I understand that the Deputy is interested in cyber security arrangements for my Department and a number of Bodies under the Aegis of my Department, namely the National Treasury Management Agency (NTMA), the Central Bank, the Financial Services Ombudsman and the Office of the Revenue Commissioners.
In relation to my Department, I wish to advise that ICT services are provided by the Office of the Government Chief Information Officer (OGCIO) under the Department of Public Expenditure and Reform. On behalf of my Department, the OGCIO implements a multi-layered approach to cyber security and to protecting ICT systems, infrastructures, and services. The threat landscape is constantly evolving and significant effort is expended to continually enhance and strengthen ICT security to mitigate against emerging threats, risks, vulnerabilities and cyber security issues. In addition to deploying intrusion protection systems, software vulnerabilities are managed by maintaining up-to-date versions. OGCIO also continues to work closely with the National Cyber Security Centre (NCSC). The NCSC is a division of the Department of Communications, Climate Action & Environment and encompasses the State's national/governmental Computer Security Incident Response Team (CSIRT-IE).
In relation to the Bodies under the Aegis of my Department as requested, I am advised of the following responses from three of the Bodies as set out as follows. It was not possible for the National Treasury Management Agency to provide the information sought in the time available and therefore I will make arrangements to provide the outstanding information in line with Standing Orders.
Central Bank of Ireland
The Central Bank does not comment on its IT security arrangements. The Bank actively monitors potential threats and implements measures wherever possible to prevent threats to its information security.
Financial Services Ombudsman Bureau/ Financial Services Ombudsman Council
The Financial Services Ombudsman’s Bureau and the Financial Services Ombudsman’s Council apply a multi-layered strategy to cyber-security. The threat landscape is constantly evolving and significant effort is expended to continually enhance and strengthen ICT security to mitigate against emerging threats, risks, vulnerabilities and cybersecurity issues. In addition to deploying intrusion protection systems, software vulnerabilities are managed by maintaining up-to-date versions.
Office of the Revenue Commissioners
Revenue implements a very comprehensive approach to cyber security to protect technical infrastructure, taxpayer data and services. Revenue Data centres operate at and are independently audited to the ISO27001 standard for IT security and ISO22301 for business continuity. Security is fundamental to all of our online services and built-in to all our systems from the design stage. Amongst the numerous initiatives taken to reduce the risk are the careful design of hardware and software architectures, firewalls, intrusion protection systems, penetration testing, hardening of operating systems and maintaining software patch levels etc. As a result of this integrated approach, it is very difficult to specifically cost the spending on cyber security on an annual basis.
IT security is a key role for all Revenue IT staff. Revenue has a number of specialised technical teams that constantly monitor all systems and evaluate the dangers posed by new and existing threats and take appropriate actions as required. These Revenue ICT staff also work closely with the National Cyber Security Centre (NCSC) and the OGCIO in evaluating the threat landscape.
The following deferred reply was received under Standing Order 42A
As I indicated in my response, it was not possible for the National Treasury Management Agency (NTMA) to provide the information sought in the time available. The NTMA has since advised that cyber security is an area of particular focus to its operations. Reflecting this, the NTMA bases a high priority on cyber security, which forms an integral part of the Agency's business continuity planning and IT infrastructure investments. NTMA operates standard industry protocols to take account of known threats. Its systems are monitored on a continuous basis by both internal and external experts. NTMA has a dedicated cyber security team which has been in place throughout the period referenced in the Deputy's question. Please note the NTMA provides cyber security support to NAMA and the SBCI.