Cybersecurity Policy

The National Cyber Security Centre (NCSC) last year underwent a detailed external Capacity Review, leading to a Government Decision in July 2021 which committed to a roadmap of measures to grow its resources and capability. In addition, my Department is engaging with national stakeholders to develop a policy paper on legislation to define the future mandate, functions and powers of the NCSC. It is intended that this policy paper will be agreed by end 2022 leading to the drafting of Heads of a Bill in 2023.In line with the recommendation from the Capacity Review and building on the Post Incident Review of the NCSC's response to the HSE incident, the NCSC has developed a new National Cyber Emergency Plan. This plan replaces the previous Critical National Incident Response Plan and sets out a whole of Government response process to serious national cyber incidents. The plan includes categorisation criteria for incidents and sets out the roles and responsibilities for various stakeholders, as well as an escalation process for various incident types. This Plan has been shared with all relevant stakeholders and will be subject to ongoing review and update. The NCSC has been operating at a heightened state of preparedness in response to the Russian invasion of Ukraine. The NCSC continues to work closely with the Defence Forces and the Garda Síochána and is in frequent contact with operators of critical infrastructure and services to monitor for possible malicious cyber activity. In addition, the NCSC is in ongoing contact with its counterparts in the EU, the UK, the US and other countries to share information and to monitor possible threats. The NCSC has issued a number of guidance and support documents recently, including a detailed Advisory Note and a ‘Cyber Vitals’ check list. This Advisory detailed a cyber risk assessment and appropriate advice regarding the ongoing situation in Ukraine. These documents are publicly available on the NCSC website ncsc.gov.ie/news/.