Written answers
Tuesday, 21 November 2023
Department of Education and Skills
Cybersecurity Policy
Louise O'Reilly (Dublin Fingal, Sinn Fein)
Link to this: Individually | In context | Oireachtas source
590. To ask the Minister for Education and Skills how many staff members in his Department have received training in cyber security in the past three years; what types of cyber security training programmes have been conducted; if he will provide details of these programmes; and of the staff trained in cyber security, how many have obtained accredited cyber security qualifications. [50799/23]
Louise O'Reilly (Dublin Fingal, Sinn Fein)
Link to this: Individually | In context | Oireachtas source
591. To ask the Minister for Education and Skills the expenditure on cyber security consultants and companies within his Department in the past three years; if his Department engaged in cyber security audits with outside firms in the past three years; if so, the expenditure on same; the amount his Department spent on cyber security consultants and companies in the past three years; and for a breakdown of these expenditures by year and type of service provided [50817/23]
Louise O'Reilly (Dublin Fingal, Sinn Fein)
Link to this: Individually | In context | Oireachtas source
592. To ask the Minister for Education and Skills if there are any ongoing contracts or commitments with cyber security firms; and if details can be provided [50835/23]
Louise O'Reilly (Dublin Fingal, Sinn Fein)
Link to this: Individually | In context | Oireachtas source
593. To ask the Minister for Education and Skills if his Department has a policy and plan in place to address a ransomware attack and restore his Department's IT systems. [50853/23]
Simon Harris (Wicklow, Fine Gael)
Link to this: Individually | In context | Oireachtas source
The Department of Education and my Department have a shared service on ICT.
This includes managing cyber-security matters, audits, and ICT-related consultancies. The services provided to my Department and the Department of Education include cyber security defences, which are supported by the work of the National Cyber Security Centre (NCSC) and the national computer security incident response team, CSIRT, which provides early warnings, alerts, announcements and dissemination of information about risks and incidents to both Departments.
The NCSC, which is located within the Department of Communications, Climate Action and Environment, is the primary cyber security authority in the State. The NCSC provides a range of cyber security services to operators of critical national infrastructure, Government Departments and agencies.
There are a number of robust measures in place to protect the security of the IT systems and infrastructure of both the Department of Education and my Department. These measures are reviewed and updated on a regular basis.
The Departments have previously been advised by the NCSC, for security reasons, not to disclose details of its cyber security operations (including details of commercial relationships, audits/exercises and expenditure) which could in any way compromise either Department’s information security posture. In particular, it is not considered appropriate to disclose any information, which might assist malicious actors to identify potential vulnerabilities.
No comments