Brian O'Shea (Waterford, Labour)
Link to this: Individually | In context

Question 65: To ask the Minister for Defence the steps he has taken to define and classify the risks and threats in the area of cyber security and defence; and if he will make a statement on the matter. [42930/08]

Willie O'Dea (Limerick East, Fianna Fail)
Link to this: Individually | In context

Cyber security, cyber crime and Internet security represent challenges that are constantly evolving and require vigilance and appropriate responses. Cyber security is multifaceted. The nature of the threat and the potential impact also varies considerably depending on the approach and objective of those with malicious intent.

Each State agency, business and individual should take every precaution with regard to security. Awareness of security, the risks and available safeguards, can be seen as the first line of defence for the security of information systems and networks. I am aware of considerable activity in this regard. My colleague, the Minister for Communications, Energy and Natural Resources, has undertaken a number of awareness campaigns aimed at individuals, SMEs, the education sector, the public sector and business.

My colleague, the Minister for Justice, Equality and Law Reform, and the Garda Síochána are also active in areas such as cyber crime and cyber bullying. The legislative programme includes the criminal justice (cybercrime) Bill, being prepared by the Department of Justice, Equality and Law Reform. This Bill gives effect to the Council of Europe Convention on Cybercrime as well as to the EU Framework Decision on attacks against information systems.

My Department and the Defence Forces focus on the risks and threats arising in the context of the roles laid down by Government for the Defence Forces. My Department and the Defence Forces implement a programme of continuous review of ICT security in order to keep up to date with current threat levels. This risk assessment is carried out by a high-level board comprising civil and military personnel and is supported by subgroups that carry out specific reviews where a security risk is identified. Detailed policies and guidelines are provided to all users of ICT systems and considerable resources are invested in assessing weaknesses and protecting systems against cyber attack and malicious security breaches. The Defence Forces take comprehensive measures with regard to the security of their information and communications systems when deployed in Ireland and overseas. Details of measures taken are not publicised for security reasons but, given the levels of upgrading and increased protection put in place in recent years, the vulnerability to such attacks has been greatly minimised.

Brian O'Shea (Waterford, Labour)
Link to this: Individually | In context

I thank the Minister for the reply. Could the Minister confirm that his is the lead Department in this area? Can the Minister assure the House that, if a cyber attack like the one mounted on Estonia in April and May 2007 were to occur here, we have the capability to minimise the effects of the attack as the Estonian authorities were capable of doing? Is he aware that during the five day war between Russia and Georgia, cyber warfare was engaged in by both belligerent parties in parallel with conventional military operations? Can he inform us of the international contacts he is developing in respect of this issue? My understanding is that there must be international co-operation in order to deal with the malevolent forces that engage in cyber warfare.

Willie O'Dea (Limerick East, Fianna Fail)
Link to this: Individually | In context

The Department of Defence is not the lead Department. We operate the same system as under the emergency planning provisions. Each Department is primarily responsible for its own security. The central, co-ordinating Department is the Department of Communications, Energy and Natural Resources. That has been agreed by the committee on emergency planning.

I am aware of the situation in Estonia, to which Deputy O'Shea adverted. We have invested much time and effort to develop systems to protect information accumulated by the State or other organisations. In the event of an attempted crime, the Garda Síochána is the relevant authority. The Department of Defence has been extremely active. We keep upgrading the equipment, we have people who are well clued in, we have a high level committee constantly assessing the risk of a cyber attack and we have sub-committees that focus on anything that is identified. I have had dozens of meetings with the emergency planning committee since I took over as Minister. It has had very little discussion on cyber crime. I get a threat assessment at each of those meetings, both from the Garda Síochána and from the military. Cyber crime has not featured. The risk of a cyber attack is regarded as being extremely low. However, in deference to Deputy O'Shea's interest in the matter and now that it has been brought to my attention, I will raise it at the meeting of the emergency planning committee due to be held before Christmas. Eleven Departments are represented on that committee and I will ask them to communicate with their own Departments and give me an update on the position.

On the international dimension, we have kept in touch with our international colleagues in this regard because it is a multinational operation. An interesting workshop is being organised by the OSCE for next March, which we hope to attend, on combating cyber crime on a multinational scale.

Brian O'Shea (Waterford, Labour)
Link to this: Individually | In context

I thank the Minister for undertaking to raise this issue at the next meeting of the emergency planning committee but he should seriously consider having the Department of Defence as the lead Department. I am aware that a cyber attack is seen as very unlikely but I am sure he will agree there is a need to be prepared for any eventuality, particularly as these sort of attacks can materialise out of nowhere and can be devastating because of the extent of the areas that can come under attack. It is not just the public Internet connections and information systems. It can attack bodies like the banking institutions and affect the exchange of information.

Willie O'Dea (Limerick East, Fianna Fail)
Link to this: Individually | In context

I agree with Deputy O'Shea about the possible devastating impact of such an attack. Considerable discussion has taken place on who should be the lead Department in this regard and after due consideration it was decided that the Department of Communications, Energy and Natural Resources should be the lead Department. I do not have time to go into all the factors that led to that conclusion but in the event of a cyber attack or a threatened cyber attack I, as chairman of the emergency planning committee, would convene a meeting of the committee. The Department of Defence would chair that operation but we will be depending on the Department of Communications, Energy and Natural Resources to co-ordinate the response across the different Departments.