Dr. Richard Browne:

We do not have any statutory power to compel anybody to do anything in this space. In practical terms, it would be difficult to do it because, given procurement law, each entity has to make its own procurement decisions, so you cannot actually tell people what to buy or not to buy, although there are measures you can take to help people make better decisions. We have work ongoing with the Office of Government Procurement, OGP, on some other future-facing challenges, which I will not go into right now, whereby we can ensure that when they contract for framework contracts in IT or cybersecurity, they do so in a way that is secure, risk-appropriate and manages the broader challenges in this area properly. There are further powers that we will be looking at in the context of the mid-term review, which will be made public in due course.

To move on, the last question was on the interaction. I always say in public that cyber is a confounding policy area in the sense that it is in everything, so cyber is in every part of all of our daily lives right now, whether we know it or not - in services, in government, in whatever we touch or use - but also, because of its embedded nature, it is in every single part of Government policy. We have ongoing and very wide interaction across all parts of government, including many different parts of the Defence Forces - in the CIS Corps, in military intelligence, in the operations branch and in other parts of the Defence Forces. The same thing applies to the Garda. We have close co-operation with cybercrime and with the fraud elements of the Garda, with security intelligence and with Garda headquarters. This interaction is ongoing, structured and coherent. Again, there will be more on aspects of that, particularly in the context of ransomware, in the mid-term review.