I propose to take Questions Nos. 1270 to 1273, inclusive, together.
The National Cyber Strategy set out the priorities for the National Cyber Security Centre (NCSC) for the period 2015-2017, as the protection of Government ICT Infrastructure while building capacity in other areas, including, particularly, the protection of critical national infrastructure. While the 2016 EU Network and Information Security (NIS) Directive was largely anticipated in the Strategy, the finalised Directive contains additional provisions which will have significant implications for my Department also.
The NCSC is presently engaged in a series of activities supporting Departments and agencies in the protection of their networks and infrastructure. These measures include monitoring threats, developing appropriate responses, and informing constituents of these on an ongoing basis. The NIS Directive requires Member States to take measures to protect critical national infrastructure and ensure the security of Digital Service Providers. As such, the legislation that will be used to transpose this Directive will set out the means that will be used to improve the protection of critical national infrastructure, and the NCSC is already well advanced in identifying the actual infrastructure involved and developing these measures in a practical way.
The dynamic nature of this issue, and the risks posed to citizens and the State, are clearly significant. The NCSC is presently undergoing expansion, both in terms of staffing numbers and funding. While the precise resourcing and staffing of the NCSC are security sensitive issues and are not published, it can be said that the NCSC has just finished a recruitment process at two separate grades, with a number of additional staff either in clearance or already in place.
The provision of public awareness campaigns and material for businesses and individuals will be a central component of the next National Cyber Security Strategy, and work has already commenced on a number of elements of a campaign. It is hoped that the programme for Small and Medium Enterprises will launch early next year.
