Cybersecurity Policy

The National Cyber Security Centre (NCSC), which is part of my Department, plays a central role in defending critical infrastructure and services in the State against cyber attack. The NCSC does this by means of its response function, housed in the Computer Security Incident Response Team (CSIRT), as well as a series of measures to improve the resilience of this infrastructure. These measures include advanced threat intelligence gathering and information sharing, the provision of advice, support and guidance to entities, as well as a formal statutory regime for key critical infrastructure operators under the European Network and Information Security Directive (NIS Directive).

In 2016 and 2017 the NCSC conducted a detailed review of critical infrastructure in the State, including key national and international interdependencies within and between sectors. The results of this were used to inform the process by which key infrastructure operators were designated as Operators of Essential Services under the NIS Directive, in 2018. Since that time, these Operators have been bound to meet a set of cyber security requirements, and to report incidents to the NCSC. The NCSC also audits these entities against compliance with their requirements under European and National law.

The 2019 National Cyber Security Strategy included a commitment to conduct a further risk assessment of critical infrastructure in the State. This assessment has commenced, and will draw on the operational experience garnered by the NCSC in the compliance work on the NIS Directive, and in incident response, as well the experience of international partners. The outcomes of this Risk Assessment process will feed into the national position on the review of the NIS Directive, and will also be used to inform future designations of OES.