Duncan Smith (Dublin Fingal, Labour) | Oireachtas source

I thank the Minister of State for his opening statement and contributions, as well as for filling in the gaps about the NCSC's capacity and how it works over the last few days. He mentioned that the NCSC's work involves cybersecurity resilience through a range of initiatives, including hosting seminars and workshops, and working with Government agencies and Departments in that regard. Does the NCSC perform audits on Government agencies? Does it have that power? Is it within its remit to go to an agency and say it is going to do a rundown of its system and if it sees any issues they can work through them? Would that all have to come to the NCSC from the agencies? If a systemic flaw or weakness is found, does the NCSC have any powers to compel an agency to fix it? Obviously one would imagine it is in an agency's best interests to fix any weaknesses that are found but has there ever been a case where an agency said it did not have the funding to fix any structural issues, against NCSC advice? How does that dynamic work? What powers does the NCSC have in that regard?