Jim O'Callaghan (Dublin Bay South, Fianna Fail)

I thank Deputy Byrne for raising this important issue. The reason I am here is because of the importance of it.

Deputy Byrne is well aware that cybersecurity threats pose a major risk to essential services and critical sectors in Ireland and throughout the world. One of the consequences of being a modern, successful economy is that this is the type of threat to which the country is exposed, I regret to say. I therefore welcome that Deputy Byrne has raised this issue. It is important for me to outline, not just to Deputy Byrne, but to the House, the measures taken by my Department to ensure the State’s cybersecurity resilience and preparedness are where they should be.

Deputy Byrne referred to the 2021 ransomware attack on the HSE. That was a very significant event from the point of view of the country and our preparedness for such cyberattacks. Since then, the National Cyber Security Centre has had a significant increase in its resources. It is essential that those resources have increased very significantly. Back in 2011, the NCSC only had four staff. At the end of 2024, it had 75 staff and an annual budget of €12 million. There is also a commitment in budget 2025 that the number of staff will increase by a further 30, bring it to more than 100 people working in the NCSC. The continued growth of the NCSC reflects the constantly evolving threat landscape and the importance of a resilient national network.

It is appropriate, and I welcome the fact, that the NCSC has come within the jurisdictional control of the Department of justice. Considering the threat posed to the country, it is appropriate that the Department of justice should have departmental and ministerial responsibility for issues concerning cyber threat attacks.

Deputy Byrne will also be aware that the European NIS2 directive also provides a major step forward for overall European cybersecurity and resilience. It will enhance cyber risk management in Ireland, including generating significant improvements in our capacity to protect against and respond to major incidents. Last July, the Government gave its approval to the priority drafting of the national cybersecurity Bill, which is currently being undertaken by my Department. That Bill will transpose the NIS2 directive into Irish law. It will also enhance the role of the NCSC, which will include national cybersecurity monitoring, resilience building, information sharing and the national incident response. It will give the NCSC specific powers to engage in a range of scanning-type activities to identify systems vulnerable to specific exploits.

The national cyber emergency plan was published in May 2024, and it sets out the national approach for responding to serious cybersecurity incidents that affect the confidentiality, integrity and availability of nationally important information technology and operational technology systems and networks. The NCSC is currently working on the national cyber risk assessment for 2025, which will take into account the changing international threat landscape.

As Deputy Byrne mentioned, it is regrettably the case that some of the attacks taking place on national cybersecurity networks are emanating from malign state actors. It is important that we be prepared in order to respond to and deter that.

Deputy Byrne referred to a number of international agreements. I am pleased to say that Ireland is an active participant in a number of UN and other international processes where issues of cybersecurity arise. Among these is the UN open-ended working group on security of and in the use of information and communication technologies, which was established to develop norms, rules, and principles for responsible state behaviour in cyberspace.

Ireland also participates in the Organization for Security and Co-operation in Europe, in particular as regards cybersecurity, conflict prevention and crisis management.

It is important to emphasise that we are prepared, but this is a constant risk and it is inevitable that we will be subject to further attacks in the future.

See this speech in context