Jim O'Callaghan (Dublin Bay South, Fianna Fail)
Link to this: Individually | In context | Oireachtas source

268. To ask the Minister for Communications, Energy and Natural Resources if his Department has had contact with the US authorities regarding a National Security Agency information technology hacking breach and its link to recent malware information technology attacks across the globe; and if he will make a statement on the matter. [23817/17]

Denis Naughten (Roscommon-Galway, Independent)
Link to this: Individually | In context | Oireachtas source

The major cyber attack that occurred globally in recent days is unprecedented in terms of scale and speed of onset. Whereas ransomware attacks via malicious e-mail attachment have become commonplace, this newly discovered malware type, generally referred to as WannaCry2 possesses the ability to spread very rapidly from machine to machine without any user intervention. The National Cyber Security Centre (NCSC) monitored the situation on Friday and over the weekend, and engaged with national and international stakeholders, coordinating the national response and informing Government of developments. The NCSC also issued a series of Advisory notices to Government Departments and Agencies over the weekend as this issue developed and more became known about the malware. The impact of this on Ireland was limited, but further variants are expected to be developed and there is a high risk that further incidents of this type will arise again in the future. The NCSC is conducting a review of the response to recent events, and I will bring any recommendations arising to Government in due course.

The NCSC remains in close contact with international counterparts, including the authorities in the United States and with public and private sector entities in Ireland, particularly with regard to ensuring that the impact of any future variants of this malware are mitigated.

Niall Collins (Limerick County, Fianna Fail)
Link to this: Individually | In context | Oireachtas source

269. To ask the Minister for Communications, Energy and Natural Resources the strategy documents and information notes used in awareness campaigns to make SMEs safe from cyber attacks published by his Department since 2011. [23826/17]

Denis Naughten (Roscommon-Galway, Independent)
Link to this: Individually | In context | Oireachtas source

The major cyber attack that occurred globally in recent days is unprecedented in terms of scale and speed of onset. Whereas ransomware attacks via malicious e-mail attachment have become commonplace, this newly discovered malware type, generally referred to as WannaCry2 possesses the ability to spread very rapidly from machine to machine without any user intervention. The National Cyber Security Centre (NCSC) monitored the situation on Friday and over the weekend, and engaged with national and international stakeholders, coordinating the national response and informing Government of developments. The NCSC also issued a series of Advisory notices to Government Departments and Agencies over the weekend as this issue developed and more became known about the malware. The impact of this on Ireland was limited, but further variants are expected to developed and there is a high risk that further incidents of this type will arise again in the future. The NCSC is conducting a review of the response to recent events, and will bring any recommendations arising to Government in due course.

The focus of the NCSC in the period since 2015, as set out in the National Cyber Security Strategy, has been to roll out a functional incident response capability, to improve the security of Government ICT and to prepare for the transposition of the Network and Information Security Directive. All of these deliverables are well underway but significant challenges persist. The NCSC has also developed a website MakeITsecure.ie to providing support to individuals and to small businesses around IT security. This site will be redeveloped in the coming months, but only once existing critical tasks are further advanced.

The responsibility for the safety and security of IT systems rests with the owners of those systems, at all times. The NCSC has a set of specific roles with regard to the security of Government and certain key infrastructure IT systems, but even in those cases, operational responsibility for security rests with the organisations that own and operate those systems. While the NCSC will continue to evolve it's information provision offering to businesses and private individuals, it will not be acting as an incident response team for anyone other than Government institutions.