Micheál Martin (Cork South Central, Fianna Fail)
Link to this: Individually | In context | Oireachtas source

170. To ask the Minister for Communications, Climate Action and Environment if he or his Department is co-ordinating cross-Government responses or plans for the cyber security of Government Departments to ensure that enough actions are being taken against a matter which has been described by the FBI in the USA and the NCSC in London as a threat to the safety, security and integrity of the cyber ecosystem. [22574/18]

Denis Naughten (Roscommon-Galway, Independent)
Link to this: Individually | In context | Oireachtas source

The National Cyber Security Centre (NCSC), which is a unit of my Department, has been engaged in a series of actions around assisting Government Departments and State Agencies in preserving the security of their networks and data for a number of years. A key component of that work has involved building technical capacity and situational awareness as to trends and developments around Network and Information Security generally, and particularly those risks that might arise for Government and Critical Infrastructure. The NCSC operates an Advisories and Alerts System which allows the unit rapidly disseminate information to Government Departments, Agencies and Critical Infrastructure Operators. These entities have signed up to this formally managed system, which is governed by a Traffic Light Protocol (or TLP) setting out the manner in which any information contained therein should be treated. This system presently has around 120 constituents and has recently been augmented with an SMS alert system.

On 17th April 2018, the NCSC issued an Advisory related to the issues referred to by the Deputy in his question, setting out the nature of the threats, and the precise types of equipment that have been targeted. The Advisory also contained a series of mitigation measures that constituents should consider, and a reminder that any incidents, of this or any type, should be reported to the NCSC. The Advisory carried a TLP AMBER rating. The NCSC remains in contact with similar bodies in other jurisdictions and any further pertinent information will be passed to constituents as soon as it is received.

The NCSC is also engaged in a series of other actions in this area. For example, a new website for the NCSC has been launched, and this will shortly be updated with information to assist individuals and small and medium sized businesses to protect their information systems. The unit has also been heavily engaged in work to prepare for the EU Network and Information Security Directive, which will place binding security requirements on critical infrastructure operators and certain key Digital Service Providers. The Directive also places obligations on the State itself, in terms of ensuring that States can cooperate and share information in the event of a large scale incident affecting several countries and to ensure that every State has significant capacity of its own. To that end, the Computer Security Incident Response Team (CSIRT) within the NCSC received international accreditation in 2017 and plays an active role in a number of European and international organisations. The unit also participates in international exercises, including an upcoming European aviation security event.

My Department is also working on a new National Cyber Security Strategy, which will set out a series of measures to be taken in the coming years across the public and private sector. This Strategy will be consulted on later this year, in advance of finalisation.