Cybersecurity Policy

In November 2021, the Public Sector Cyber Security Baseline Standard was published by the Minister for the Environment, Climate and Communications. This was a commitment in the National Cyber Security Strategy 2019-2024 and sets out a range of guidance for civil and public service bodies as they continue to work to mitigate the risk of cyber crime and improve resilience of their ICT and digital systems. The Cyber Security Baseline Standards Framework will be used by Public Service Bodies to assess and improve the management of cybersecurity and will allow them to identify, protect, detect, respond to, and recover from an attack, minimising damage and impact. I am happy to advise that the measures in place in my own Department already meets the baseline standard.

It is critical that the State continues to upgrade and improve the resilience of the State’s IT systems across both public and private sectors. This is a global issue and the European Union has put in place specific EU-wide legislation, the Network and Information Security (NIS) directive, to ensure that critical IT systems are subject to a higher standard of cyber-security. Updated legislation is currently being drafted by my colleague Minister Ryan whose Department is responsible for the transposition of the NIS2 Directive in to national law. This new legislation is needed in order to strengthen the security requirements and expand the list of systems and industries that fall under its scope. For the first time this legislation will cover critical public administration activities carried out by the public sector.