Catherine Murphy (Kildare North, Social Democrats)
Link to this: Individually | In context | Oireachtas source

199. To ask the Minister for Communications, Climate Action and Environment if he will bring forward a cyber-security Bill. [6216/22]

Ossian Smyth (Dún Laoghaire, Green Party)
Link to this: Individually | In context | Oireachtas source

In July 2021 the Government agreed to implement a number of capacity building measures for the National Cyber Security Centre, which is located within my Department. This decision was taken in response to a capacity review of the NCSC commissioned at the beginning of 2021. Amongst other recommendations, the NCSC Capacity Review recommended that the NCSC be provided with a properly established and appropriately scoped mandate, remit and budget through primary legislation. The Government agreed that the General Scheme of a Bill be prepared for Government approval, to establish the NCSC on a statutory basis and provide for related matters including clarity around its mandate. Officials in my Department are progressing this in consultation with other relevant Departments and agencies. In November 2021, the Government agreed a number of measures to enhance the security of electronic communications, including 5G networks. As part of the initiatives, the Government held a consultation on the Electronic Communications Security Measures (ECSMs), which are a detailed set of technical and organisational measures that providers of public electronic communications networks and publicly available electronic communications services will be required to implement. The security measures contained in the ECSMs will be provided with a legislative basis through the transposition of the European Electronic Communications Code. The consultation on the ECSMs concluded at the end of January and the responses are currently being reviewed.

Primary legislation will also be introduced which will provide for the assessment of the risk profile of providers of electronic communications network equipment and, if required, to designate certain vendors as being high risk. The legislation will also provide for certain parts of electronic communications networks to be designated as being critical and certain powers which would ensure that high risk vendors would not be used in our critical electronic communications networks. This legislation will be drafted in consultation with relevant Departments and Agencies.