Imelda Munster (Louth, Sinn Fein)
Link to this: Individually | In context | Oireachtas source

1. To ask the Minister for Enterprise, Trade and Employment if his Department’s IT infrastructure is monitored for security breaches on a 24/7 basis; the guidance provided from Government on same; and if he will make a statement on the matter. [45308/21]

Leo Varadkar (Dublin West, Fine Gael)
Link to this: Individually | In context | Oireachtas source

My Department adopts a defence in depth approach to cyber security. This approach uses multiple layers and disparate systems to deliver security which is not dependent on any single component. Given the heightened level of risk which has pertained in recent months, my Department’s technical staff has adopted a posture of increased vigilance and oversight of systems.

My Department takes advice from its own external security advisers, and monitors advice and guidance coming from the National Cyber Security Centre (NCSC) on any additional steps which should be implemented in the light of current risks.

On foot of increased threat levels from cyber criminals and the advice from the NCSC, my Department has implemented a number of additional controls, and has also reviewed existing controls to ensure that they are still being applied consistently.

Given the current threat levels and the significant resources which cyber criminals are prepared to use to hack into systems, it is important that we are not complacent in our approach to cyber security. Cyber security is an ongoing process in my Department, and we will continue to review the controls we have in place and implement new controls and protections where necessary and as new cyber defence technologies become available.

For operational and security reasons, we are advised by the NCSC not to disclose details of systems and processes which could in any way compromise cyber security measures in place in public bodies. In particular, it is not considered appropriate to disclose information which might assist criminals to identify potential vulnerabilities in departmental cyber security arrangements or to make comparisons of cyber defences between public bodies.

Therefore, it is not considered appropriate to disclose particular arrangements in place in relation to cyber security tools and services, and my Department does not comment on operational security matters.