Dáil Éireann Debate, Tuesday - 21 November 2023
606. Deputy Louise O'Reilly asked the Minister for Rural and Community Development how many staff members in her Department have received training in cyber security in the past three years; what types of cyber security training programmes have been conducted; if she will provide details of these programmes; and of the staff trained in cyber security, how many have obtained accredited cyber security qualifications. [50804/23]
View answer607. Deputy Louise O'Reilly asked the Minister for Rural and Community Development the expenditure on cyber security consultants and companies within her Department in the past three years; if her Department engaged in cyber security audits with outside firms in the past three years; if so, the expenditure on same; the amount her Department spent on cyber security consultants and companies in the past three years; and for a breakdown of these expenditures by year and type of service provided. [50822/23]
View answer608. Deputy Louise O'Reilly asked the Minister for Rural and Community Development if there are any ongoing contracts or commitments with cyber security firms; and if details can be provided [50840/23]
View answer609. Deputy Louise O'Reilly asked the Minister for Rural and Community Development if her Department has a policy and plan in place to address a ransomware attack and restore her Department's IT systems. [50858/23]
View answerI propose to take Questions Nos. 606, 607, 608 and 609 together.
My Department's ICT managed services are provided by the Office of the Government Chief Information Officer (OGCIO). In that context, there are no contractual arrangements entered into or payments made to cyber security firms directly by my Department in recent years.
The OGCIO implements a multi-layered approach to cyber security and to protecting ICT systems, infrastructures and services. It builds resilience into its ICT solutions as a matter of course, and has disaster recovery plans and sites in a Government Data Centre. Disaster recovery forms part of the overarching Business Continuity framework for all OGCIO clients, including my Department.
My Department recognises the importance of maintaining strong cyber security awareness. Working with the OGCIO, the Department ensures all staff are mindful of, and stay up to date on, evolving threats to information security from phishing attacks, malware, as well as from an increasingly sophisticated variety of social engineering deception schemes. Commonly, such schemes involve email or other communication that invokes urgency, fear, or similar emotions, leading the victim to promptly reveal sensitive information, click a malicious link, or open a malicious file.
The Department emphasises, in particular, the importance of maintaining mobile device security, maintaining strong passwords, verifying sources of suspicious emails. Working with the OGCIO, the Department provide regular information sessions to promote vigilance among staff.
Finally, I am advised that in terms of cyber security strategies, the OGCIO also works closely with the National Cyber Security Centre (NCSC) which is a division of the Department of Communications, Climate Action and Environment. It encompasses the State's national/governmental Computer Security Incident Response Team (CSIRT-IE), an internationally accredited response team focusing on enhancing both situational awareness and providing incident response for national cyber security incidents (including ransomware attacks).
