Simon Harris (Wicklow, Fine Gael) | Oireachtas source

I thank Deputy Aindrias Moynihan for raising this important matter and keeping in contact with my office about it. This has been a stressful and worrying time for students and staff in the Munster Technological University campuses in Cork. I thank all of the staff in MTU for the incredible and tireless work they have put in over the past ten days in very difficult circumstances. We need to be clear that cybercrime and cyberterrorism are ever-present and growing threats to the safe operation of our institutions. The Deputy provided figures that show how prevalent cybercrime is becoming. It is a crime and we should always see it as such. It is an attempt to extort money through intimidation. In many ways, it is using a new technology to carry out old crimes, namely, theft and extortion.

Following the significant IT breach in Munster Technological University, my Department has been engaging with relevant stakeholders to understand the extent of the breach and its impacts on MTU students and staff. In my second role as Minister for Justice, I have been keeping in contact with the Garda about this and I am conscious of its ongoing efforts in this regard. MTU is working closely with the National Cyber Security Centre, NCSC, in relation to the breach. It is appropriate when a breach happens in any institution that it immediately connects with and plugs into the NCSC. MTU staff and students who may have been affected will now receive specific communications from MTU and all staff and students have been advised to remain extra vigilant to potential phishing attacks by email or SMS or other unsolicited communications. MTU has engaged specialist forensic services to review the nature of the data compromised and track any data that may leak online. The honest answer I must give to some of the Deputy's questions is that the work by specialist forensic services in analysing the exact extent of the data that may have been taken is ongoing.

An interim High Court injunction has been granted which prohibits the sale, publication, possession or other use of any data that may have been illegally taken from the university's systems. MTU has contingency plans in place for such an event and this means that core systems such as email, HR, finance, payroll and others are unaffected by this breach and continue to operate as normal. This has enabled the majority of MTU staff to continue working remotely and a return to teaching, which commenced on Monday of this week. MTU students and staff have been advised to check their email accounts and campus notice boards on a regular basis for guidance and updates. Further information and advice on how to spot and protect yourself against phishing attacks are available from the National Cyber Security Centre. MTU has taken swift action to respond to this issue and should be commended on that. I assure MTU and its staff and students that we will work closely to support them in every way we can.

On the Deputy's overall point, it is important that we recognise that cybercrime is a growing reality globally and in Ireland. As a result, we need to continue to beef up and further resource our structures to protect people, where possible, from such crimes. I am pleased to say that last year my Department confirmed significant multi-annual funding for cybersecurity resources to HEAnet to build cyber-resilience across our third level system. These resources will help equip HEAnet to expand the reach of its ICT security services offering to all eligible HEA client members, including institutions across the tertiary education system. The Department is also now providing funding to mobilise a sectoral security operations centre and security incident event management service via HEAnet to the education sector to mitigate the risks associated with cyberattacks through a consistent and comprehensive 24-7 detection and response capability. The 24-7 piece is important because these attacks are often timed to happen at weekends or during downtimes and bank holidays. We allocated €750,000 in 2022. I am pleased that, through the Estimates process and the Government's renewed focus on the issue of cybersecurity, an additional €3 million - a significant increase - has been allocated in 2023 for the development of cybersecurity services. Recurrent funding to the HEA, which is disbursed to individual institutions, can also be used for enhancement of IT systems.

See this speech in context