Noel Rock (Dublin North West, Fine Gael)
Link to this: Individually | In context | Oireachtas source

605. To ask the Minister for Communications, Energy and Natural Resources the actions his Department is taking to protect against cyber attacks after the NTMA website went down for several hours after a suspected hacking attack; and if he will make a statement on the matter. [6877/17]

Denis Naughten (Roscommon-Galway, Independent)
Link to this: Individually | In context | Oireachtas source

In recent days, the websites of a number of companies and agencies in Ireland were defaced, apparently by an activist group. The level of technical skill required to do this type of damage is relatively low, with the tools required to do so available on line. In these cases, the best defence is to ensure that the software running the site is up to date, with the latest software patches applied.

The National Cyber Security Centre (NCSC), in my Department, was informed of the events concerning the NTMA site shortly after it occurred, and worked with them to identify the nature of the problem. The same day, the NCSC issued an advisory notice to all of its constituent Departments and Agencies, suggesting measures to reduce the risk of similar incidents on their sites. Also, in the same advisory, the NCSC offered a service to constituents, in which the unit would actively scan for similar vulnerabilities on public facing infrastructure, and notify them of same. A number of bodies have taken up this offer, and scans are being instituted on a regular basis.

This service is one of an evolving family of services that the NCSC offers to public sector bodies, and the unit is continuing to develop and broaden its offerings with a view to continually improving the security of the public sector IT infrastructure owned and operated by Departments and Agencies. The NCSC will also be, through the Public Appointments Service, launching a recruitment campaign in the coming weeks, both to enable it to further develop services for public sector bodies and to begin the process of transposing the EU Network and Information Security Directive.