Dáil Éireann Debate, Tuesday - 21 November 2023
146. Deputy Louise O'Reilly asked the Minister for Transport how many staff members in his Department have received training in cyber security in the past three years; what types of cyber security training programmes have been conducted; if he will provide details of these programmes; and of the staff trained in cyber security, how many have obtained accredited cyber security qualifications. [50808/23]
View answer147. Deputy Louise O'Reilly asked the Minister for Transport the expenditure on cyber security consultants and companies within his Department in the past three years; if his Department engaged in cyber security audits with outside firms in the past three years; if so, the expenditure on same; the amount his Department spent on cyber security consultants and companies in the past three years; and for a breakdown of these expenditures by year and type of service provided. [50826/23]
View answer148. Deputy Louise O'Reilly asked the Minister for Transport if there are any ongoing contracts or commitments with cyber security firms; and if details can be provided [50844/23]
View answer149. Deputy Louise O'Reilly asked the Minister for Transport if his Department has a policy and plan in place to address a ransomware attack and restore his Department's IT systems. [50862/23]
View answerI propose to take Questions Nos. 146, 147, 148 and 149 together.
Cyber security awareness training is provided to all staff within the Department of Transport on a regular basis. We have significantly increased our cyber security capabilities within the Department over the past three years, by a combination of internal staff training and engaging third parties with specialist security skillsets. The Department cannot disclose details of ongoing contracts with cybersecurity firms due to confidentiality agreements.
The Department has comprehensive cybersecurity policies and business continuity plans in place to address ransomware attacks. Most of the Department's IT footprint is certified under ISO22301, which remains valid until July 2025 on condition that the approved Business Continuity Management Standard is maintained in an adequate and efficacious manner. Additionally, a well-defined incident response strategy helps to swiftly restore the Department's IT systems in case of an attack.
