Telecommunications Infrastructure

I am advised that the operators of subsea telecommunications cables are subject to the provisions of the Authorisation Regulations (SI 335 of 2011) and must notify the Communications Regulator (ComReg) of their intention of providing such a service. They are bound by the conditions of their General Authorisation which includes the condition to take all measures necessary to ensure the security of Public Electronic Communications Networks against unauthorised access, as well as to comply with all applicable national and EU legislation regarding personal data and privacy protection.

Under Regulation 23 of SI 333 of 2011 (Framework Regulations), undertakings providing public communications networks or publicly available electronic communications services shall take appropriate technical and organisational measures to appropriately manage the risks posed to security of networks and services. In particular, measures shall be taken to prevent and minimise the impact of security incidents on users and interconnected networks. Networks in this context can include subsea cables. This legislation is to be updated in the context of both the transposition of the European Electronic Communications Code, as well as the proposed revised Directive on Security of Network and Information Systems (the NIS 2 Directive). Recital 51 of the European Commission’s proposed NIS 2 Directive on measures for a high common level of cybersecurity across the EU states that submarine communications cables are to have appropriate cybersecurity measures in place. In that respect, the obligation on undertakings will continue under the new legislative framework.

As part of the development of the 2015 White Paper on Defence, the Department engaged in a broad-ranging consultation process, including with all other Departments. At that time the Department of the Communications, Energy and Natural Resources outlined that resilience is built into the system to mitigate against any damage to submarine cables. High capacity and multiple routes provide resilience in the event of route failure. Business Continuity Planning is of interest to all major international corporations. Where damage has occurred to a cable in the past, the operators have shared a cable while repairs are made. Under the National Cyber Security Strategy, an updated detailed risk assessment of the vulnerability of all Critical National Infrastructure and services to cyberattack is being performed.

The Defence Forces are aware of active subsea fibre optic cables landing on the island of Ireland. While these may present strategic locations for marine counter terrorism, the locations and security of these telecommunication resources does not rest with the Defence Forces. As any threat to these installations would be considered an on-island domestic security matter the responsibility rests with An Garda Síochána.