Cyber Security Policy

I propose to take Questions Nos. 105 and 116 together.

The National Cyber Strategy set out the priorities for the National Cyber Security Centre (NCSC) for the period 2015-2017, as the protection of Government ICT Infrastructure while building capacity in other areas, including, particularly, the protection of critical national infrastructure. While the 2016 EU Network and Information Security (NIS) Directive was largely anticipated in the Strategy, the finalised Directive contains additional provisions which will have significant implications for my Department also.

The NCSC is presently engaged in a series of activities supporting Departments and agencies in the protection of their networks and infrastructure. These measures include monitoring threats, developing appropriate responses, and informing constituents of these on an ongoing basis.

The NIS Directive requires Member States to take measures to protect critical national infrastructure and ensure the security of Digital Service Providers. As such, the legislation that will be used to transpose this Directive will set out the means that will be used to deal with infrastructure protection in this space, and the NCSC is already well advanced in developing these in a practical way and identifying the actual infrastructure involved.

The dynamic nature of this issue, and the risks posed to citizens and the State, are clearly significant. The NCSC is presently undergoing expansion, both in terms of staffing numbers and funding. While the precise resourcing and staffing of the NCSC are security sensitive issues and are not published, it can be said that the NCSC has just finished a recruitment process at two separate grades, with a number of additional staff either in clearance or already in place.