Cabinet Committee Meetings

I propose to take Questions Nos. 1 and 2 together.

The committee last met on 8 February and the meeting was attended by Ministers and senior officials from the Departments of Finance; Public Expenditure and Reform; Foreign Affairs and Trade; Justice and Equality; Health; Communications, Climate Action and Environment; Transport, Tourism and Sport; Housing, Planning and Local Government; and Defence. Also in attendance were personnel from the Defence Forces and An Garda Síochána.

The role of Cabinet committee F is to keep the State's systems for the analysis of, preparation for and response to threats to national security under review and provide for high level co-ordination between relevant Departments and agencies on related matters. The Cabinet committee also allows greater ministerial involvement in preparing for and managing major security threats.

Yesterday the National Cyber Security Centre issued a statement on a cyberattack on Departments and agencies over the weekend. According to a report in The Irish Times, the affected websites include those of the HSE, the Oireachtas, safefood and some local authorities. According to the report, cyberattacks have become increasingly common in recent times, particularly on Government websites and IT networks. What action has been taken by the National Cyber Security Centre in response to the latest attacks? We have to accept that it is not just a domestic issue; it is also one that needs an international response. The EU directive on network and information systems is supposed to represent a significant change in how countries in Europe approach cybersecurity and is due to be transposed into Irish law before 9 May. Will that deadline be met?

In recent days the European Committee of Social Rights upheld the right of representative associations of the Defence Forces to better collective bargaining negotiating rights and affiliate to the Irish Congress of Trade Unions. The Government has repeatedly blocked this on the grounds of so-called national security. Yesterday the president of PDFORRA said "the Government fought us every step of the way in respect of this complaint." Is it not the right time to do the right thing and provide proper employee rights for members of the Defence Forces to allow for collective bargaining and affiliation to the ICTU?

I will pick up on the point made by Deputy Eoin Ó Broin on the cyberattack by rogue hackers which infected a number of State agency systems, apparently mining for cryptocurrencies. I do not know how it is done, but I am sure somebody does. The impact is simply the latest manifestation of the vulnerability of State's Internet systems to external attack. Obviously, the data held by organisations such as the HSE, the Oireachtas and local authorities can be very important for citizens. What efforts are under way specifically to deal with the most significant potential assaults on us as a nation? I understand the Defence Forces have only two personnel seconded to the Department of Communications, Climate Action and Environment to deal with this issue on an ongoing basis. Will the Taoiseach give us an indication of the structure and size of the efforts made to combat cyberattacks and maintain cybersecurity in the State? Does he believe it is enough? Do we need a new agency? Are the agencies in existence co-operating well? How could matters be improved and have they been debated?

I have two other brief questions. One concerns foreign interference with our electoral processes. We are aware from what happened overtly in the United States, France and a number of other countries that it is expected that external forces often try to influence the outcome of democratic elections by manipulating opinion online. Do we have any defence mechanism against this or is it something that is on the Government's agenda?

My third question is on a point I raised some time ago. The Taoiseach might have had an opportunity to reflect on it. If not, he might come back to me on it. In the event of a national crisis, we issue a red alert. We did it in the case of Storm Ophelia and there was a lot of confusion about what exactly it meant. The Government task force on emergency planning was to have submitted a document in January for consideration by the Government. That is what we were told at the end of last year about a national standard response that was expected when a red alert was declared.

Was that report submitted to the Government in January and will the Government issue national guidelines on how to handle a red alert?

On 22 May last year, the Taoiseach's predecessor said that the date and any element of the national security meetings should be kept confidential. The Taoiseach has obviously changed this approach by tweeting the date and attendance of a meeting. What is the current position on the public status of the committee? Has the Government moved to a system where the dates and rotating attendance, as opposed to the fixed membership, will be public? On several occasions the Taoiseach has said he wants to take time to examine what has been undertaken to neutralise cyberattacks which have been identified in the national risk as a threat of the highest level. Has there been any progress on this measure? Have any new steps been taken to join with groupings of European countries working together to identify and fend off cyberattacks?

