Dáil Éireann Debate, Tuesday - 21 November 2023
369. Deputy Louise O'Reilly asked the Minister for Justice how many staff members in her Department have received training in cyber security in the past three years; what types of cyber security training programmes have been conducted; if she will provide details of these programmes; and of the staff trained in cyber security, how many have obtained accredited cyber security qualifications. [50802/23]
View answer370. Deputy Louise O'Reilly asked the Minister for Justice the expenditure on cyber security consultants and companies within her Department in the past three years; if her Department engaged in cyber security audits with outside firms in the past three years; if so, the expenditure on same; the amount her Department spent on cyber security consultants and companies in the past three years; and for a breakdown of these expenditures by year and type of service provided. [50820/23]
View answer371. Deputy Louise O'Reilly asked the Minister for Justice if there are any ongoing contracts or commitments with cyber security firms; and if details can be provided [50838/23]
View answer372. Deputy Louise O'Reilly asked the Minister for Justice if her Department has a policy and plan in place to address a ransomware attack and restore her Department's IT systems. [50856/23]
View answerI propose to take Questions Nos. 369 to 372, inclusive, together.
My Department implements a security-by-design and defence-in-depth approach to cyber security and all staff have regular access to cyber security awareness training.
The Department has enhanced its cyber security capabilities and has engaged third parties with specialist security skillsets to further support internal resources. The Deputy will appreciate that details of ongoing contracts with cybersecurity firms cannot be disclosed due to confidentiality agreements.
The technical team operates and monitors all relevant systems to the highest levels, and liaises closely with the Office of the Government Chief Information Officer (OGCIO) and the National Cyber Security Centre (NCSC) to ensure that best and up to the minute practice is followed in relation to all aspects of cybersecurity.
I hope the Deputy will understand that, for sound reasons of operational and national security, it would not be prudent or appropriate to disclose details of my Department’s information technology infrastructure, cyber security arrangements including costs, or those of State offices, agencies and bodies under its remit.
