Barry Ward (Dún Laoghaire, Fine Gael)
Link to this: Individually | In context | Oireachtas source

70. To ask the Taoiseach and Minister for Defence the position regarding Ireland's preparedness for a significant cyber-attack on his Department's offices and institutions; and if he will make a statement on the matter. [49040/25]

Simon Harris (Wicklow, Fine Gael)
Link to this: Individually | In context | Oireachtas source

In terms of cyber security at national level, the Minister for Justice, Home Affairs and Migration has the lead role with inputs in the security domain from An Garda Síochána and the Defence Forces. The National Cyber Security Centre (NCSC), an operational arm of that Department, is the primary authority responsible for cyber security in the State.

The main roles of the NCSC are to lead in the management of major cyber security incidents across government, provide guidance and advice to citizens and businesses on major cyber security incidents, and develop strong international relationships in the global cyber security community for the purposes of information sharing.

The NCSC encompasses the State's National/Governmental Computer Security Incident Response Team (CSIRT-IE). CSIRT-IE is an internationally accredited response team with its main function being the enhancement of situational awareness for constituents and for the provision of incident response for national cyber security incidents. CSIRT-IE has initially focused on the State sector and acts as a national point of contact for all cyber security matters concerning Ireland.

I can inform the deputy that my Department places a high priority on cyber security and fully cooperates and takes guidance from the NCSC. My Department actively participates in the Government Cyber Security Coordination & Response (GovCORE) network, facilitating information sharing and best practice exchange with other public sector bodies.

My Department’s core IT infrastructure is provided by the Office of the Government Chief Information Officer (OGCIO) under the 'Build to Share Managed Desktop' shared service.

My Department, working with the OGCIO, implements a multi layered defence-in-depth security strategy which is achieved through the effective combination of People, Processes, and Technology to support the implementation of appropriate security measures and provisions. This defence-in-depth security strategy includes the implementation of an extensive Information Security Management System (ISMS) comprising of many security policies and controls, which is aligned and certified to the industry security standard ISO 27001:2022 to address risks from cyber security attacks. These security controls ensure that a consistent and effective approach is adhered to in the management of cyber security threats and incidents.

In the context of the Defence Forces, the Report on the Commission on Defence Forces recommended, and the Government accepted, that the Defence Forces need to be capable of delivering military operations in the cyber domain. To develop this capability, the Defence Forces have established a Joint Cyber Defence Command. This new Command will be capable of conducting the full-spectrum of cyber defence operations at home and overseas, to enhance national cyber defence resilience and contingent capabilities.

From an operational and security perspective, it would not be appropriate for me to comment on specific details of measures taken in relation to cyber security.