During the Belle Époque in January, the country devoted itself to its favorite sport: cheering on the underdog. A fleet of Irish fishermen prepared to sail against the Russian Navy, which was planning live-arms exercises in Irish fishing waters off the south-west coast. “We are not averse to danger in our industry – we are not shrinking violets,” Patrick Murphy, head of the Irish South & West Fish Producers Organisation, told US news channel MSNBC.
The Russian ambassador to Ireland, Yuriy Filatov, invited the fishermen to the embassy, and Russia duly announced that they would be relocating their naval exercises. Filatov told an Oireachtas committee the decision was made “on humanitarian grounds” to avoid “unnecessary hardship” on the Irish fishing industry. “Irish fishermen stare at Putin’s fleet and have won,” MSNBC announced.
It was a heartwarming story from a more innocent time. And as we now know, it was nonsense. For four weeks Russia has broken promises to open humanitarian corridors to allow civilians to escape from the besieged city of Mariupol in Ukraine; They did not move a naval drill out of humanitarian concern for Irish fishermen, honorable as those fishermen’s intervention may have been.
The Irish media and politicians fell for the thread Filatov spun. It took former Defense Forces Chief of Staff Mark Mellett to point out what actually happened. The incident is a classic example of “hybrid tactics,” he said.
“What she [the Russians] It was given the impression that it was the fishermen who were sorting it, not the government. And that paints the government as weak,” he said Irish times. “That’s what ‘Hybrid’ is about. Russia doesn’t need to get stronger. It just has to make the member states of the European Union look weaker.”
This type of “hybrid” activity exists in the so-called “grey zone,” which is inter-state conflict below the level of war. Other hybrid elements include coercive diplomacy, propaganda, intelligence operations, cyberattacks, military maneuvers, and implied nuclear and other threats, Cian Fitzgerald, a researcher at the Institute for International and European Affairs, explained in an article last week.
The entire naval exercise may have been a hybrid exercise from the start, with Russia’s intention to “instrumentalize” Ireland’s security deficiencies and “send a message to the EU and NATO that Europe’s western flank is vulnerable”.
“The Kremlin intervenes on the EU’s weak link,” was the headline in London Times. Mission accomplished.
On Wednesday, the director of Ireland’s National Cyber Security Centre, Richard Browne, told an Oireachtas committee that the risk of a direct cyber attack on the state or state bodies was “low”.
That could change quickly, he noted. That appeared to be changing on Thursday: the director of the UK’s Intelligence, Cyber and Security Agency, Jeremy Fleming, said the agency had information that “Russia’s cyber actors are looking for targets in the countries that resist their actions”.
Ireland has clearly identified itself as one of these countries; In fact, Ambassador Filatov told Russian state television last month that Ireland was “hostile to Russia and everything Russian”.
Stuart Madnick, a professor of internet technology at MIT, recently wrote that Ukraine has likely been used by Russia as a “live proving ground for its next generation of cyberweapons” and that the US and EU could be should a cyber war erupt in a targeted, because they support Ukraine.
A nuanced debate here about the nature of Irish neutrality is unlikely to be appreciated by a Russia that believes it is at war in all but name with the West as a whole.
How vulnerable are we to cyber attacks? Commissioned by the HSE from consultancy PwC, the report on the Conti cyberattack on the HSE is grimly absorbing reading.
This attack cost 600 million euros to repair and, as with any serious disruption to acute care, must have cost lives. And as PwC says, things could easily have been a lot worse: the attack was relatively straightforward, the attackers didn’t maximize damage, and they provided the decryption key without paying the ransom.
PwC commends HSE and hospital staff for “going above and beyond” in their response to the attack; In every other respect, however, the report is a litany of failures.
The HSE has a “vulnerable IT inventory”. His resources in critical IT functions are “significantly less than we would expect for an organization of this size”. It has not performed adequate contingency planning for a cyber attack. It had just 15 cybersecurity staff who “didn’t have the expertise and experience required.”
PwC noted that HSE vulnerabilities are not unique to HSE; It seems likely that many of them will be taken over by government agencies. Accordingly, in the UN Global Cybersecurity Index for 2020, Ireland ranks 46th between Tunisia and Nigeria and 28th in Europe.
Ireland is a global technology hub. As noted by the National Cyber Security Strategy, the country hosts more than 30 percent of all EU data.
It may seem ironic that the country is underserved when it comes to public sector cybersecurity, but in fact this is entirely consistent with the history of the Irish state: the state’s development model has relied on subcontracting of services to the private sector (including the Churches and charities): education, health and increasingly, in the neoliberal model of recent decades, social and business services.
Accordingly, more than 6,500 people are employed in cybersecurity in Ireland, and just 30 of those are employed at the National Cyber Security Center – fewer than many large companies, a cyber expert told me last week. (The NCSC intends to hire 20 more staff this year, increasing to 70 staff by 2024.)
Pat Larkin, CEO of Ward Solutions, a cyber security firm, himself a former Defense Forces officer, has described this model as subcontracting Ireland’s protection to “a cyber militia of in-house resources and cyber provider companies”.
Annual spending on cybersecurity by the Department of Communications (NCSC umbrella body) is €7.6 million. Pat Larkin believes it should be 50 million euros compared to our European neighbors. (The UK has pledged to spend £2.6bn or €3.1bn on “cyber and legacy IT” over the next three years.)
Ireland is “nowhere near the level of protection needed for this decade and the speed at which threats are evolving,” he told the Oireachtas committee last week.
Contrary to intuition, the defense forces have no role here: their cyber security mandate is limited to protecting their own networks. Even for that, its resources are inadequate, as the recent Defense Forces Commission has noted, with severe staffing shortages in the Communications and Information Services Corps.
In a clumsily worded but scathing assessment, the commission found: “The actual specification of key capabilities for military cyber defense and related aspects of combating hybrid warfare in the existing policy statements is actually low to negligible, despite the regular specification of cyber risks and hybrid threats.” .
One intriguing solution, which Mark Mellett described to me in an interview in 2019, could be to create a cyber unit in the Army Reserve (modeled after one in the US) that would draw reservists from the wealth of the US’s cyber reserve Private sector recruits would bring expertise here to reward them for their time and dedication with experiences and challenges they wouldn’t get in the private sector.
From courting fishermen to election meddling to cyber, Russia has shown itself to be extraordinarily creative in the gray area.
Ireland will need not only resources and determination, but also imagination and foresight if we are not to be once again exposed as a weak link in European security.
https://www.independent.ie/opinion/comment/russia-doesnt-need-to-get-stronger-all-it-needs-to-do-is-make-us-look-weaker-41514989.html Russia doesn’t have to get stronger: it just has to make us look weaker