Louise O'Reilly (Dublin Fingal, Sinn Fein)
Link to this: Individually | In context | Oireachtas source

172. To ask the Minister for Finance how many staff members in his Department have received training in cyber security in the past three years; what types of cyber security training programmes have been conducted; if he will provide details of these programmes; and of the staff trained in cyber security, how many have obtained accredited cyber security qualifications. [50797/23]

Louise O'Reilly (Dublin Fingal, Sinn Fein)
Link to this: Individually | In context | Oireachtas source

173. To ask the Minister for Finance the expenditure on cyber security consultants and companies within his Department in the past three years; if his Department engaged in cyber security audits with outside firms in the past three years; if so, the expenditure on same; the amount his Department spent on cyber security consultants and companies in the past three years; and for a breakdown of these expenditures by year and type of service provided [50815/23]

Louise O'Reilly (Dublin Fingal, Sinn Fein)
Link to this: Individually | In context | Oireachtas source

174. To ask the Minister for Finance if there are any ongoing contracts or commitments with cyber security firms; and if details can be provided [50833/23]

Louise O'Reilly (Dublin Fingal, Sinn Fein)
Link to this: Individually | In context | Oireachtas source

175. To ask the Minister for Finance if his Department has a policy and plan in place to address a ransomware attack and restore his Department's IT systems. [50851/23]

Michael McGrath (Cork South Central, Fianna Fail)
Link to this: Individually | In context | Oireachtas source

I propose to take Questions Nos. 172, 173, 174 and 175 together.

In relation to my Department, I wish to advise that ICT services are provided by the Office of the Government Chief Information Officer (OGCIO) under the Department of Public Expenditure and Reform. On behalf of my Department, OGCIO implements a defence-in-depth security strategy which is achieved through the effective combination of People, Processes, and Technology to support the implementation of appropriate security measures and provisions. Included in this defence-in-depth security strategy are policies and plans to address risks from malicious software such as ransomware. These ensure that a consistent and effective approach is followed in the management of cyber security threats and incidents.

For operational and security reasons, my Department does not disclose specific information relating to cyber security tools, spend, training, in house expertise and specific strategies employed to counter and combat the threats posed to information security.

I can advise the Deputy that a reciprocal shared services arrangement is in place between my Department and D/PENDR. As part of this, D/PENDR provide Internal Audit Unit services to my Department. D/PENDR engaged consultants to perform a joint cybersecurity audit for both Departments in 2023 with the cost borne by DPENDR.

My Department recognises the importance of maintaining strong cyber security awareness and ensures staff stay up to date on evolving cyber security threats including malware, phishing attacks and social engineering deception schemes.

Finally, my Department works closely with OGCIO and the National Cyber Security Centre which is a division of the Department of Communications, Climate Action and Environment, and encompasses the State's national/governmental Computer Security Incident Response Team (CSIRT-IE). CSIRT-IE is an internationally accredited response team focusing on enhancing both situational awareness and providing incident response for national cyber security incidents (including ransomware attack).