Tuesday, 25 May 2021
Department of Communications, Climate Action and Environment
70. To ask the Minister for Communications, Climate Action and Environment if he will address matters (details supplied) regarding cyber security at hospitals and healthcare systems in Ireland; and if he will make a statement on the matter. [27689/21]
71. To ask the Minister for Communications, Climate Action and Environment if a public investigation will be carried out into the HSE cyber-attack following the example of the British Government and will the findings be published pertaining to the preparedness and response of the HSE to the cyber-attack. [27690/21]
72. To ask the Minister for Communications, Climate Action and Environment the investment made by his Department in each year in cyber security for the past ten years and State agencies under its remit. [27691/21]
I propose to take Questions Nos. 70, 71 and 72 together. I propose to take Questions Nos 70 to 72, inclusive, and 140 together:
The National Cyber Security Centre (NCSC) which is located within my Department, acts as a central contact point in the event of a government or nation-wide cyber security incident affecting the State, including the provision of advisory notices to its core group of government departments, state agencies, and organisations responsible for critical national infrastructure.
With regard to the cyber attack on the HSE, the NCSC has been intensively engaging with the HSE since early on Friday 14 May and has deployed its resources to fully support the HSE in identifying the affected systems and to bring systems back online, liaising with international partners and third-party contractors. The focus continues to be the restoration of our health services.
The actual detail of security measures employed by each individual organisation to secure that organisation's network and information systems is a matter for each individual organisation. More broadly, it is not considered appropriate to disclose information which might assist criminals to identify potential vulnerabilities in IT security arrangements. Therefore it is not considered appropriate to disclose particular arrangements in place in relation to IT security tools and services, including those in relation to my Department, or agencies under its remit and my Department does not comment on operational security matters.