Oireachtas Joint and Select Committees
Wednesday, 22 September 2021
Joint Oireachtas Committee on Transport, Tourism and Sport
National Cyber Security Centre Review: Discussion
The NCSC has a policy of trying to publish as much information as possible on its website. This is open communication. Most of what is being done is not secret and does not need to be hidden from people. Most of the information about how to protect yourself in terms of cybersecurity is open, public information that everybody can read about. If one goes on the NCSC's website, one will see that it releases information all the time. It has different levels of release. There are releases that are issued to all of the public and there are others that are issued directly to operators of essential services or to people who run critical infrastructure. In general, the things that need to be done to protect oneself against cyberattack are fairly straightforward and well known. There is a set of instructions for what one has to do to protect one's network. Those guidelines for critical infrastructure providers are published on the NCSC website. They were not published in reaction to this attack. They have been there for years. These are 2019 guidelines on how to protect one's critical infrastructure network. Anybody can read them. While an attacker could read them too, they start from simplest things, such as using two-factor authentication, having complex passwords and so on. This is a whole guide on the things that one needs to do to protect oneself. The information about this is to be shared in as public and transparent a way as possible.