Louise O'Reilly (Dublin Fingal, Sinn Fein)
Link to this: Individually | In context | Oireachtas source

107. To ask the Minister for Communications, Climate Action and Environment if mobile and software applications from a company (details supplied) will be banned from Government devices to protect users’ data from being passed to state security services, in light of information outlined in a media report. [25373/23]

Eamon Ryan (Dublin Bay South, Green Party)
Link to this: Individually | In context | Oireachtas source

The National Cyber Security Centre (NCSC), which is part of my Department, issues guidance to Government Departments in relation to cyber security.

The NCSC does not have the ability to ban software or applications across Government. However, it does issue guidance to Government Departments who are responsible for the security of their networks and must take decisions based on their individual risk profile.

The NCSC has issued two pieces of guidance in relation to the use of mobile devices:

1. An internal guide for Government Departments and officials, updated 7 March 2023, recommends that officials “should only download and use apps strictly necessary to carry out your duties. In determining whether to download and use an app, you should be cognisant of the type and amount of data the app will have access to, and the reputation of the developer. In general, social media, gaming, fitness, gambling, or ancillary apps (torch, clock, calculator etc.) should not be downloaded.”

2. The NCSC, more recently published on its website, a comprehensive Mobile Device Management Guide, providing details to ICT Managers on taking a risk-based approach to the security measures required to manage a fleet of Departmental mobile devices. This document also contains advice on the vetting of third-party applications which should be examined based on Business Need, Permissions, Data & Privacy, Cyber Security, Non-Technical Factors and NCSC Advice.