The government has announced that it has joined the Microsoft Government Security Program (GSP) to assist with defending critical national infrastructure against cyber-attacks.
Participating in the program will allow the state controlled access to source code, exchange of threat and early warning vulnerability information, and the ability to engage on technical content about Microsoft's products and services.
The move comes more than a year after the HSE suffered a high profile ransomware attack that resulted in disruptions to care, IT shutdowns and patient and employee data breaches, and could ultimately cost the state up to €100m.
"Microsoft products are widely used by both public and private bodies. This new partnership between Microsoft and Ireland will be a key enabler in protecting the State’s digital infrastructure from cyber threats," Minister of State with with responsibility for Communications, eGovernment and Circular Economy Ossian Smyth said of the announcement.
On a visit to Microsoft’s headquarters in Redmond, Washington, Dr Richard Browne, director of Ireland's National Cyber Security Centre (NCSC), said: “Microsoft and the NCSC have worked closely together on a number of cyber-security issues over the past several years.
"Today’s announcement formalises that cooperation. Participation in Microsoft’s Government Security Program provides another important resource which the NCSC can use in defending the government and critical infrastructure from the persistent threat of cyber-attacks.”
Commenting on the announcement, Dr Frank O’Donnell, public sector lead at Microsoft Ireland, said: “Microsoft is delighted to welcome the Irish Government to the Microsoft Government Security Program, joining over 45 other countries and international organisations represented by over 90 agencies.
We look forward to working with the government to build further trust through transparency.”
In addition to visiting Microsoft and touring its Digital Crimes Unit, Minister Smyth and Dr Browne attended a series of engagements on the west coast the United States with a number of public representatives, IT companies and cyber-security companies.
A PwC report into the HSE attack found that it had been caused by the opening of a phishing email; that the health service was operating a "frail" IT system; and that it had failed to film a number of roles in cybersecurity.
Photo: Richard Browne (left) and NCSC head of engineering Kieran Duane (right), pictured with the principal program manager of Microsoft’s GSP Bruce Cowper (centre) on a visit to Microsoft’s Digital Crimes Unit in Redmond, Washington.