Tuesday, 25 May 2021
Department of Enterprise, Trade and Employment
My Department adopts a defence in depth approach to cyber security. This approach uses multiple layers and disparate systems to deliver security which is not dependent on any single component. Given the heightened level of risk which currently exists, our technical staff has adopted a posture of increased vigilance and oversight of systems.
My Department is taking advice from our own external security advisers, and is also monitoring advice and guidance coming from the National Cyber Security Centre (NCSC) on any additional steps which should be implemented in the light of current risks. This advice is also being shared with the State agencies under the remit of my Department, who are evaluating this advice in the context of their own cyber security arrangements.
For operational and security reasons, we are advised by the NCSC not to disclose details of systems and processes which could in any way compromise those efforts. In particular, it is not considered appropriate to disclose information which might assist criminals to identify potential vulnerabilities in departmental cybersecurity arrangements, or to allow those criminals to enumerate differences in approach between public bodies which could be used to identify targets.
Therefore, it is not considered appropriate to disclose particular arrangements in place in relation to cyber security tools and services, or financial details which could be used to rank the cyber defences of public bodies, and my Department does not comment on operational security matters.