Cybersecurity Policy

Since the cyber attack I have spoken on a very regular basis with the Chief Executive Officer of Tusla, Bernard Gloster. I have had a lengthy engagement wth the Chair of the Board, Pat Rabbitte. I have not had a separate meeting with the entire Board of Tusla on this matter because I am satisfied that it is being handled appropriately in other ways.

My most recent meeting with the Board was my quarterly meeting on the 13th April, before the ransomware attack occurred. However, I can assure the Deputy that the Board has been fully briefed by the CEO, which is the normal approach.

The CEO of Tusla is providing daily verbal updates to the Chair of the Board and the Chair of the Organisational Development Committee as the situation evolves and he has also provided a number of written updates to the Board.

My officials are in daily contact with Tusla since being alerted to the attack on 14 May, to ensure risks can be mitigated as much as possible and frontline services can be maintained. The Deputy will no doubt recall the detailed oral briefing from the CEO of Tusla and the many issues discussed with him in our call on Friday last, 21 May.

The Deputy will also have received the letter issued by the Tusla CEO to members of the Oireachtas Committee on Children, Disability, Equality and Integration on the same day which outlined the actions taken by the Agency since the attack.

The containment shut down actioned by Tusla on the 14th May was taken as a security measure, given that many of Tusla's key systems and some legacy and corporate systems are hosted on the HSE network. Nonetheless, the consequent disruption and impact on service delivery and the potential exfiltration of individuals' highly sensitive and personal information has been of great concern to me.

My priority, and that of Tusla, is to ensure that the critical services and supports for the protection, welfare and care of our children continue to operate within these very challenging circumstances.