A large, well-resourced military cyber command, capable of defending and deterring online attacks against the State, should be urgently established, the Commission on the Defence Forces is to recommend to the Government this week.
The “Information Command”, which would number up to 300 personnel, would be part of the Defence Forces and under the command of a general.
However it would rely heavily on civilian staff as well as reservists. Under the proposals, the command would play a frontline role in both detecting and deterring cyberattacks, countering misinformation and protecting the integrity of Irish elections from online interference.
The establishment of an Information Command is one of the headline recommendations contained in the final report of the commission which is expected to go to the Government this week.
The commission was established by Minister for Defence Simon Coveney in 2019 in response to concerns about the capabilities of the military and an ongoing retention crisis.
A draft version of the report currently in circulation contains recommendations for a comprehensive overhaul of the Defence Forces command and control structures, the creation of a new role of chief of defence and establishment of a joint strategic headquarters.
It laid out various options for increasing Defence Forces capabilities, including the possibility of increasing its current €1 billion budget by 300 per cent, allowing for the purchase of jet aircraft and additional naval vessels.
HSE damage
Sources warned that while many of these top-level recommendations will remain in the final report, some of the details have been altered since the first draft.
The initial draft of the report was subject to sharp criticism last year by the Defence Forces, which felt it was lacking in ambition.
Military sources said they believed the recommendation for a dedicated information command would be accepted by the Government in light of the cyberattack on the Health Service Executive last year which crippled the country’s health systems.
The proposed command would not be part of the Army, Naval Service or Air Corps but instead would be a joint command comprising personnel from all three branches.
It would form part of a whole-of-government approach to cyber defence and comprise soldiers from the Army’s existing Communications and Information Services (CIS) Corps and civilian experts.
In order to attract civilian expertise, the new command will have to offer terms of employment which differ significantly from those of standard military recruits, the commission believes. Uniforms and ranks will likely not be required of such employees and they will likely be exempt from military fitness requirements, sources said.
Offensive operations
Once it is sufficiently staffed, the hope is the command will be able to provide assistance to Government departments, the National Cyber Security Centre, the Garda Síochána and the planned Electoral Commission.
It will be made up of several sub-units, including deployable cyber units which could accompany overseas peacekeeping missions.
The concept of the command is based on similar structures set up in Sweden, Germany and the UK in recent years.
The commission’s report is not expected to specify whether the command should have the capability of performing offensive cyber operations, as well as defensive ones.
However, most of the foreign models it examined have such a capability.
The Defence Forces have struggled to attract and retain personnel with cyber expertise in recent years. However, there is a growing recognition within the organisation that cyber operations will have an prominent role in future domestic and overseas military operations.
This thinking is reflected, sources say, in the recent secondment of Defence Forces officers to the Nato Co-operative Cyber Defence Centre of Excellence in Estonia and the appointment last year of Irish Brig Gen Seán White as director of cyber defence of the European Union Military Staff.
The Representative Association of Commissioned Officers (Raco) welcomed the improved focus on resourcing the cyber domain, but warned that the defence sector would “have to get real about competitive pay and conditions if it is to attract and retain the necessary experts. Our recent pleas to government in this regard have fallen on deaf ears.”