Ruairí Ó Murchú (Louth, Sinn Fein)
Link to this: Individually | In context | Oireachtas source

94.To ask the Minister for Communications, Climate Action and Environment if he will provide a current assessment on the dangers faced by the State from hybrid and cyber-attacks on communications infrastructure in the State; and if he will make a statement on the matter. [32367/24]

Eamon Ryan (Dublin Bay South, Green Party)
Link to this: Individually | In context | Oireachtas source

The National Cyber Risk assessment report, published by the NCSC in 2023, examined the systemic cyber risks faced by the State's critical services from a range of threats such as espionage, hybrid and cyber-attacks posed by nation states, criminal actors and hacktivist groups. The report underscored the criticality of communication infrastructure, where disruption in this sector has the potential to lead to cascading impacts in other critical sectors. We saw what the outcome of such an attack could look like by the global IT outage caused by a failed update on Friday last.

Under the NIS1 Directive the NCSC currently oversees the obligations that providers of electronic communications networks have to manage their cyber risks and to prevent and minimise the impacts of cyber incidents. The cyber resilience in the electronic communications sector will be further strengthened under upcoming EU Directives such as NIS2 and CER and the recently enacted Communications Regulation and Digital Hub Agency (Amendment) Act 2023.

The NCSC also fully engaged with the EU "Nevers Call" of 9 March 2022 to focus on the resilience of communications infrastructure. This included the development of risk scenarios across all parts of the communications network infrastructure from subsea cables to satellite systems.

The NCSC will shortly be publishing Ireland’s first national cyber emergency plan, developed over a two-year period following extensive engagement throughout both the public and private sectors, and refined following two simulated emergency exercises in 2022 and 2023. The plan outlines the Government’s approach to serious cyber incidents and describes the process by which a National Cyber Emergency might be effectively declared, managed and co-ordinated, ensuring that stakeholders understand their roles and responsibilities during a cyber emergency.

The NCSC has also established sectoral coordination and response networks in key critical sectors including the telecommunications sector, to enhance situational awareness and incident response.