Aindrias Moynihan (Cork North West, Fianna Fail)
Link to this: Individually | In context | Oireachtas source

It is approximately ten days since the cyberattack on Munster Technological University, MTU. Thankfully, students have been able to return to lectures and laboratories this week but, unfortunately, data from the cyberattack have been published on the dark web. I ask the Minister to outline the extent of the attack, including whether people's personal details have been compromised.

Local people have been asking about the data. MTU has some 13,000 students and over 1,000 staff. People have outlined concerns about the possible publication of their data. In addition to current students, there are tens of thousands of past students and staff and also parents who have been paying fees. They are also asking if their personal information has been impacted and at what point they will know about that.

I understand the HSE is issuing notices to people impacted by the cyberattack on its systems a year and a half ago. Many would have assumed that if they had not received correspondence by now, they were in the clear regarding that attack, so some were surprised to get a letter. How soon can people affected by the MTU cyberattack expect to be notified? Will a date be provided beyond which they can assume they are clear in the clear or are safe?

In addition to personal information, there could be research information, material the college was researching and information relating to intellectual property, preparation for patents, etc. Is any such intellectual property involved? Has it been encrypted, published or compromised in any way? Will the Minister clarify that? Past students seeking to engage in further education or make job applications may wish to access their data for transcripts. Is such information encrypted or is it accessible? Will the Minister outline the extent of the damage in that regard?

A recent International Data Corporation, IDC, survey of companies of various sizes across the US and Europe indicated that despite 85% of them having a playbook, preparation or recovery plan to deal with a cyberattack, 46% had been successfully attacked in the past three years. This figure refers only to companies that know they were attacked and admit it. Two thirds were forced to pay a ransom. The MTU attack is, unfortunately, not an isolated indecent. It seems that many different areas and organisations are being hit by ransomware. The same survey found that 43% of respondents had been hit more than once. What measures are now in place at MTU and other colleges to ensure they are protected from future cyberattacks? What measures are being taken with other colleges? Has the Minister met them to ensure they are prepared?

As I outlined, a cyberattack does not happen in isolation and steps such as exploratory probing efforts will often be taken beforehand. Was the MTU cyberattack caught on the first alert? Did the university's security system alert it? What happened in the case of any earlier probes? Did they go unnoticed or were they disregarded?

Simon Harris (Wicklow, Fine Gael)
Link to this: Individually | In context | Oireachtas source

I thank Deputy Aindrias Moynihan for raising this important matter and keeping in contact with my office about it. This has been a stressful and worrying time for students and staff in the Munster Technological University campuses in Cork. I thank all of the staff in MTU for the incredible and tireless work they have put in over the past ten days in very difficult circumstances. We need to be clear that cybercrime and cyberterrorism are ever-present and growing threats to the safe operation of our institutions. The Deputy provided figures that show how prevalent cybercrime is becoming. It is a crime and we should always see it as such. It is an attempt to extort money through intimidation. In many ways, it is using a new technology to carry out old crimes, namely, theft and extortion.

Following the significant IT breach in Munster Technological University, my Department has been engaging with relevant stakeholders to understand the extent of the breach and its impacts on MTU students and staff. In my second role as Minister for Justice, I have been keeping in contact with the Garda about this and I am conscious of its ongoing efforts in this regard. MTU is working closely with the National Cyber Security Centre, NCSC, in relation to the breach. It is appropriate when a breach happens in any institution that it immediately connects with and plugs into the NCSC. MTU staff and students who may have been affected will now receive specific communications from MTU and all staff and students have been advised to remain extra vigilant to potential phishing attacks by email or SMS or other unsolicited communications. MTU has engaged specialist forensic services to review the nature of the data compromised and track any data that may leak online. The honest answer I must give to some of the Deputy's questions is that the work by specialist forensic services in analysing the exact extent of the data that may have been taken is ongoing.

