Written answers

Thursday, 7 April 2022

Department of Communications, Climate Action and Environment

Cybersecurity Policy

Photo of Brendan GriffinBrendan Griffin (Kerry, Fine Gael)
Link to this: Individually | In context | Oireachtas source

122. To ask the Minister for Communications, Climate Action and Environment the measures that are being taken to mitigate against the impacts of possible cyber-attacks on public services; and if he will make a statement on the matter. [13518/22]

Photo of Eamon RyanEamon Ryan (Dublin Bay South, Green Party)
Link to this: Individually | In context | Oireachtas source

The ransomware attack on the Health Service Executive last May demonstrated clearly the major impact cyber security incidents can have on the delivery of vital services and the protection of personal data. The National Cyber Security Centre plays an important role in supporting Government Departments and other public bodies to improve the resilience and security of their IT systems to better protect services that our people rely upon, and their data.  

Information sharing is a key component of the work of the NCSC whereby it acts a source of expert advice and guidance for public bodies and other stakeholders. In November 2021 the NCSC  published the public sector baseline cyber security standard which set out a framework to be used by Public Service Bodies as a baseline to gauge their organisation’s cyber security preparedness. The NCSC also shares information on threats and vulnerabilities, in the form of advisories. In many cases these advisories are shared with the public, however the NCSC also provides restricted and confidential advisories in respect of specific threats. The NCSC is in regular and frequent communication with international counterparts and the exchange of information is very much a two-way street. The NCSC has also deployed a monitoring programme, Sensor, across Government Departments to monitor for potential threats and malicious activity. The recent Capacity Review recommended expanding this programme across all Government Networks and Critical Infrastructure. This will be addressed in the legislation being drafted in my Department.

The NCSC has been operating at a heightened state of preparedness in response to the Russian invasion of Ukraine. The NCSC has contingency plans in place in case of escalation of malicious cyber activity impacting on Irish networks and services. The NCSC has arrangements in place to avail of external expert support as required including a number of third-party incident response services. The NCSC has also issued a number of guidance and support documents recently, including a detailed Advisory Note and a ‘Cyber Vitals’ check list. This Advisory detailed a cyber risk assessment and appropriate advice regarding the ongoing situation in Ukraine. These documents are publicly available on the NCSC website https://ncsc.gov.ie/news/ The NCSC is in ongoing contact with counterparts across the EU, as well as the UK, US and other countries to share information and monitor possible threats. The NCSC continues to work closely with the Defence Forces and An Garda Síochána and is in frequent contact with operators of critical infrastructure and services to monitor for possible malicious cyber activity. 

Comments

No comments

Log in or join to post a public comment.