This particular CERT differs from what you can find in most other countries, since it's not government-backed and relies mainly on the good will of several security professionals.
To the best of your knowledge, why doesn't Ireland have a government-back CERT like most other countries?
That is a hard one to answer. As with all countries, the Irish government will state that cyber security is important and has been handled by various intergovernmental departments and committees over the past few years. But in reality I think the ambition has not been met with appropriate actions, which can be demonstrated by Ireland's failure to ratify the Council of Europe's Convention on Cybercrime, even though Ireland signed the treaty in 2002. I would also say that other issues, such as ensuring broadband is rolled out throughout the country, has taken precedent over setting up a CERT. Last year the Irish government started the process to develop a cyber-security strategy and we look forward to seeing what is published in that.
How did you come by the idea of being the person to start a CERT? What were the biggest challenges in the planning stage?
I had always felt that not having a CERT was a major weakness in Ireland's overall security, not only for individual organizations in Ireland to have an independent body to seek advice from but also to enable Ireland protect any technical innovation generated within the country, to protect our Critical Network Infrastructure and also act as a contact point in Ireland for other CERTs in coordinating response to cyber-attacks. So in 2004 when I started my own consulting business I took it as a personal project to work on getting a CERT established in Ireland. The most recent cybercrime survey carried out in Ireland, by ISSA Ireland and University College Dublin, highlight that 49% of companies surveyed suffered theft of IT assets while 30% were victims of Denial of Service attacks. I believe those figures demonstrate beyond doubt of the need for a CERT.
What were the biggest challenges in the planning stage?
The biggest challenge in the planning stage were:
(a) Getting stakeholder buy-in for the project. The majority of people and organisations I spoke to agreed that Ireland needed a CERT but none wanted to take the responsibility to set one up, nor to provide funding to do so.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.