The National Cyber Security Centre has released its National Cyber Emergency Plan (NCEP), outlining the process by which a national cyber emergency is declared, managed and co-ordinated.

The plan follows sector-specific emergency exercises in 2022 and 2023, as well as lessons learned from the HSE ransomware attack in 2021.

The ransomware as a service (RaaS) attack is still the largest known attack against a health service computer system in history. The attackers also went after the healthcare industry in Australia, Colombia, France, Germany, India, Italy, Netherlands, the UK and the US that year.

One of the findings was that the HSE did not have a centralised cybersecurity function that managed cybersecurity risk and controls. It also found that time was lost during the response due to a lack of pre-planning for high impact technology events.

The new NCEP sets out the national approach for responding to serious cyber security incidents that affect the confidentiality, integrity, and availability of nationally important information technology and operational technology systems and networks.

The plan includes three co-operation modes: permanent mode, which relates to the normal course of business; warning mode, which is activated when there is a heightened risk emerging in a specific sector; and full activation mode, when an incident becomes a national cyber emergency.

The latter mode may also be activated if a large-scale cybersecurity incident is identified by the CyCLONe network at EU level or other international peer organisations.

According to the document, cyber security incidents are diverse by their nature and there are a vast range of potential scenarios where the plan may be initiated.

“This, in turn, has ensured that a very flexible response process has been in-built during its development,” it says.

NCSC director Richard Brown said responding to cyber security emergencies effectively at a national level is a complex undertaking due to the very wide range of potential incidents.

“This plan establishes an architecture for coordinating the government response in accordance with Irish and European legislation and policy,” Mr Brown said.

The plan has been developed in alignment with the strategic emergency management national structure and framework, and establishes the structures for co-ordinating a “whole of society” approach to preparing for and responding to a cyber emergency.