An interim High Court injunction has been granted which prohibits the sale, publication, possession or other use of any data that may have been illegally taken from the university's systems. MTU has contingency plans in place for such an event and this means that core systems such as email, HR, finance, payroll and others are unaffected by this breach and continue to operate as normal. This has enabled the majority of MTU staff to continue working remotely and a return to teaching, which commenced on Monday of this week. MTU students and staff have been advised to check their email accounts and campus notice boards on a regular basis for guidance and updates. Further information and advice on how to spot and protect yourself against phishing attacks are available from the National Cyber Security Centre. MTU has taken swift action to respond to this issue and should be commended on that. I assure MTU and its staff and students that we will work closely to support them in every way we can.

On the Deputy's overall point, it is important that we recognise that cybercrime is a growing reality globally and in Ireland. As a result, we need to continue to beef up and further resource our structures to protect people, where possible, from such crimes. I am pleased to say that last year my Department confirmed significant multi-annual funding for cybersecurity resources to HEAnet to build cyber-resilience across our third level system. These resources will help equip HEAnet to expand the reach of its ICT security services offering to all eligible HEA client members, including institutions across the tertiary education system. The Department is also now providing funding to mobilise a sectoral security operations centre and security incident event management service via HEAnet to the education sector to mitigate the risks associated with cyberattacks through a consistent and comprehensive 24-7 detection and response capability. The 24-7 piece is important because these attacks are often timed to happen at weekends or during downtimes and bank holidays. We allocated €750,000 in 2022. I am pleased that, through the Estimates process and the Government's renewed focus on the issue of cybersecurity, an additional €3 million - a significant increase - has been allocated in 2023 for the development of cybersecurity services. Recurrent funding to the HEA, which is disbursed to individual institutions, can also be used for enhancement of IT systems.

Aindrias Moynihan (Cork North West, Fianna Fail)
Link to this: Individually | In context | Oireachtas source

Tá sé os cionn seachtaine anois ó tharla an t-ionsaí seo ar scéim ríomhaireachta Ollscoil Teicneolaíochta na Mumhan, MTU. Tá an-bhuairt ar go leor daoine idir dhaltaí, iar-dhaltaí, thuismitheoirí agus an fhoireann go bhfuil a gcuid eolais phearsanta á chraobhscaoileadh ar an Idirlíon agus nach bhfuil sé slán. Caithfear a chinntiú go bhfuil gach iarracht á déanamh chun dul i ngleic lena leithéid d’ionsaí. Cad iad na céimeanna atá tógtha anois chun an t-eolas seo a láimhseáil agus chun a chinntiú nach dtarlóidh sé i gcoláistí eile ar fud na tíre? An bhfuil an tAire tar éis bualadh leis na coláistí eile? Cad iad na céimeanna atá á mbaint amach chun é sin a chinntiú?

Attacks like these do not happen in one go. There are often exploratory attempts beforehand. Was that the case with MTU? Was the attack detected on the first alarm? If there were earlier attempts, how were they viewed or dealt with? What is known about them? Is the attack over at this stage? We have seen that data have been published on the dark web. Is there further information that will be published? Are encrypted data being released? If so, has it been possible to measure the extent of that? Where are the next steps?

It is hugely important that support services are available to colleges and institutions in the event of an attack. I welcome the additional funding in that regard. Will additional funding be provided if these institutions need additional equipment in the years ahead? It is too early to be able to say what the cost will be. Will the Minister be able to put in place support for colleges and institutions to take those measures?

Simon Harris (Wicklow, Fine Gael)
Link to this: Individually | In context | Oireachtas source

I do not truthfully know the answer to the question on whether this was the first attempt to get into the system. I will try to get it from MTU if it is aware of it. The status of the attack is that the damage is now done and data have been taken. It is now about forensic analysis and providing information to people. The work is ongoing, with the forensic analysis under way. I am pleased the college is back open and I commend MTU staff and students in this regard. A huge body of work went into it. Impacted staff and students will shortly receive a specific letter of contact from MTU. In the meantime, the advice is to follow the general cyber hygiene advice on changing passwords and being extra vigilant. All support, advice and funding required by MTU on this matter will be provided. I am very pleased that MTU plugged into the National Cyber Security Centre and liaised with An Garda Síochána. I am conscious that there is work going on in this area. We will continue to work closely on this.