David Stanton (Cork East, Fine Gael)
Link to this: Individually | In context | Oireachtas source

85. To ask the Minister for Communications, Climate Action and Environment the preparations being taken to protect against further cyberattacks such as that experienced on the health service in May 2021; and if he will make a statement on the matter. [9295/22]

David Stanton (Cork East, Fine Gael)
Link to this: Individually | In context | Oireachtas source

This morning, we have seen attacks by land, sea and air on the people of Ukraine. It is unbelievably awful. However, there is another arena of attack, which is cyberspace. Given that we experienced such an attack on our health service in May 2021, what has been done to date to strengthen our defences in this area? That attack cost tens of millions and showed we are vulnerable to this very new area of attack.

Eamon Ryan (Dublin Bay South, Green Party)
Link to this: Individually | In context | Oireachtas source

The National Cyber Security Centre, NCSC, which is located in my Department, has a broad remit across the cybersecurity of Government, ICT infrastructure and critical national infrastructure. In the immediate aftermath of the ransomware attack on the HSE, the NCSC led the national response process and took measures to protect other critical infrastructure operators. This included rapidly disseminating indicators of compromise and relevant guidance to ensure the cybercriminals behind the cyberattack could not threaten other vital services. The NCSC has worked with the HSE to learn lessons from that incident and these have been incorporated into the centre's ongoing engagement with operators of essential services in the health and other sectors. The NCSC continues to support the HSE as the latter enhances the security and resilience of its network and services.

The NCSC has a particular focus on supporting Government networks and public bodies. In collaboration with a cross-departmental group drawn from across the public service, it recently published the baseline cybersecurity standard to be applied by all Departments and Government agencies. In addition, the computer security incident response team, CSIRT, based within the NCSC, has developed and deployed technology on the infrastructure of Departments to detect and warn of certain type of threats.

The Government has committed to the further development of the NCSC, including through the provision of a new permanent facility at my Department's redeveloped headquarters in Beggar's Bush, funding to support a five-year technology strategy, and the drafting of primary legislation to provide a clear mandate and authority for the NCSC. This is in addition to the expansion in staffing at the centre, which will see staff numbers increase by 20 before the end of this year and to more than 70 in the next five years. There have been three dedicated recruitment competitions launched in recent months by the NCSC, with another opening later this week. The Government will provide all necessary support to the centre to ensure it can fulfil its important role in the years to come.

David Stanton (Cork East, Fine Gael)
Link to this: Individually | In context | Oireachtas source

I thank the Minister for his response, the work being done in this area and his acknowledgement of how critical it is. He talked about State and Government bodies being protected. What are his views on the security of mobile telephone platforms? How sure is he, for instance, that his own mobile telephone has not been hacked when he has visited other jurisdictions, or even here in Ireland? I was recently told that a number of people in this jurisdiction have had their telephones hacked in a way that meant they were not, and could not, be aware of it. Such hacking methods mean people's mobility, location and whom they are with can be tracked. Hackers can even listen into people's conversations. An expert approached me recently who is extremely worried about this, stating our mobile telephone platforms are very vulnerable. In the context of the whole cybersecurity issue, will the Minister give us some assurances or information on what is being done regarding those platforms?

Eamon Ryan (Dublin Bay South, Green Party)
Link to this: Individually | In context | Oireachtas source

The Deputy is right to raise concerns about security on mobile telephone devices. Everyone, even within the industry, recognises it is a real issue. There is much public debate on issues such as Ministers having a Garda driver and so on. In discussions with officials recently, we all agreed we need Garda security on our mobile communications system as much as we need a Garda driver. That sort of protection and advice is being developed and put in place. No individual should assume his or her device is fully secure, regardless of whatever security measures might be taken. My understanding is it is better to err on the side of caution and, as I say to anyone to whom I give advice on this issue, to presume that anything one does online, which is what our mobile telephones are increasingly used for, could be made public and should be treated as such.

David Stanton (Cork East, Fine Gael)
Link to this: Individually | In context | Oireachtas source

The Minister has acknowledged that this issue is extremely serious. Has any communication been entered into with the mobile telephone operators in this regard? They control these platforms and are mainly based outside the jurisdiction. Has any contact been made with the very large IT companies that operate here? Their expertise might be availed of on this issue. It is an extremely serious matter. The mobile telephone can be a window and avenue into gathering other information, including very sensitive information, especially on people working in business and industry at a high level as well as Ministers and others who are part of the State apparatus. I urge the Minister to treat this matter very seriously and come back to us at a future date with what is being done on mobile telephone security.

Ruairi Ó Murchú (Louth, Sinn Fein)
Link to this: Individually | In context | Oireachtas source

Will the Minister give an update on the information the NCSC gave to critical infrastructure companies in the past while? Given the difficulties that exist at this-----

Marc Ó Cathasaigh (Waterford, Green Party)
Link to this: Individually | In context | Oireachtas source

It is a stretch to call the Deputy's question supplementary to the question that was put. I will give him a couple more seconds but it is a stretch for sure.

Ruairi Ó Murchú (Louth, Sinn Fein)
Link to this: Individually | In context | Oireachtas source

I am not sure it is. I ask the Minister for an update in that regard, given this morning's events involving the Russian invasion. Beyond that, a task force on telephone scams and hacking is meeting at this time. Does he have any update on how it is operating?

Eamon Ryan (Dublin Bay South, Green Party)
Link to this: Individually | In context | Oireachtas source

As I said, I have been in touch with the director of the NCSC in recent days to get an update on the particular situation we are in at the moment.

I agree with Deputy Stanton that we have to do more and we are looking and working in co-operation with network operators to improve our security and to make sure they maximise security on their networks.

The NCSC publishes a lot of its material. It is well-regarded internationally because it is seen to be trustworthy and prompt in sharing information. A lot of its online communications are accessible, well-regarded and well-used. It has to be careful that it does not publish everything and it has to have levels of what information it can give out and it has protocols for same. We have to follow those protocols as well in what we can say.