The Department of Education and my Department have a shared service on ICT.
This includes managing cyber-security matters, audits, and ICT-related consultancies. The services provided to my Department and the Department of Education include cyber security defences, which are supported by the work of the National Cyber Security Centre (NCSC) and the national computer security incident response team, CSIRT, which provides early warnings, alerts, announcements and dissemination of information about risks and incidents to both Departments.
The NCSC, which is located within the Department of Communications, Climate Action and Environment, is the primary cyber security authority in the State. The NCSC provides a range of cyber security services to operators of critical national infrastructure, Government Departments and agencies.
There are a number of robust measures in place to protect the security of the IT systems and infrastructure of both the Department of Education and my Department. These measures are reviewed and updated on a regular basis.
The Departments have previously been advised by the NCSC, for security reasons, not to disclose details of its cyber security operations (including details of commercial relationships, audits/exercises and expenditure) which could in any way compromise either Department’s information security posture. In particular, it is not considered appropriate to disclose any information, which might assist malicious actors to identify potential vulnerabilities.