Malcolm Byrne (Wicklow-Wexford, Fianna Fail)
Link to this: Individually | In context | Oireachtas source

163. To ask the Taoiseach and Minister for Defence the number of actual and attempted cyberattacks on his Department during each of the years 2022, 2023 and 2024, the countries of origin of those attacks [14686/25]

Simon Harris (Wicklow, Fine Gael)
Link to this: Individually | In context | Oireachtas source

In 2020, my Department migrated its core IT infrastructure to the Office of the Government Chief Information Officer (OGCIO) under the 'Build to Share Managed Desktop' shared service. 

My Department working with the OGCIO implements a multi layered defence-in-depth security strategy which is achieved through the effective combination of People, Processes, and Technology to support the implementation of appropriate security measures and provisions. This defence-in-depth security strategy includes the implementation of an extensive Information Security Management System (ISMS) comprising of many security policies and controls, which is aligned and certified to the industry security standard ISO 27001:2022 to address risks from cyber security attacks. These security controls ensure that a consistent and effective approach is adhered to in the management of cyber security threats and incidents.

With the threat landscape constantly evolving, a significant effort is expended to continually enhance and strengthen ICT security to mitigate against emerging threats, risks, vulnerabilities and cybersecurity attacks. With this increased sophistication and complexity, the cyber criminals have become very proficient at masking their activity. As a result, it is not always possible to determine the country of origin of attacks with any certainty. My Department under the OGCIO  provided Build To Share Service is subject to continuous and ongoing cyber-attacks on an hourly basis which are intercepted at different levels of our multi layered defence-in-depth approach, including outside our perimeter. Therefore, while it is not possible to provide the exact number of cyber attacks on my Department, I can say that these routinely run to tens of thousands each year  for all clients within the Build to Share Service as advised by the OGCIO.

Malcolm Byrne (Wicklow-Wexford, Fianna Fail)
Link to this: Individually | In context | Oireachtas source

164. To ask the Taoiseach and Minister for Defence the total sum spent on cybersecurity measures within his Department during each of the years 2022, 2023 and 2024. [14668/25]

Simon Harris (Wicklow, Fine Gael)
Link to this: Individually | In context | Oireachtas source

In 2020, my Department migrated its core IT infrastructure to the Office of the Government Chief Information Officer (OGCIO) under the 'Build to Share Managed Desktop' shared service.

My Department working with the OGCIO implements a multi layered defence-in-depth security strategy which is achieved through the effective combination of People, Processes, and Technology to support the implementation of appropriate security measures and provisions. This defence-in-depth security strategy includes the implementation of an extensive Information Security Management System (ISMS) comprising of many security policies and controls, which is aligned and certified to the industry security standard ISO 27001:2022 to address risks from cyber security attacks. These security controls ensure that a consistent and effective approach is adhered to in the management of cyber security threats and incidents.

For operational and security reasons, my Department has been advised by the National Cyber Security Centre not to disclose details of systems and processes which could in any way compromise the Department's cybersecurity efforts. In particular, it is not considered appropriate to disclose any information which might assist criminals to identify potential vulnerabilities in cybersecurity arrangements in my Department or the bodies under its aegis. Therefore, it is not possible to provide the particular information requested by the Deputy on spend or any information in relation to cyber security tools and services or operational security matters.