Malcolm Byrne (Wicklow-Wexford, Fianna Fail)
Link to this: Individually | In context | Oireachtas source

207. To ask the Minister for Enterprise, Trade and Employment the number of actual and attempted cyberattacks on his Department during each of the years 2022, 2023 and 2024, the countries of origin of those attacks; and if he will make a statement on the matter. [14688/25]

Peter Burke (Longford-Westmeath, Fine Gael)
Link to this: Individually | In context | Oireachtas source

There are no successful cybersecurity attacks to report in my Department in the years noted.

The Deputy will readily appreciate that my Department delivers services to the public over the Internet and therefore, like all large organisations, the public facing ICT systems which support this are consequently subject to unsuccessful and opportunistic access attempts on a daily basis.

Attackers frequently hide or obscure their actual location which means that it is generally difficult to reliably determine the point of origin.

In line with best practice, my Department adopts a “defence in depth” approach to cybersecurity protection with a combination of technological controls and processes in place. These controls include policies and practices on system patching and upgrades, penetration testing of internet facing systems, and least privileged access principles based on best practice. We also have an ongoing internal programme to increase staff awareness of cybersecurity risks and best practices. For operational and security reasons, the National Cyber Security Centre (NCSC) advises that public bodies do not disclose details of systems and related projects/ processes as there is a risk that such disclosures could in turn compromise cyber security measures in place in those bodies. This constrains the level of detail which can be put into the public domain in relation to the ongoing programme of work around the Department’s cyber- security arrangements, cyber security tools and services employed.

However, I can advise that my Department conducts ongoing security assessments, penetration testing as well as evaluations against the relevant external specialist guidance and standards, such as the NCSC’s Cyber Security Baseline Standard and the NIS2 Directive which will shortly be transposed into Irish law.