Kieran O'Donnell (Limerick City, Fine Gael)
Link to this: Individually | In context | Oireachtas source

122. To ask the Minister for Public Expenditure and Reform the measures that are being taken to improve the resilience of IT systems in the civil service and wider public sector given the ever-present risk of cybercrime. [31330/22]

Michael McGrath (Cork South Central, Fianna Fail)
Link to this: Individually | In context | Oireachtas source

In November 2021, the Public Sector Cyber Security Baseline Standard was published by the Minister for the Environment, Climate and Communications. This was a commitment in the National Cyber Security Strategy 2019-2024 and sets out a range of guidance for civil and public service bodies as they continue to work to mitigate the risk of cyber crime and improve resilience of their ICT and digital systems. The Cyber Security Baseline Standards Framework will be used by Public Service Bodies to assess and improve the management of cybersecurity and will allow them to identify, protect, detect, respond to, and recover from an attack, minimising damage and impact. While I cannot answer on behalf of colleagues in other Departments I am happy to advise that the measures in place in my own Department already meet the baseline standard.

It is critical that the State continues to upgrade and improve the resilience of the State’s IT systems across both public and private sectors. This is a global issue and the European Union has put in place specific EU-wide legislation, the Network and Information Security (NIS) directive, to ensure that critical IT systems are subject to a higher standard of cyber-security. Updated legislation is currently being drafted by my colleague the Minister for the Environment, Climate and Communications whose Department is responsible for the transposition of the NIS2 Directive in to national law. This new legislation is needed in order to strengthen the security requirements and expand the list of systems and industries that fall under its scope. For the first time this legislation will cover critical public administration activities carried out by the public sector.