The National Cyber Security Centre (NCSC) has held a successful emergency exercise – simulating the national response to a hypothetical cyber incident affecting Ireland’s energy sector.
The aim of the exercise, which took place in the National Emergency Coordination Centre yesterday, was to test the procedures outlined in the National Cyber Emergency Plan to ensure that the Government, State agencies and relevant stakeholders are prepared to effectively respond to a large-scale cyber incident impacting critical national infrastructure. Routine cyber exercises are part of ongoing contingency planning at the Government level and are crucial to ensure a coordinated response to emergencies.
Several public and private entities, including An Garda Síochána, representatives from various Government Departments, the Defence Forces, ESB Networks, EirGrid, Gas Networks Ireland, the Commission for the Regulation of Utilities and a third-party cyber incident provider took part in the exercise. ESB Networks, EirGrid and Gas Networks Ireland have robust and tested procedures in place to deal with emergencies of this nature.
The National Cyber Emergency Plan sets out the approach for responding to hypothetical serious cyber-security incidents that affect the confidentiality, integrity, and availability of nationally important information technology and operational technology systems and networks. It describes the definition of a ‘cyber emergency’ and sets out the trigger points for the plan to be invoked, which would require the National Emergency Coordination Group (Cyber) to be convened, chaired by the Director of the National Cyber Security Centre.
Speaking after the exercise, the Director of the NCSC, Richard Browne, said: “The scenario outlining a series of escalating cyber incidents in the energy sector was a complex and challenging reminder of the difficulties associated with coordinating a whole-of-Government response to national-level crises. The exercise also allowed us to test and coordinate with our partners across the public and private sector, including An Garda Síochána, the Defence Forces and the main energy providers and regulators, leaving us better prepared to collaborate during any real-life situations.”
Learnings and outputs from yesterday’s exercise will be used to further refine the National Cyber Emergency Plan and inform future exercises.