Seán Sherlock (Cork East, Labour)
Link to this: Individually | In context | Oireachtas source

1508. To ask the Minister for Communications, Energy and Natural Resources if registered political parties and their parliamentary and electoral activities are regarded as part of the critical infrastructure of the State and as therefore falling within the mandate of the National Cyber Security Centre, NCSC; if the NCSC has or proposes to develop a programme in co-operation with political parties, in government and in opposition, to assess and to reduce any vulnerability of their systems and networks to cyber attacks whether from activists, criminals, terrorists or foreign states; and if he will make a statement on the matter. [1586/17]

Denis Naughten (Roscommon-Galway, Independent)
Link to this: Individually | In context | Oireachtas source

The EU Network and Information Security Directive places a series of obligations on Member States on the security of both Operators of Essential Services and Digital Service Providers. In the case of the former, Member States must identify those services that are both dependent on network and information systems and which are essential to the maintenance of critical societal and/or economic activities. The identified operators will then be obliged to meet certain security requirements and to report incidents to a National Competent Authority.

A public consultation on the transposition of the Directive closed in late 2016, and the Department is presently working on the development of primary legislation to transpose this Directive, as well as engaging directly with relevant Departments and Agencies across Government. The Directive identifies a list of types of entities that must be considered, including operators in the energy, healthcare, transport and internet infrastructure sectors. Once complete, this process will result in an official list of identified operators of essential services. It is possible for Member States to add entities to their national list, outside of those sectors identified in the Directive, but it is unlikely that this will occur in the short term. Defining political parties as critical infrastructure is therefore unlikely, and in any case the responsibility for security would remain with those entities.

Alan Kelly (Tipperary, Labour)
Link to this: Individually | In context | Oireachtas source

1509. To ask the Minister for Communications, Energy and Natural Resources further to the recent US intelligence assessment on the role of Russian hacking during the 2016 US Presidential election, the steps he and the relevant State authorities have taken to prevent similar cyber attacks here. [1642/17]

Denis Naughten (Roscommon-Galway, Independent)
Link to this: Individually | In context | Oireachtas source

To date, the primary focus of the Cyber Security function in my Department, the National Cyber Security Centre (NCSC), has been in assisting Government Departments and Agencies to secure their networks and information, and to begin the process of transposing the EU Network and Information Security Directive. The NCSC has at present no role in actively preventing attacks on private sector entities, not least because this would require active surveillance of network activity, something for which there is no legislative basis, and which would pose a number of data protection and other challenges.  

The NCSC has become the national point of contact for cyber security matters, and receives notice of suspicious activity of networks in Ireland from similar bodies in other jurisdictions, and from the cyber security sector. In cases where this activity involves private sector operators, and where possible, the NCSC contacts them directly and warns them of issues arising, and of steps that might be taken to mitigate risks to their systems or data. If notice was received of activity around the networks of a political party, the same procedure would be followed.