Malcolm Byrne (Wicklow-Wexford, Fianna Fail)
Link to this: Individually | In context | Oireachtas source

220. To ask the Minister for Education and Skills the number of actual and attempted cyberattacks on her Department during each of the years 2022, 2023 and 2024, the countries of origin of those attacks; and if she will make a statement on the matter. [14687/25]

Malcolm Byrne (Wicklow-Wexford, Fianna Fail)
Link to this: Individually | In context | Oireachtas source

225. To ask the Minister for Education and Skills the total sum spent on cybersecurity measures within her Department during each of the years 2022, 2023 and 2024. [14669/25]

Helen McEntee (Meath East, Fine Gael)
Link to this: Individually | In context | Oireachtas source

I propose to take Questions Nos. 220 and 225 together.

My Department takes the issue of cyber security very seriously. The Information Communications Technology Unit, within my Department, takes a whole-of-team approach to protect my Department's data and IT systems. Departmental staff are supported in this function by IT security vendors and third-party support companies.

The National Cyber Security Centre (NCSC) is an operational arm of the Department of Environment, Climate and Communications (DECC), and is the primary cyber security authority in the State. The NCSC provides a range of cybersecurity services to operators of Critical National Infrastructure, Government Departments and Agencies.

My Department's cyber security protocols are supported by the work of the NCSC and the national computer security incident response team, CSIRT, which provides early warnings, alerts, announcements and dissemination of information about risk and incidents to my Department.

My Department has previously been advised by the National Cyber Security Centre (NCSC) that, for security reasons, not to disclose details of its cyber security operations (including details of commercial relationships, audits/exercises and expenditure) which could in any way compromise the Department’s information security posture. In particular, it is not considered appropriate to disclose any information, which might assist malicious actors to identify potential vulnerabilities.