Professor Donna O'Shea, a Principal Investigator with the Bernal Institute and faculty member at the School of Engineering, discusses the importance of cyber resilience in interconnected systems and why digital sovereignty is central to cybersecurity.
“Digital systems are now deeply embedded in how we live, work, and interact – from energy and transport to manufacturing and healthcare,” says Prof Donna O’Shea.
“A successful cyberattack on these digital and often critical infrastructures can have devastating financial and societal consequences. We’ve already seen fuel pipelines shut down, logistics operations halted, factory production stopped and power grids disrupted.”
O’Shea – who previously held the position of chair of cybersecurity at Munster Technological University – is chair of digital engineering at University of Limerick (UL), where she focuses on cybersecurity. Her research is centred on building resilient and secure digital engineering ecosystems in the context of cybersecurity, interoperability and explainability.
O’Shea’s focus on ensuring resilience in digital infrastructure extends across the island of Ireland, as seen in the CyberUnite project – an initiative co-led by O’Shea and Queen’s University Belfast’s Dr Kieran McLaughlin that aims to enhance the cybersecurity of cross-border critical infrastructure.
In August, CyberUnite was one of four research collaborations to receive funding from the Irish Government, with each project receiving up to €4m over a four-year period.
Secure infrastructure
“My research is important as it helps make sure that cybersecurity doesn’t become the linchpin that holds back progress in digitalisation and digital engineering,” O’Shea explains to SiliconRepublic.com. “Instead, it enables innovation by embedding security into the design of future systems.
“It also contributes to the development of resilient digital ecosystems – ones that can withstand disruption, safeguard users and continue to deliver societal value in an increasingly complex and interconnected world.”
As part of her research, O’Shea works on modelling complex, interconnected systems, often involving embedded technologies and heterogeneous networks, and applying AI to make these systems “more robust and secure”.
One example of her work involves smart grids, which are modernised electricity networks that allow two-way flows of energy and data.
“While smart meters offer benefits like accurate billing and energy efficiency, they also collect detailed information about household energy usage – which can reveal patterns about when people are home, what devices they use and even lifestyle habits,” says O’Shea. “That raises serious privacy concerns, especially as this data is shared across networks and third-party systems.
“To tackle this, we developed a technique called Enhanced Differential Privacy with Noise Cancellation (E-DPNCT), a method that helps protect personal energy data from being reconstructed or misused, even in cases where multiple entities might collude to access it.”
Supply chains and AI
O’Shea says that as digital systems become more interconnected, cybersecurity faces new challenges.
She says one of the most important topics in cybersecurity at the moment is third-party and supply chain security, “where a single vulnerability in a trusted provider can cascade across an entire ecosystem”.
She uses the example of the notorious SolarWinds attack in 2020, where malicious code was embedded into a routine update and distributed to thousands of customers worldwide – leading to multiple government systems being affected, including NATO, the European Parliament and the US and UK governments.
“This incident exposed the fragility of digital trust and underscored the importance of emerging security principles and topics such as zero trust,” says O’Shea.
One cybersecurity topic that O’Shea believes deserves “far more attention” is the privacy risks associated with AI assistants (such as those that incorporate agentic AI) and autonomous tools such as ChatGPT and Microsoft Copilot.
“[These] systems have been designed to make decisions and take actions with minimal human intervention, improving automation and decision-making. However, the privacy challenges associated with these AI assistants have not been fully explored with risks including uncontrolled data access, inference and leakage risks, data retention and model memory, and user consent and control,” she says.
O’Shea thinks that more awareness is needed about these risks because AI assistants are “being integrated into enterprise environments at scale” and are increasingly used by citizens to perform everyday tasks.
“Without clear governance, transparency and privacy-by-design principles, these systems could inadvertently compromise personal and organisational data – undermining trust and introducing new vulnerabilities into already complex digital ecosystems,” she says.
Digital sovereignty
In the face of growing geopolitical tension and instability, the subject of digital sovereignty has received strong attention recently. For example, earlier this year Germany established a new digital ministry to improve technological independence and strengthen its digital sovereignty.
“The traditional notion of sovereignty – the power of a state to control its territory and make its own laws – has evolved in the age of digital technology,” says O’Shea. “Within Europe, digital sovereignty has become increasingly important and is about ensuring that European data, infrastructure and innovation are governed by European values and law, not by foreign interests.”
However, O’Shea adds that the pursuit of digital sovereignty is not without its challenges.
“A number of factors threaten Europe’s ability to control its own digital future. One of the most significant risks is dependence on non-EU technology providers,” she says. “Much of Europe’s data is stored and processed by US-based cloud companies, much of its telecommunications infrastructure relies on Chinese hardware manufacturers while most advanced semiconductors are controlled by a handful of companies outside the EU.”
This dependency, she says, means that European data and critical services can “fall under the reach of foreign jurisdictions”.
“This concentration raises concerns about the integrity and security of hardware, software and managed services, particularly when global tensions disrupt supply chains,” says O’Shea.
“Digital sovereignty is therefore central to cybersecurity: without control over data, technologies and infrastructure, nations cannot fully defend against cyberthreats or protect their citizens’ privacy and security.”