Tuesday, 27 July 2021

Questions (490, 491, 492, 493)

Gary Gannon

Question:

490. Deputy Gary Gannon asked the Minister for Public Expenditure and Reform the role and powers of the Office of the Government Chief Information Officer in relation to information security throughout Government Departments and public agencies. [41402/21]

View answer

Gary Gannon

Question:

491. Deputy Gary Gannon asked the Minister for Public Expenditure and Reform the service framework, governance framework and technical framework recommended by the Office of the Government Chief Information Officer prior to the HSE ransomware attack. [41403/21]

View answer

Gary Gannon

Question:

492. Deputy Gary Gannon asked the Minister for Public Expenditure and Reform the service framework, governance framework and technical framework recommended by the Office of the Government Chief Information Officer since the HSE ransomware attack. [41404/21]

View answer

Gary Gannon

Question:

493. Deputy Gary Gannon asked the Minister for Public Expenditure and Reform if the Government Chief Information Officer has any responsibilities in relation to national defence and security. [41405/21]

View answer

Written answers (Question to Public)

I propose to take Questions Nos. 490 to 493, inclusive, together.

The Office of the Government CIO (OGCIO), which is a division in my Department, is responsible for developing and implementing the Public Sector ICT Strategy and providing guidance, support and advice on a number of fronts. It ensures an integrated approach to the exploitation of ICT including, accelerating the delivery of digital services across all Departments and Public Service Bodies. The direction, support and guidance given by the OGCIO does not lessen the accountability of organisations which continue to be directly responsible for the effective and appropriate delivery of secure digital and ICT related initiatives.

The OGCIO in its role as a service provider to a number of Public Sector Bodies implements a multi-layered defence-in-depth approach to cybersecurity and to protecting ICT systems, infrastructures, and services and have developed an Information Security Management System (ISMS) aligned with the industry security standard ISO27001. This ISMS provides an overall governance framework for information security and sets out security policies, objectives, management oversight, practices and governance and ensures continual improvement of information security management. OGCIO’s defence-in-depth security strategy is achieved by utilisation of people, processes, and technology to support the implementation of ICT security services was in place before, and continues to be in place since, the HSE Ransomware attack.

The threat landscape is constantly evolving and significant effort is expended to continually enhance and strengthen ICT security to mitigate against emerging threats, risks, vulnerabilities and cybersecurity issues. In addition to deploying perimeter security measures, such as intrusion protection systems, software vulnerabilities are managed by maintaining up-to-date versions and aggressively deploying updates and patches to endpoints and applications as they become available. OGCIO also continues to work closely with the National Cyber Security Centre (NCSC), in particular with regard to security strategy. The NCSC is a division of the Department of Communications, Climate Action & Environment and encompasses the State's national/governmental Computer Security Incident Response Team (CSIRT-IE). The NCSC works collaboratively with the Defence Forces, An Garda Síochána and the National Security Analysis Centre (NSAC) in the Department of the Taoiseach.

Question No. 491 answered with Question No. 490.
Question No. 492 answered with Question No. 490.
Question No. 493 answered with Question No. 490.