Sinéad Gibney (Dublin Rathdown, Social Democrats)
Link to this: Individually | In context | Oireachtas source

3417. To ask the Minister for Education and Skills whether his Department has a policy or goal of better insourcing of IT requirements and needs of the Department for better cybersecurity, autonomy, and crisis management; and if he will make a statement on the matter. [43679/25]

James Lawless (Kildare North, Fianna Fail)
Link to this: Individually | In context | Oireachtas source

The Department of Education and Youth (DEY) provide direct ICT services to my Department on a shared service basis under the terms of a Memorandum of Understanding (MOU). This includes leading on the provision of ICT infrastructure, networks and cybersecurity.

DEY have confirmed that it does not have a policy or a goal with regard to the in-sourcing of ICT requirements. DEY's Chief Information Officer division provides digital and ICT services to my Department, as a shared service and facilitates wider shared service provision to the sector.

ICT and digital are pivotal to the delivery of education and training, research and innovation and related support services across the sector. DEY's ICT services are provided by civil servants, external contractors and service providers who have the necessary technical expertise and equipment to deliver these services.

DEY’s cybersecurity defences are supported by the work of the National Cyber Security Centre (NCSC) and the national computer security incident response team (CSIRT), which provides early warnings, alerts, announcements and dissemination of information about risks and incidents to the Department.

My Department and DEY have previously been advised, for security reasons, not to disclose details of its cybersecurity operations which could in any way compromise the Department’s information security posture.

In particular, it is not considered appropriate to disclose any information, which might assist malicious actors to identify potential vulnerabilities.