The Government recently opposed a Private Member's Bill introduced by Deputy Lawless which dealt with addressing the threat to democratic debate posed by illegally funded disinformation campaigns using social media. This makes Ireland an outlier in Europe in saying that it is not interested in taking legislative action to protect its basic electoral financing and transparency laws. Given what he heard in Davos and from the Prime Minister of Estonia, whose democracy is under constant attack, will he reverse this position and support Deputy Lawless's Bill?

I will start by responding to the questions about cyberattacks and cyberterrorism. The director of the National Cyber Security Centre attended the Cabinet subcommittee meeting last week and gave us a presentation on the work of that centre, what is being done and what more needs to be done. Deputies will understand why I cannot disclose what is being done and what more needs to be done. It is a relatively new centre, based in University College Dublin, UCD, and has approximately 20 members of staff. It is fair to say there are real risks to information and data held by public bodies such as the HSE, the Revenue Commissioners and the Department of Employment Affairs and Social Protection when it comes to cybersecurity and cyberattacks. We saw the impact of the WannaCry attack on the National Health Service, NHS, which thankfully we avoided in Ireland. Given the many technology companies and data centres based in Ireland, we do have a particular responsibility to enhance and increase our actions in this area.

On the cyberattacks, over recent years, having identified cybersecurity as an issue of national importance, we have steadily been building our cybersecurity capacity to ensure the State is protected against threats of security, confidentiality, integrity and availability of the network and information systems of critical national infrastructure operators and providers. The Department of Communications, Climate Action and Environment published a national cybersecurity strategy 2015-17. That formally established the National Cyber Security Centre, which is now up and running. It is focused on the protection of critical national information infrastructure in sectors such as energy, health care, financial services, transport, drinking water supply, digital infrastructure and communications. Recent cybersecurity incidents that have occurred globally were responded to and contained in Ireland but there was no cause for complacency. By comparison with other jurisdictions the impact in Ireland has been limited.

Significant progress has been made in transposing the EU directive on the security of network and information systems. That includes measures such as establishing a list of potential operators of essential services, OES, and the Department has published a consultation paper on the proposed security measures and incident reporting guidelines that these entities, once formally designated, will have to meet. It will be on them and their obligation to provide such security but we will oversee it. Work is progressing on the second area of legislation regarding the transposition of the directive and that will be finalised in quarter 1 of this year. The current threat assessment for Ireland continues to be moderate. That is, an attack is considered possible but not likely.

The European Committee on Social Rights has considered a complaint submitted in 2014 by the European Organisation of Military Associations, EUROMIL, on behalf of the Permanent Defence Force Other Ranks Representative Association, PDFORRA, concerning the lack of certain rights for military representative associations in Ireland. Having considered the submissions made in 2015 and early 2016, the committee published its findings yesterday. The committee concluded that prohibiting military personnel from the right to strike was not a breach of the European Social Charter but that the charter was breached in prohibiting the representative associations from affiliating with the national employee organisations such as the Irish Congress of Trade Unions, ICTU, and in respect of the right to bargain collectively. The Government acknowledges the committee's findings and specifically the conclusion that the prohibition on the right to strike for members of the Defence Forces is not a violation of the European Social Charter. The taking of any form of industrial action is irreconcilable with military law, which is critically important for security and for the Defence Forces so that they are not restricted in undertaking their operations.

Since the submissions which were the basis for the decision were made, the Government has taken steps to begin to deal with these issues. The representative associations were invited to make submissions to the Public Service Pay Commission and were involved in the most recent pay negotiations that led to the Lansdowne Road agreement or its latest iteration. The Minister of State with responsibility for defence, Deputy Kehoe, has commenced a review of the Defence Forces conciliation and arbitration scheme. That is being chaired by Mr. Gerard Barry and PDFORRA is participating in that. At the Minister of State's direction, the terms of reference require that the review now consider the committee's findings from yesterday. This is the appropriate forum in which to consider the issues that arise from the committee's decision. The Minister of State has also recently announced a review of the schemes and an initial meeting with the parties to the scheme will take place on 26 February 2018. The committee's findings will be considered as part of that approach.