Damien English (Meath West, Fine Gael)
Link to this: Individually | In context

Question 646: To ask the Minister for Enterprise, Trade and Employment the number of and the records kept by his Department of attempted hacking or suspected cyber attacks or other malicious computer security breaches committed against his Department's computer systems. [1724/08]

Micheál Martin (Cork South Central, Fianna Fail)
Link to this: Individually | In context

The Internet is an increasingly aggressive environment and the advice of my Department's ICT security advisers is that all websites and on-line systems run the risk of hacking or some other cyber attack. Many of these attacks are automated and are not targeted at particular individuals or organisations. Consequently my Department takes the security of its computer systems and the data they contain very seriously. My Department's computer systems are protected by a range of security technologies designed to minimise the potential for hacking or cyber attack. These systems have the ability to generate alerts and records of unusual or suspicious activity which could indicate that a cyber attack was being attempted.

Over the last few years my Department and its Offices has developed a comprehensive on-line presence comprising 14 separate websites, including three on-line processing systems. Apart from a small number of minor incidents where individual computers have found to have been infected with a virus, my Department's records indicate that noteworthy hacking or cyber attacks have been carried out against the Department's public websites on four separate occasions.

Three of these attacks were against websites hosted internally within my Department, while the fourth was against a website hosted and maintained by a 3rd party.

The attacks against the websites hosted within my Department were forensically investigated by an independent firm of ICT security consultants who concluded that there was no evidence to suggest that other servers, networks or data within the Department had been compromised. A full record of these incidents has been created, including a comprehensive report from the consultants. The incidents were reported to An Garda Síochána and I am informed that their investigation is ongoing.These attacks underline the growing importance of ICT security. Maintaining a secure ICT infrastructure is a continuous process, involving a combination of appropriately skilled people and the implementation of best-practice processes and technologies. Last year my Department, with the assistance of external ICT security experts, conducted a comprehensive review of ICT security across the Department and its Offices. The findings of the report now form a significant part of my Department's new ICT Strategy (2008-2010) and in conjunction with the external security consultants a programme of work is currently being undertaken which is designed to deliver ongoing improvements in the security of the Departments' ICT systems. In addition a dedicated Information Security Officer is being appointed to maintain an ongoing focus on Information Security across the Department.