Communications Minister Ossian Smyth has insisted there will be no “penny-pinching” when the government makes efforts to hire a director for the National Cyber Security Center (NCSC), while downplaying a suggestion that the salary should to be equal to up to € 290,000.
Smyth appeared before a committee of Oireachtas on Wednesday to be questioned about the response to the ransomware attack against the HSE.
The Communications Committee on Tuesday heard cybersecurity experts whose contributions raised questions about the salary offered to the NCSC director, as well as the level of funding for the organization’s work.
The NCSC, which currently has no one working in the new director role, is leading the response to the cyberattack on the health service.
The government had offered a salary of between 106,000 and 127,000 euros for the job and a person was selected before leaving for personal reasons.
Bláthnaid Carolan, an expert in cybersecurity recruitment, told the committee that similar functions in the private sector attract salaries of between € 220,000 and € 290,000 a year, with additional benefits and bonuses of between € 150,000 and € 200,000.
Pat Larkin, a former member of the Defense Forces who is the chief executive of cybersecurity company Ward Solutions, suggested that the NCSC’s budget should be “at least ten times” the $ 5.1 million it needs. they assign him this year. This would equate to UK per capita spending.
On Wednesday, Mr. Smyth told the committee that the salary range suggested by Carolan was “much higher” than the salaries paid for the corresponding jobs at other national cybersecurity centers of comparable size across Europe.
Smyth said he had no figures for those salaries.
He said the work is not “directly comparable” to someone who handles cybersecurity in a business operation and has “a different set of challenges.”
Smyth said he would recommend a higher salary for the role, but said he had not decided the figure and that it should be approved by the Cabinet.
He also said: “There will be no pinches here … it will not be the case that we pay badly or try to get a bargain. Everyone understands to what extent this role is absolutely critical.”
Smyth also said people consider it more than money when dealing with the NCSC.
“You have to pay good and adequate salaries, but people are proud to work at the NCSC. They protect their country … It’s a high-status job and it’s a job that people are proud to do.”
Committee chairman Kieran O’Donnell asked for Larkin’s suggestion that the organisation’s funding should be € 50 million if it were to be brought to UK levels.
Smyth said that when wage costs are taken into account, funding is about 7 million euros this year and that its operating budget has experienced a “considerable increase” compared to 2020.
He said: “It is clear that the UK is in a completely different situation. They are a nuclear power, they have a different type of safety device.
“They have GCHQ [Government Communications Headquarters], perform massive intelligence surveillance …
“We have a very different configuration. Our cybersecurity role has different roles and responsibilities compared to what is run in the UK. ”
Earlier, Mr Smyth had referred to comments on NCSC funding and said it was important to remember that “very substantial investments” were also made in cybersecurity by government departments and public sector bodies in their own computer security infrastructure and computer security. staff.
He said that these are “many multiples of the figure of 5 million euros that has been quoted.”