I propose to take Questions Nos. 34, 39, 47 and 50 together.
As we have all seen from recent incidents, Cyber security is an issue with very significant implications for governmental administration, for industry, for economic wellbeing and for the security and safety of citizens. It is a standing item on the agenda of the Government Task Force on Emergency Planning which I Chair where it is always a key topic of discussion.
The response to cyber threats is a whole-of-Government challenge, with the Department of Environment, Climate and Communications taking the lead role and with inputs in the security domain from An Garda Síochána and the Defence Forces.
The National Cyber Security Centre, which is part of the Department of Environment, Climate and Communications, is the primary authority responsible for cyber security in the State, including incident response, cyber resilience and information provision. While the primary role of the Defence Forces with regard to Cyber Security relates to the defence and security of its own networks and systems, the Department of Defence and the Defence Forces are committed to participating, under the leadership of the Department of Environment, Climate and Communications, in the delivery of measures to improve the Cyber Security of the State. This is being done in line with the Programme for Government commitment to implement the National Cyber Security Strategy, recognizing the potential and important role of the Defence Forces.
Department officials and members of the Defence Forces are actively involved in the implementation of the National Cyber Security Strategy which, in conjunction with the White Paper on Defence 2015, will continue to inform our engagement in this critical area. This includes work to develop an updated, detailed risk assessment of the current vulnerability of all Critical National Infrastructure and services to cyber-attacks and the secondment of a member of the Defence Forces to the Cyber Security Centre of Excellence in Tallinn, Estonia. My Officials are also part of the steering group developing a Baseline Cyber Security Standard for Government Departments and Agencies, they participate in the UK-Ireland Critical National Infrastructure Cyber Cooperation Working Group and my officials also actively participate on the Inter-Departmental Committee overseeing the overall implementation of the National Cyber Security Strategy.
In addition, the Department of Defence and the Defence Forces have a Memorandum of Understanding and a Service Level Agreement with the Department of Environment, Climate and Communications to provide support in the area of national cyber security. The overall aim is to improve the cyber security of the State through various types of assistance and support while also ensuring the operational requirements of the Defence Forces are prioritised, including the ongoing sharing of information and analyses of risks.
Regarding the major cyber-attack on the HSE, the National Cyber Security Centre in Minister Ryan’s Department of Environment, Climate and Communications is the national response authority for cybersecurity incidents. The full resources of the Centre have been committed to supporting the HSE in its response to the cyberattack and the Centre is also liaising with international partners and third party contractors. This work has continued intensively since the incident took place with the focus on bringing the HSE’s systems back online as soon as possible. I am pleased to note that the Defence Forces have also been part of the national effort to support the HSE.
While it would be inappropriate for me to comment on the specific cyber activities and the resourcing of same by the Defence Forces, for both security and operational reasons, I can inform the Deputy that the priority for the Defence Forces Communications and Information Services Corps is the protection of the Defence Forces Communications Network. DF Cyber capability is focused on Defence Networks and information systems, Incident Response and Resolution, Education and Capability Development, increasing Cyber awareness among DF personnel and Strategic Relationship Development. Also of note is that the Defence Forces have established a Computer Incident Response Team/ Information Assurance (CIRT)/IA section.
Finally, I would note that the independent Commission on the Defence Forces is examining Defence Force Capabilities, Structures and Staffing in a number of areas and it is expected that a report will be produced for consideration by the Government before the end of the year.
