Dáil Éireann Debate, Thursday - 25 January 2024
177. Deputy Bernard J. Durkan asked the Minister for the Environment, Climate and Communications the extent to which he and his Department have in hand further enhanced measures to ensure the protection of all Government Departments and bodies under their aegis from any cyber-attacks in the future; and if he will make a statement on the matter. [3679/24]
View answerThe Government's National Cyber Security Strategy, which was reviewed in 2023, recognises the importance of protecting the State and its institutions from cyber threats in a dynamic and flexible manner. Investing in our national capacity to detect, prevent, respond to and recover from cyber security incidents has been a priority for Government since the first national strategy. In the Mid-Term Review of the National Cyber Security Strategy published last June, the Government reiterated our commitment to continuing to invest in our National Cyber Security Centre (NCSC), which is a division within my Department. The Mid-Term Review recognised the deterioration in the global cyber threat landscape and the significant increase in capacity and services required by the EU NIS 2 Directive. Relevant measures and strategies are being implemented to ensure the NCSC can provide even greater support to public bodies, operators of critical national infrastructure, and other stakeholders. The Review also includes a commitment to further enhance the NCSC’s ability to actively detect and defeat cyber threats targeting critical infrastructure and critical networks, including Government. The forthcoming Cyber Security Bill which will transpose the NIS 2 Directive will provide the NCSC with appropriate legal mandate and authorities to implement these enhanced services.
While the NCSC plays an important role, it is important to highlight that the security of information and networks remains the responsibility of the relevant Department or agency. The Government’s strategy is providing valuable support to public sector bodies to identify and mitigate cyber security risks. The Baseline Cyber Security Standard for Public Bodies was published in 2021 and updated in 2022. This standard was developed in partnership with stakeholders from national and local government and provides a framework for public bodies to implement effective cyber security risk mitigation measures, both technical and organisational. The NCSC has published supporting materials including a checklist document to help public bodies to implement the Standard. In addition, the NCSC has established the Government Cyber Security Coordination & Response (or “GovCORE”) Network of senior public service ICT professionals to facilitate sharing of information and good practice, and frequently provides its public sector stakeholders with advice and guidance of both a general and specific nature.
The Mid-Term Review of the Cyber Security Strategy published last year includes a significant new measure to support public bodies in securing their ICT estate. The NCSC will be provided with the necessary legal authority and technical capabilities to carry out security assessments of ICT systems for the handling of sensitive and confidential data. This will form part of the Cyber Security Bill currently being drafted in my Department.
