OE Editorials: Ireland's "Cyber Pandemic"

Speaking at the opening of the World Economic Forum's Cyber Polygon internet security conference, which took place on July 9th of 2020, founder and executive chairman of the WEF Klaus Schwab made the following remarks:

“We all know, but still pay insufficient attention to, the frightening scenario of a comprehensive cyber attack, which would bring a complete halt to the power supply, transportation, hospital services, our society as a whole”

While cyber attacks are now a relatively common occurrence in an increasing digitalised world, society-damaging (or even collapsing) ones the like of which Mr. Schwab alludes to are currently not. However, over the last couple of weeks we have seen two very serious events take place, one on the US Colonial pipeline and another closer to home on the HSE and Ministry of Health servers.

In the same vein as many of his uncannily accurate remarks on the course of the Covid-19 pandemic response and in light of these recent serious internet security breaches, it seems we may conclude that Schwab and his organisation are one of three things: very lucky guessers, visionaries with an almost psychic ability to predict unprecedented black swan events, or, it could even be alleged, a bit more knowledgeable about such events than they are letting on.

When a closer look is taken there are many oddities and peculiarities surrounding this sudden surge in cyber-crime, including the fact that the attack on and shutting down of HSE systems came hot on the heels of revelations of embarrassing inaccuracies in official figures, including Group 4 of the national vaccination schedule showing a vaccination rate in excess of 110%.

In 2019 health watchdog HIQA warned the HSE that its computerised infectious disease reporting management system needed to be “fit for purpose” .Towards the end of last year a significant backlog in Covid-19 case numbers developed as the CIDR database system was unable to handle case numbers above 2,000.

It is at the very least unusual and fortuitous for those who would have been potentially made to answer for the gross inadequacies of the existing systems that they may have been let off the hook with news of the recent data breach and a potential rethinking of HSE and ministry data frameworks on the cards.

The question must be asked: with so much data affected and potentially missing, how can we trust the government to make well-informed, data-driven public health decisions from here on in with little accurate data to go on? There are signs that, even before this event, the data available was not fit for purpose. So where does that leave us going forward?

In addition is interesting to note the comments of Minister of State Jack Chambers who remarked that the Commission on the Future of the Defence Forces was considering the matter, with the priority being the strengthening of cyber security “for both State and private organisations”. While this message may seem the expected reaction to a serious data breach such as this, one must wonder what business the defence forces have in getting involved in cyber security.

It seems hard to predict how the situation will evolve from here, especially as this kind of cyber security bypass is relatively unprecedented in the Republic of Ireland, but it may be worth keeping in mind what happened in the United States in 2001, where a panic-stricken nation in the wake of 9/11 was placed under greatly increased telecommunication and online surveillance by the signing in of the Patriot Act by sitting president George W. Bush.

The official line was of course that this unprecedented increase in domestic surveillance had to be brought in to protect the people of America from the threat of terrorism, regardless of the loss of privacy of ordinary American citizens. It was only through statements from whistle-blowers such as Edward Snowden that it eventually entered public awareness that these heightened emergency surveillance powers were being used for a little more than met the eye.

While it may be the case that this recent wave of cyber attacks at home and overseas does not result in very much in the short term, it serves as another warning that we must always be wary of public figures promising us increased security at the cost of surrendering further privacy and civil liberties. If we really are facing, as the World Economic Forum believe, a serious wave of cyber-crime threatening national infrastructure, it is the cyber-criminals involved who must pay the price for their actions, not the ordinary citizens of Ireland and the world.

The World Economic Forum's next annual Cyber Polygon event takes place on July 9th, it may be worth keeping a very close eye on.