Dáil Éireann Debate, Thursday - 15 June 2023
114. Deputy Bernard J. Durkan asked the Minister for the Environment, Climate and Communications the extent to which priority can be given to measures to offset and combat cyber-attacks in the future; the extent to which this issue is being raised at Council of Minister meetings in Brussels; and if he will make a statement on the matter. [28841/23]
View answer126. Deputy Alan Farrell asked the Minister for the Environment, Climate and Communications to provide an update on Ireland cybersecurity infrastructure; and if he will make a statement on the matter. [28872/23]
View answerI propose to take Questions Nos. 114 and 126 together.
The National Cyber Security Strategy 2019-2024 is a whole-of-Government strategy to address the growing threat of cyber security incidents, to ensure Ireland can benefit fully from the digital transformation. The Strategy includes 20 separate measures to safeguard public sector networks and essential services, to support the development of Ireland's cyber security industry and ensure we play our part in defending a free, open, secure and stable cyberspace. The implementation of the Strategy is monitored by a high-level interdepartmental group chaired by my Department. I am pleased to report that significant progress has been made in implementing the Measures set out in the Strategy, with the majority of Measures now completed.
My Department has recently conducted a Mid-Term Review of the Strategy which will be considered by Cabinet and published thereafter. This review has been informed by a public consultation conducted between December 2022 and February 2023. The Mid-Term Review will set out priorities for 2023 and 2024 to enhance the State's resilience to cyber threats as well as our national capacity to respond to cyber security incidents.
Investment in national capacity is a pillar of the Strategy and in July 2021 the Government agreed a number of measures to support the continued development of the National Cyber Security Centre (NCSC) over the coming five years. The measures agreed include increasing the overall full-time staffing complement of the NCSC to at least 70; there are currently 52 WTE staff in the NCSC. In addition, the General Scheme of a Bill will be prepared for Government approval to establish the NCSC on a statutory basis and provide for related matters including clarity around its mandate. The Computer Security Incident Response Team (CSIRT) based within in the NCSC, has developed and deployed technology on the infrastructure of Government Departments to detect and warn of certain types of threat. The Centre also provides expert advice and analysis on cyber security issues and is involved in coordinating the response to significant incidents. The NCSC is composed of highly skilled, specialist technical civilian staff, with skillsets in areas such as computer science, software engineering, malware analysis, information technology forensics, cryptography, software development, and cyber security compliance, as well as general cyber security skills.
The NCSC works to support Government Departments and other public bodies to improve the resilience and security of their IT systems to better protect services that people rely upon, and their data, In particular the NCSC works very closely with the Office of the Government Chief Information Officer (OGCIO).
The NCSC also has an extremely strong relationship with the Defence Forces, including in sharing information on trends, developments and incidents and in sharing capacity and best practice. This cooperation has involved both operational and senior management engagement, and the NCSC has provided training, support and threat intelligence material on an ongoing basis to the Defence Forces own CSIRT. The NCSC also engages on an ongoing basis with the Garda National Cyber Crime Bureau, particularly around ongoing incidents, activities of threat actors, and policy and also legislative issues.
The EU cyber security strategy - Cyber Security for the Digital Decade - is an ambitious and broad-ranging programme of activities to safeguard the digital transition in the Union in the deteriorating global cyber threat environment. The Commission has proposed an expansive legislative programme to implement the Strategy including the revised Network and Information Security Directive approved by the Council and Parliament in December 2022. The Council is presently considering a number of legislative proposals including the Cyber Resilience Act which seeks to enhance the cyber security of digital products supplied in the Single Market, and the Cyber Solidarity Act which seeks to enhance the capacity of the EU and its Member States to monitor, detect, prevent and respond to major cyber security incidents. As a consequence cyber security is a regular agenda item at the Council of TTE Communications Ministers, and was on the agenda at its meeting earlier this month. The Council is particularly seized of the importance of cooperation and information exchange to respond to cyber threats which do not respect national borders. In particular I would highlight the Call published after the informal Council of Ministers meeting in Nevers, France last year, in which the Council set out an ambitious programme to support enhanced resilience in critical infrastructure such as telecommunications and energy.
