Ossian Smyth (Dún Laoghaire, Green Party) | Oireachtas source

That is a good question. On EU legislation there is the directive on security of network and information systems, NIS, which has been transposed into Irish law. There is a new NIS directive, NIS 2, coming. That is part of the legislative agenda. We also planned in the 2019 strategy to have primary legislation to deal with cybersecurity. That is being developed at the moment. That is on the legislative agenda as well, just to give the Deputy an idea of what is coming.

Of the 150 organisations that are helped in their cybersecurity by the NCSC, approximately 70 are categorised as operators of essential services. The HSE is one of those. Then there are Departments and, for example, large commercial facilities that also work with us and get advice, the research we share and information about threats. If there is an incident, the incident response team can come in and help them, just as they have done with the HSE.

There is an analogy here with the fire service. The fire service is there, they come out when someone has a fire and then offer information about fire protection. However, every organisation is responsible for doing its own protection, taking due caution and making sure that it has protected itself.