Oireachtas Joint and Select Committees

Wednesday, 22 September 2021

Joint Oireachtas Committee on Transport, Tourism and Sport

National Cyber Security Centre Review: Discussion

Photo of Cathal CroweCathal Crowe (Clare, Fianna Fail) | Oireachtas source

Small village, big school. What we are talking about here is essential command of cybersecurity, whereby the Government will build resilience, and rightly so. However, when you get out beyond the HSE, the Houses of Parliament and all the Departments based here in Dublin, there are schools dotted right throughout the country, local healthcare centres managed by the HSE and small rural Garda stations. Eighteen months ago, I worked in a classroom in one of those schools. There was a computer with Windows XP installed on it. That computer would sit in a classroom. The teacher might change each year because we could be moved up to sixth class or down to junior infants or anywhere in between, so a different person would come in. Some of the computers in primary schools would not even be password-protected. Our school had a regime for that but many schools would not. Those computers in some ways are probably not too different from what the HSE has. There would be a whole plethora of reports relating to a child's abilities or psychological needs. There could be comments relating to discipline, their attainment in tests, standardised and non-standardised - a whole litany of information that is relevant to the teacher but which, if it got beyond the realm of the classroom and out into the public domain, would be pretty upsetting to students and parents, who would take huge offence at the school. What I am getting to - and our Chairperson alluded to this just a moment ago - is that if the HSE has 30,000 PCs that have Windows 7 as their operating system. I am in a position to tell the Minister of State anecdotally that the schools around Ireland have antiquated laptops and computers, a lot of them not properly protected whatsoever. That is a matter of real concern for me. It concerns me that we will have essential command of robust cybersecurity but then, when you go down to the tentacles and go out of the spokes of the wheel to all those small schools, Garda stations and health centres, there just is not that protection. It is fine having "mothership government" protected, but I do not think that protection will be there. I am not convinced that 70 staff working centrally for cybersecurity across a five-year period will have the capacity either. The arms and the tentacles of government invested very heavily in freedom of information, and there is a freedom of information officer in pretty much every public body and they are robustly protected. However, we really need to see this capacity built not just centrally but to all those schools. How will the Department do that? That is what I would like to know.


No comments

Log in or join to post a public comment.