Dáil Éireann Debate, Tuesday - 20 September 2022
155. Deputy Alan Dillon asked the Minister for the Environment, Climate and Communications the details of the missions that are undertaken by the National Cyber Security Centre; and if he will make a statement on the matter. [34216/22]
View answer156. Deputy Colm Burke asked the Minister for the Environment, Climate and Communications the details of the changes that have occurred within the National Cyber Security Centre since the illegal Russian war in Ukraine; and if he will make a statement on the matter. [33653/22]
View answerI propose to take Questions Nos. 155 and 156 together.
The National Cyber Security Centre (NCSC), a unit within my Department, is the lead Government agency with respect the cyber security and resilience of public bodies and essential services. The 2015 National Cyber Security Strategy formally established the functions of the NCSC as being “… to lead in the management of major cyber security incidents, provide guidance and advice to citizens and businesses, and manage cyber security related risks to key services”.The mandate of the NCSC broadly covers the following three missions:
- Incident response, including coordinating the national response to a major cyber security incident;
- Resilience, i.e. working with public bodies and critical infrastructure to prevent and mitigate cyber security incidents;
- Information sharing and support.
The NCSC works closely with the Defence Forces and An Garda Síochána, and with counterparts in the UK, US, the EU and its Member States, as well as partners other like-minded States, to share information on incidents, risks and threats. The NCSC has been operating at an enhanced state of readiness in response to the deterioration in the global cyber threat environment associated with Russia's latest invasion of Ukraine in February of this year.
The NCSC continues to monitor the threat of cyber security incidents affecting Irish public services and critical infrastructure including spillover impacts from incidents occurring outside the State. The NCSC considers that the threat to Ireland is moderate and is engaging on an ongoing basis with constituents including Government Departments and state agencies, operators of essential services, critical infrastructure operators and other important entities. It is worth highlighting that in addition to the threat of cyber security incidents associated with the war in Ukraine, there remains a very considerable threat from international cyber criminal gangs of financial fraud, theft of sensitive or personal data, or ransomware. Recognising that the risk of debilitating cyber security incident has increased, the NCSC has in recent months introduced a number of new supportive measures for its constituents. This is in addition to the frequent information sharing that occurs on both a general and sectoral basis with NCSC constituents. In addition to publishing a detailed threat assessment, the NCSC has published a Cyber Vitals checklist to assist entities in assessing their cyber security maturity and address any areas of concern.
The NCSC has also published guidance on Securing Operational Technology, and these and other guidance documents are available on the NCSC website. The NCSC has recently established a CORE network bringing together IT security managers from across the public sector to facilitate sharing of information and good practices. Building on the Baseline Cyber Security Standard for Public Bodies published last year the NCSC is currently working with the Office of the Government Chief Information Officer to develop cyber security procurement guidelines to support public bodies.
