Cyber Security Policy

In the first instance, operational responsibility for security of government IT infrastructure is a matter for the relevant Departments of State and public bodies involved in providing and managing these services. My Department has overall responsibility for Cyber Security Policy, and facilitated the adoption by Government of the State's first National Cyber Security Strategy last year.  Among the key actions of the Strategy is the formal legislative establishment of the National Cyber Security Centre (NCSC).

The NCSC has been developing its services over the last number of years, focussing first on building the State’s governmental Computer Security Incident Response Team. This team, known as CSIRT-IE, provides incident response support and improved situational awareness in regard to current cyber security alerts and threats to Government Departments and key State Agencies.  For obvious operational security reasons, it would not be appropriate to comment on specific threats.

In July 2016, the European Union formally adopted a Directive on security of network and information systems (2016/1148).  The Directive is required to be transposed in the State by May 2018 and will require regulation of cyber security in the finance, energy, transport, health, water distribution and digital sectors in Ireland. I have recently briefed Government on the importance of this new legislation.  My Department is currently undertaking a public consultation on the Directive, and following this I will be seeking the Government Agreement to draft primary legislation to formally establish the NCSC on a statutory basis. The NCSC would undertake a number of regulatory functions under the Directive, in addition to an obtaining additional powers to conduct more general cyber security work, including the protection of Government systems.