The State is planning to identify ‘critical entities’ that are vital to the functioning of Irish society as it seeks to develop national resilience in the face of threats like natural disasters; terror attacks; political and social instability; and technological/infrastructural failure.
As part of a new strategy, entities will be designated as “critical” if they meet certain criteria, such as; providing one or more specified essential services; operates in Ireland, and has critical infrastructure located here; and if an incident involving the entity would significantly disrupt the provision of one or more essential services or affect the delivery of other essential services.
The Department of Defence yesterday published the first National Strategy on the Resilience of Critical Entities 2026-2029, which is intended to provide a guide to identifying critical entities and instruction as to how they ought to be supported so as to maintain and build resilience.
Writing in the strategy’s foreword, Minister for Defence Helen McEntee said that a resilient society is “essential for our national security, as well as our economic and social well-being”.
“This resilience relies on the continuous availability of a wide range of essential services including the water we drink, the food we eat, the energy that lights and heats our homes, the transport we depend on, and the health services that keep us healthy.
“Certain entities that provide these services are vital to the functioning of our society and are therefore classified as critical. These Critical Entities are significant, and they are increasingly interconnected and interdependent. Many of them are provided by private industry in partnership with the State. While the resilience of critical infrastructure has always been part of our emergency strategy in Ireland, we now recognise the need for a more strategic approach to enhance this area,” she said.
The national strategy aligns with EU regulations and directives on critical entity resilience, the intended outcome of which is more resilient essential services “to support our overall national resilience, based on an improved understanding of the risks to those services and their dependencies on other providers”.
Critical sectors covered by the regulations include energy; transport; banking; financial infrastructure; digital infrastructure; health; water; public administration; space; and food, and each sector is to be overseen by a ‘Competent Authority’ that among other tasks identifies critical entities.
Once identified as a critical identity, an organisation must conduct a risk assessment focused on the likelihood of occurrence and the associated negative impacts of hazards and threats across a range of ‘reasonable worst-case scenarios’ (RWCS) which have the potential to disrupt the provision of at least one essential service provided by the entity in question.
In considering their RWCS, its selection should include consideration of potential risks of a “cross-sectoral or cross-border nature, accidents, natural disasters, public health emergencies and hybrid threats and other antagonistic threats, including terrorist offences”.
Example scenarios provided by the Department include the “substantial failure” of technology and/or infrastructure, including as a result of a cyber attack; non-availability of a critical number of staff or staff members; failure of a key supplier or service provider; physical attacks, including intrusions and terrorist attacks; political and social instability; and failure of supporting utilities and services, including widespread power outages.
A focus in the strategy is on the emergence of “complex cross-sectoral dependencies”, which are particularly vulnerable to cascading impacts if one link in the chain is targeted.
In particular, the dependence on energy and telecommunications, the “digitisation of Critical Entities” and the growing importance of the digital infrastructure sector “further complicate the identification and management of these interdependencies,” the Department assesses.
