Catherine Callaghan (Carlow-Kilkenny, Fine Gael)
Link to this: Individually | In context

6. To ask the Tánaiste and Minister for Justice and Equality the progress on developing a new national cybersecurity strategy; and if he will make a statement on the matter. [49231/25]

Jim O'Callaghan (Dublin Bay South, Fianna Fail)
Link to this: Individually | In context

I thank Deputy Callaghan for her question. She has identified an area of our national security and national defence that needs to be accentuated and taken much more seriously in light of recent developments in the world. A number of weeks ago, we saw cyberattacks on airports throughout Europe. It had a bit of an impact on Ireland, but what they are indicative of is that cybersecurity is extremely essential in our country at present.

Ireland’s second national cybersecurity strategy, for the years 2019 to 2024, set out 20 collaborative measures with the aim of meeting a range of objectives. These included improving the ability of the State to respond to and manage cybersecurity incidents and improving the resilience and security of public sector IT systems to better protect data and the services that our people rely upon. A mid-term review of the strategy published in May 2023 saw the inclusion of a further 18 new measures to be met within its lifetime. An end-of-strategy report is close to completion and I expect to publish it shortly alongside a public consultation.

It is also important to point out that I hope to bring significant legislation before the House in the near future, namely, the national cybersecurity Bill, for which we got permission last year to proceed to drafting. That is going to set out the official statutory basis for our cybersecurity system in Ireland. In a European context, it will seek to transpose the NIS2 directive alongside other national commitments relating to cybersecurity, such as those contained in the programme for Government and the national development plan. Officials in my Department are consulting the National Cyber Security Centre. I had the opportunity to visit the centre recently. It is very advanced in terms of its technology and sophistication. Having met the people there, I am very confident that there are good people in charge of cybersecurity in this country.

Catherine Callaghan (Carlow-Kilkenny, Fine Gael)
Link to this: Individually | In context

I thank the Minister for his answer. As we all know and as he said, cyber-resilience is really critical in this modern world. We need robust cybersecurity to protect our digital systems and data from unauthorised access and misuse and from theft and damage due to the increasingly sophisticated cyberattacks. Cyberattacks are increasing in frequency, complexity and destructiveness and can compromise our critical infrastructure across geographical borders without even being present in this jurisdiction. That is the real threat that we are facing as a nation. The national cybersecurity strategy the Minister outlined is the vision and the roadmap for how to effectively enhance cybersecurity and resilience across public bodies, essential services, businesses and households. I recently had a quick look at the Defence Forces' cyberdefence strategy for 2024 to 2027, and I was very impressed by their ambition to ensure that their strategy delivered cyber capabilities that could prevent, monitor, detect, defend against and recover from cyberattacks. Does the overall national cybersecurity strategy that is being currently developed have the same ambition for collective resilience? Will it be ready by the end of 2025?

Jim O'Callaghan (Dublin Bay South, Fianna Fail)
Link to this: Individually | In context

It does have the same ambition. It is important to note that we do not try to divide up Ireland's protections into different spheres, whether it is the Defence Forces or what comes within the ambit of the Department of justice. Huge collaboration is ongoing across Government. At present, my Department is engaging with key stakeholders, including the Departments of foreign affairs, Defence and enterprise, trade and employment, to ensure alignment with a range of related national strategies such as the digital and AI strategy and the maritime strategy.

As the Deputy identified, these are now significant threats, not just to Departments and Government agencies, but also to the private sector. One of the consequences of the legislation that I will be bringing before the House in the near future is that, when enacted, it will impose obligations, not just on State agencies to be prepared, but on certain types of those in the private sector to be prepared as well. A cyberattack on a State agency can have enormously detrimental consequences. Similarly, a cyberattack on a private enterprise can have devastating consequences for Irish consumers.

Catherine Callaghan (Carlow-Kilkenny, Fine Gael)
Link to this: Individually | In context

In the Department of justice, we know An Garda Síochána leads the domestic intelligence and national security operations, while the NCSE manages cybersecurity. In the Department of Defence, the Defence Forces handle external and military intelligence. In the Department of the Taoiseach, the national security secretariat provides strategic oversight and co-ordination. Will the Minister please outline the current level of collaboration between these three Departments? Is he confident that their collective cyber-resilience is sufficient to ensure that the proposed new national cybersecurity strategy will effectively protect the State and its agencies from nation state actors, for example, Russian military hackers and cybercriminal adversaries, those groups that are financially motivated to carry out cyberattacks for profit, of which Wizard Spider, which was responsible for the HSE attack, is a prime example.

Jim O'Callaghan (Dublin Bay South, Fianna Fail)
Link to this: Individually | In context

In fairness, I think this Government is the first to set up a national security committee that meets frequently in respect of security issues affecting the State. There is collaboration across Government. There is a recognition that, when it comes to national security and protecting ourselves from cyber threats, there has to be an aligned, agreed response from the State. I would not like the impression to be created that there are separate agencies doing their own things such as the Defence Forces, An Garda Síochána and the National Cyber Security Centre. There is collaboration through the Government to ensure that we have a national system of cyberdefence that is effective in protecting the State.

The National Cyber Security Centre was provided with very significant resources in the budget two days ago. I managed to secure a significant increase in the amount of resources for the National Cyber Security Centre. Regrettably, that is necessary. The reason it is necessary is because there are increasing threats to our cyber networks from malign actors.