Skip to main content
Normal View

Cybersecurity Policy

Dáil Éireann Debate, Wednesday - 19 January 2022

Wednesday, 19 January 2022

Questions (402, 403, 404, 405)

Alan Kelly

Question:

402. Deputy Alan Kelly asked the Minister for Public Expenditure and Reform the way Departments and the public service have responded to vulnerabilities in computers, other devices, servers and network systems (details supplied); when this was first raised as an issue; the actions that have been taken; if a crisis meeting was held to address the matter; and if he will make a statement on the matter. [2233/22]

View answer

Alan Kelly

Question:

403. Deputy Alan Kelly asked the Minister for Public Expenditure and Reform if Departments or public service computer, device or network systems were compromised due to a computer system vulnerability (details supplied); if online or other services stopped working due to same; if so, the details of such incidents; and if he will make a statement on the matter. [2234/22]

View answer

Alan Kelly

Question:

404. Deputy Alan Kelly asked the Minister for Public Expenditure and Reform the costs to date of addressing a computer systems vulnerability (details supplied); if this issue has been resolved; if specialist teams were established, recruited or contracted to address the issue; if additional resources were procured; if so, the details and costs of same; and if he will make a statement on the matter. [2235/22]

View answer

Alan Kelly

Question:

405. Deputy Alan Kelly asked the Minister for Public Expenditure and Reform the number of computers and devices impacted in Departments and the public service by a computer system vulnerability (details supplied); if data was compromised; the number of servers that were impacted; if the issues have been resolved; and if he will make a statement on the matter. [2236/22]

View answer

Written answers

I propose to take Questions Nos. 402 to 405, inclusive, together.

In relation to my Department, I wish to advise that ICT services for my Department are provided by the Office of the Government Chief Information Officer (OGCIO) which is a division of the Department of Public Expenditure and Reform.  Information relating to services provided and or responses initiated to events in other Departments should be directed to these Departments.

My Department implements a multi-layered approach to cyber security and to protecting ICT systems, infrastructures, and services.  The threat landscape is constantly evolving and significant effort is expended to continually enhance and strengthen ICT security to mitigate against emerging threats, risks, vulnerabilities and cyber security issues. In addition to deploying intrusion protection systems, software vulnerabilities are managed by maintaining up-to-date versions.

The vulnerability referenced in the question was identified by my Department on Friday 10 December. In accordance with current standard operational procedures my staff immediately began to examine the Department’s internal and external facing systems in a coordinated fashion to identify potential vulnerabilities.  Vendors of key software applications, equipment, and services were consulted to identify any potential issues with their applications, equipment or services. The recommendations that were detailed in advisory alerts issued by the National Cyber Security Centre on the vulnerability were followed which included checking through system logs for exploits and ensuring that mitigation measures such as applying security patches were put in place.

There were no unplanned stoppages of my Department’s online or other services and there is no evidence to indicate that any computers, devices or services were compromised by the vulnerability.

No additional costs have arisen to date to address the vulnerability. As the vulnerability was investigated and addressed where necessary by existing Department resources and under existing support arrangements, there was no need for additional dedicated specialist teams to be established, recruited or contracted.

Question No. 403 answered with Question No. 402.
Question No. 404 answered with Question No. 402.
Question No. 405 answered with Question No. 402.
Top
Share