Louise O'Reilly (Dublin Fingal, Sinn Fein)
Link to this: Individually | In context | Oireachtas source

242. To ask the Minister for Education and Skills the expenditure on cyber security consultants and companies within her Department in the past three years; if her Department engaged in cyber security audits with outside firms in the past three years; if so, the expenditure on same; the amount her Department spent on cyber security consultants and companies in the past three years; and for a breakdown of these expenditures by year and type of service provided. [50812/23]

Norma Foley (Kerry, Fianna Fail)
Link to this: Individually | In context | Oireachtas source

I propose to take PQs 50812, 50830 and 50848 together.

My Department's cyber security defences are supported by the work of the National Cyber Security Centre (NCSC) and the national computer security incident response team, CSIRT, which provides early warnings, alerts, announcements and dissemination of information about risks and incidents to my Department.

The NCSC which is located within the Department of Communications, Climate Action and Environment, is the primary cyber security authority in the State. The NCSC provides a range of cyber security services to operators of critical national infrastructure, Government Departments and agencies. 

My Department has a number of robust measures in place to protect the security of its IT systems and infrastructure.  These measures are reviewed and updated on a regular basis. 

My Department has previously been advised by the NCSC that, for security reasons, not to disclose details of its cyber security operations (including details of commercial relationships, audits/exercises and expenditure) which could in any way compromise the Department’s information security posture.  In particular, it is not considered appropriate to disclose any information, which might assist malicious actors to identify potential vulnerabilities.