Bernard Durkan (Kildare North, Fine Gael)
Link to this: Individually | In context | Oireachtas source

63. To ask the Minister for Enterprise, Trade and Employment his plans to upgrade the IT system in his Department and bodies under his aegis with a view to maximising the protection against hackers. [28683/21]

Leo Varadkar (Dublin West, Fine Gael)
Link to this: Individually | In context | Oireachtas source

My Department adopts a defence in depth approach to cyber security. This approach uses multiple layers, disparate systems and monitors to deliver security which is not dependent on any single component. Given the heightened level of risk which currently exists, our technical staff has adopted a posture of increased vigilance and oversight of systems.

My Department is taking advice from our own external security advisers, and is also monitoring advice and guidance coming from the National Cyber Security Centre (NCSC) on any additional steps which should be implemented in the light of current risks. My Department has an ongoing process for patching and upgrading systems, and this process has been adjusted and informed in light of current risk levels and advice.

For operational and security reasons, we are advised by the NCSC not to disclose details of systems and processes which could in any way compromise those efforts. In particular, it is not considered appropriate to disclose information which might assist criminals to identify potential vulnerabilities in departmental cybersecurity arrangements, or to allow those criminals to enumerate differences in approach between public bodies which could be used to identify targets.

Therefore, it is not considered appropriate to disclose particular arrangements in place in relation to cyber security tools and services, and my Department does not comment on operational security matters.

Bernard Durkan (Kildare North, Fine Gael)
Link to this: Individually | In context | Oireachtas source

64. To ask the Minister for Enterprise, Trade and Employment if additional security measures will be taken to impede and prevent the intrusion of hackers in his Department’s IT system and to ensure an early warning system is in place which will trigger an ultimate defence; and if he will make a statement on the matter. [28701/21]

Leo Varadkar (Dublin West, Fine Gael)
Link to this: Individually | In context | Oireachtas source

My Department adopts a defence in depth approach to cyber security. This approach uses multiple layers, disparate systems and monitors to deliver security which is not dependent on any single component. Given the heightened level of risk which currently exists, our technical staff has adopted a posture of increased vigilance and oversight of systems.

My Department is taking advice from our own external security advisers, and is also monitoring advice and guidance coming from the National Cyber Security Centre (NCSC) on any additional steps which should be implemented in the light of current risks, including strengthening appropriate controls where necessary.

For operational and security reasons, we are advised by the NCSC not to disclose details of systems and processes which could in any way compromise those efforts. In particular, it is not considered appropriate to disclose information which might assist criminals to identify potential vulnerabilities in departmental cybersecurity arrangements, or to allow those criminals to enumerate differences in approach between public bodies which could be used to identify targets.

Therefore, it is not considered appropriate to disclose particular arrangements in place in relation to cyber security tools and services, and my Department does not comment on operational security matters.