Written answers

Wednesday, 26 May 2021

Department of An Taoiseach

Cybersecurity Policy

Photo of Catherine MurphyCatherine Murphy (Kildare North, Social Democrats)
Link to this: Individually | In context | Oireachtas source

52. To ask the Taoiseach if a schedule will be provided of IT and email security costs incurred over the past five years to date; and the contractor engaged to deliver the services and or system. [27422/21]

Photo of Fergus O'DowdFergus O'Dowd (Louth, Fine Gael)
Link to this: Individually | In context | Oireachtas source

53. To ask the Taoiseach if his Department is fully compliant with GDPR EU requirements, the EU network and Information Security Directive and standards with respect to his Department’s IT infrastructure including Article 29 of GDPR which requires that data processors access only the data they need for their task; if ISO 27001 Annex 9 standards on privileged access are fully met. [27437/21]

Photo of Fergus O'DowdFergus O'Dowd (Louth, Fine Gael)
Link to this: Individually | In context | Oireachtas source

54. To ask the Taoiseach if any State or semi-State bodies which report to his Department are fully compliant with GDPR EU requirements and the EU network and Information Security Directive and standards with respect to their IT infrastructure including article 29 of GDPR which requires that data processors access only the data they need for their task; and if ISO 27001 annex 9 standards on privileged access are fully met. [27438/21]

Photo of Bernard DurkanBernard Durkan (Kildare North, Fine Gael)
Link to this: Individually | In context | Oireachtas source

57. To ask the Taoiseach his plans to upgrade the IT system in his Department and bodies under his aegis with a view to maximising the protection against hackers. [28694/21]

Photo of Bernard DurkanBernard Durkan (Kildare North, Fine Gael)
Link to this: Individually | In context | Oireachtas source

58. To ask the Taoiseach if additional security measures will be taken to impede and prevent the intrusion of hackers in his Department’s IT system and to ensure an early warning system is in place which will trigger an ultimate defence. [28712/21]

Photo of Seán SherlockSeán Sherlock (Cork East, Labour)
Link to this: Individually | In context | Oireachtas source

59. To ask the Taoiseach if there is a policy of data back-up in the operations of his Department and all agencies under his remit. [28126/21]

Photo of Peadar TóibínPeadar Tóibín (Meath West, Aontú)
Link to this: Individually | In context | Oireachtas source

60. To ask the Taoiseach the investment made by his Department and State agencies under its remit in each year in cyber security for the past ten years. [28851/21]

Photo of Micheál MartinMicheál Martin (Cork South Central, Fianna Fail)
Link to this: Individually | In context | Oireachtas source

I propose to take Questions Nos. 52, 53, 54, and 57 to 60, inclusive, together.

My Department implements a security-by-design and defence-in-depth approach to cyber security.

The Government’s services are still actively involved in managing and remediating the recent cyberattack on the HSE. Our technical staff continue to operate and monitor all relevant systems to the highest levels, and are closely engaged with experts in the OGCIO and the NCSC to ensure that we follow best practice as it relates to all aspects of cyber security and information security, including data backup.

For operational and security reasons, we are advised by the NCSC not to disclose details of systems and processes which could in any way compromise those efforts. In particular, it is not considered appropriate to disclose information which might assist criminals to identify potential vulnerabilities in departmental cyber security arrangements. Therefore, it is not considered appropriate to disclose particular arrangements in place in relation to cyber security tools and services and my Department does not comment on operational security matters.

My Department has policies and procedures in place, which are kept under review, to ensure the protection of departmental records in line with GDPR requirements.

Comments

No comments

Log in or join to post a public comment.