I propose to take Questions Nos. 52, 53, 54, and 57 to 60, inclusive, together.
My Department implements a security-by-design and defence-in-depth approach to cyber security.
The Government’s services are still actively involved in managing and remediating the recent cyberattack on the HSE. Our technical staff continue to operate and monitor all relevant systems to the highest levels, and are closely engaged with experts in the OGCIO and the NCSC to ensure that we follow best practice as it relates to all aspects of cyber security and information security, including data backup.
For operational and security reasons, we are advised by the NCSC not to disclose details of systems and processes which could in any way compromise those efforts. In particular, it is not considered appropriate to disclose information which might assist criminals to identify potential vulnerabilities in departmental cyber security arrangements. Therefore, it is not considered appropriate to disclose particular arrangements in place in relation to cyber security tools and services and my Department does not comment on operational security matters.
My Department has policies and procedures in place, which are kept under review, to ensure the protection of departmental records in line with GDPR requirements.