Cybersecurity Policy

Cyber security, the protection of our IT systems, data services and communication networks, is vitally important to our economy and society. Disruption to our systems and personal data breaches are not only very expensive, they undermine trust and confidence in digital services and their providers. It is the Government’s role to develop policy and strategies which ensure Ireland can enjoy the full benefits of the digital transition. My Department works with a range of government departments, agencies, critical infrastructure operators and international partners to protect the security of key systems and data.

My Department also has responsibility for the National Cyber Security Centre (NCSC). The NCSC is the government’s operational unit for network and information security and acts as a central contact point in the event of a government or nationwide cybersecurity incident affecting the State. It serves a constituency including public bodies, critical national infrastructure operators from key sectors such as energy, transport, and health, as well as businesses, educational institutions, and others. It engages in a comprehensive set of tasks around cybersecurity, with a primary focus on securing government networks and securing Critical National Infrastructure. It encompasses the State’s National/Governmental Computer Security Incident Response Team (CSIRT-IE).

Responsibility for overseeing the implementation of the National Cyber Security Strategy 2019-2024 also falls to my Department. This is a whole-of-Government strategy to address the growing threat of cyber security incidents, to ensure Ireland can benefit fully from the digital transformation. The Strategy includes 20 separate measures to safeguard public sector networks and essential services, to support the development of Ireland's cyber security industry and ensure we play our part in defending a free, open, secure and stable cyberspace. The Strategy acknowledges the cyber security challenges and opportunities associated with new and disruptive technologies such as artificial intelligence (AI). The importance of these technologies is highlighted in the Strategy's measures relating to national capacity building and support for cyber security research, development, and innovation.

My Department has recently conducted a Mid-Term Review of the Strategy which will be considered by Government very soon and published thereafter.

While Ireland has its own policies and legislation for governing cyber security, we also abide by the relevant legislation developed by the EU. The EU Network and Information Systems Directive 2016/1148 was signed into Irish law on 18 September 2018 by way of S.I. No. 360 of 2018 (also known as the NIS Directive). This represented a significant change in how countries in the EU approach cyber security and involves a shift in approach towards a more formal type of regulatory relationship for critical services including energy, drinking water, and banking.

Since this Directive was adopted, the threat landscape has evolved considerably and as a result, the European Commission (EC) has proposed a revised directive, “NIS 2”. The revision to the Network and Information Security Directive (NIS 2) is a major step forward for the cyber resilience in Europe and will enhance cyber risk management across the union including generating significant improvements in our capacity to respond to major incidents and developing the information-sharing platforms which are proving effective to date.

My Department will lead on the transposition of the Directive, but it will be a whole of Government effort to ensure Ireland fulfils its obligations. As part of this work, we will provide the NCSC with a clear statutory mandate and legal authority.