Dáil Éireann Debate, Wednesday - 26 May 2021
52. Deputy Catherine Murphy asked the Taoiseach if a schedule will be provided of IT and email security costs incurred over the past five years to date; and the contractor engaged to deliver the services and or system. [27422/21]
View answer53. Deputy Fergus O'Dowd asked the Taoiseach if his Department is fully compliant with GDPR EU requirements, the EU network and Information Security Directive and standards with respect to his Department’s IT infrastructure including Article 29 of GDPR which requires that data processors access only the data they need for their task; if ISO 27001 Annex 9 standards on privileged access are fully met. [27437/21]
View answer54. Deputy Fergus O'Dowd asked the Taoiseach if any State or semi-State bodies which report to his Department are fully compliant with GDPR EU requirements and the EU network and Information Security Directive and standards with respect to their IT infrastructure including article 29 of GDPR which requires that data processors access only the data they need for their task; and if ISO 27001 annex 9 standards on privileged access are fully met. [27438/21]
View answer57. Deputy Bernard J. Durkan asked the Taoiseach his plans to upgrade the IT system in his Department and bodies under his aegis with a view to maximising the protection against hackers. [28694/21]
View answer58. Deputy Bernard J. Durkan asked the Taoiseach if additional security measures will be taken to impede and prevent the intrusion of hackers in his Department’s IT system and to ensure an early warning system is in place which will trigger an ultimate defence. [28712/21]
View answer59. Deputy Sean Sherlock asked the Taoiseach if there is a policy of data back-up in the operations of his Department and all agencies under his remit. [28126/21]
View answer60. Deputy Peadar Tóibín asked the Taoiseach the investment made by his Department and State agencies under its remit in each year in cyber security for the past ten years. [28851/21]
View answerI propose to take Questions Nos. 52, 53, 54, and 57 to 60, inclusive, together.
My Department implements a security-by-design and defence-in-depth approach to cyber security.
The Government’s services are still actively involved in managing and remediating the recent cyberattack on the HSE. Our technical staff continue to operate and monitor all relevant systems to the highest levels, and are closely engaged with experts in the OGCIO and the NCSC to ensure that we follow best practice as it relates to all aspects of cyber security and information security, including data backup.
For operational and security reasons, we are advised by the NCSC not to disclose details of systems and processes which could in any way compromise those efforts. In particular, it is not considered appropriate to disclose information which might assist criminals to identify potential vulnerabilities in departmental cyber security arrangements. Therefore, it is not considered appropriate to disclose particular arrangements in place in relation to cyber security tools and services and my Department does not comment on operational security matters.
My Department has policies and procedures in place, which are kept under review, to ensure the protection of departmental records in line with GDPR requirements.
