportionate and dissuasive penalties.  Ireland has recently introduced legislation to deal with attacks on information systems and their data.  The Criminal Justice (Offences Relating to Information Systems) Act 2017 is the first piece of dedicated cybercrime legislation in this jurisdiction.  It seeks to protect information systems and infrastructures, and their important data, from cyberattacks from both within and outside the State. 


Various new legislative proposals are also being discussed at an EU level – for example, the recent EU Commission proposal on preventing the dissemination of terrorist content online, and my Department will play an active role in negotiating this proposed measure. 


Effectively tackling the threat posed by cyber criminals also necessitates specialist police units with the requisite expertise and resources. In September 2016 the Garda National Cyber Crime Bureau (GNCCB) was established. I am pleased to note that the head of the Bureau, Detective Superintendent Mick Gubbins, is due to address the conference later today. The GNCCB provides support to An Garda Síochána for cyber-enabled crime and aids in the investigation of cyber-dependant crime such as data breaches and distributional denial of service (DDOS) attacks. The GNCCB engages with industry and the public regarding awareness and prevention of these crimes and it also liaises with international law enforcement partners.


The availability of illegal content online, and particularly child abuse material, is also a matter of serious concern. Referrals to An Garda Síochána regarding child sexual material online have risen exponentially in recent years. In July 2017, An Garda Síochána established a dedicated Victim Identification Unit at the Garda National Cyber Crime Bureau. That unit’s main focus is the identification of victims of child sexual exploitation through the analysis of photographs and video recordings that have been made available on the internet. Since its establishment in July 2017, the Victim Identification Unit has identified 35 victims of child sexual exploitation.

Action is also being taken at Government level to address concerns in relation to online safety. Earlier this summer, the Taoiseach launched the first Action Plan for Online Safety. This plan sets out specific Government action to address online safety. My own Department leads on oversight of, legislative changes to criminal law, and liaison with An Garda Síochána on implementation and enforcement issues.


All of this being said, I would like to stress the importance of collaboration between law enforcement agencies and the private sector, in particular the vital, partnership role of the cyber security industry in effectively policing cybercrime. This is not an area of crime that can be combatted by State intervention alone. Cybercrime, by its very nature, knows no borders and easily crosses geographical, political and cultural boundaries.


In closing, it is essential that Government, industry, law enforcement, and other stakeholders continue to work on finding solutions to the threats posed by cyber crime and cyber security.  Raising awareness of the many forms and encouraging reporting are fundamental steps in tackling this criminality and industry has a key role to play in this regard.


By continuing the excellent levels of co-operation that have been developed to date and by forging new methods of collaboration with industry, I am confident that we can continue to successfully tackle the growth of cybercime and ensure a safer online society for the benefit of not only our own citizens and businesses operating in this State, but also for the wider global community as a whole.


Events such as today’s conference provide a forum for dialogue and the development of potential solutions for the future and this exploratory work is vital.

I wish you well in your discussions today and hope that your conference is productive and provides longer terms benefits to us all.