Paul Murphy (Dublin South West, RISE)
Link to this: Individually | In context | Oireachtas source

453. To ask the Minister for Foreign Affairs and Trade the circumstances whereby his mobile phone was hacked; the information taken from the phone; the reports that were made to An Garda Síochána; the date on which they were made; the investigations that were conducted by An Garda Síochána or his Department in relation to the hacking; and the measures in place to minimise the chance of his phone being hacked again. [42596/21]

Simon Coveney (Cork South Central, Fine Gael)
Link to this: Individually | In context | Oireachtas source

In August 2020, I was subjected to a phishing attack via the “Telegram” messaging app on my mobile phone. Using credentials created on this platform, my identity was used to contact several foreign ministries.

The phone was taken out of use and a replacement issued. On the advice of my officials, the incident was reported to An Garda Síochána.

An Garda Síochána, in conjunction with the National Cyber Security Centre (NCSC), carried out a digital forensic investigation on the phone.

The risk of cyber-attacks and compromises in my Department is addressed through mandatory cyber security awareness training, technical controls and close liaison with the NCSC 

Paul Murphy (Dublin South West, RISE)
Link to this: Individually | In context | Oireachtas source

454. To ask the Minister for Foreign Affairs and Trade the measures taken to ensure that his text messages used for official business are filed as part of the records management process as required by the decision of the Information Commissioner (details supplied). [42597/21]

Simon Coveney (Cork South Central, Fine Gael)
Link to this: Individually | In context | Oireachtas source

My Department is committed to a robust records management process and to the fulfilment of its obligations under the 1986 National Archives Act. As required by this Act, all records made or received in the course of the official business of the Department that are not subject to a disposal certificate are retained and then transferred to the National Archives at the 30 year mark, or the 20 year mark in the specific case of records relating to Northern Ireland. My Department has consistently completed the largest transfer of all Government Departments since the first intake of records in 1990.

The ICT revolution and new technologies over the last 35 years have ushered in transformation in the operations of business and Government, and records keeping policies internationally are evolving to address the substantial challenges. In Ireland, our National Archives Act is clear that it is the content and context of information, and not its format, that determines whether it is a record.  Digital communications becoming the norm for Government work presents real practical difficulties for all Government Departments in terms of the retention, filing and storage of communications that could be of sufficient evidential value to constitute records.

There is also the important challenge of reconciling the various obligations of cybersecurity, Freedom of Information and Data Protection Acts. The latter Act rightly obliges us to retain no records containing personal data beyond the time required by their limited, lawful purpose.

My Department is currently undergoing a programme of change similar to other Departments as we are in the process of transforming records management practices and working to introduce a new modern system to meet the demands of our current work practices. These efforts are led by the OGCIO (Office of the Government Chief Information Officer) and include the roll-out of eDocs Records and Document Management platform. My Department will commence its migration to the eDocs platform next year.

In preparation for this, my Department initiated a comprehensive Records Management Reform Project in 2019. This will include an updated Retention Policy and Schedule based on the Guidelines issued by the National Archives in January of this year. It will also look at technical solutions for the efficient transfer and retention of records formed on new electronic technologies. We will incorporate these solutions and other innovations that came from our management response to the Covid-19 pandemic in our future ways of working.