Léim ar aghaidh chuig an bpríomhábhar
Gnáthamharc

EU Directives

Dáil Éireann Debate, Thursday - 31 May 2018

Thursday, 31 May 2018

Ceisteanna (42)

Thomas P. Broughan

Ceist:

42. Deputy Thomas P. Broughan asked the Minister for Communications, Climate Action and Environment the changes that have come into effect since 9 May 2018 under European Directive 2016/1148; the way in which these changes will affect the National Cyber Security Centre; and if he will make a statement on the matter. [23213/18]

Amharc ar fhreagra

Freagraí scríofa

European Union Directive 2016/1148 concerning measures for a high common level of security of network and information systems places a number of significant responsibilities on the State and on critical infrastructure operators in respect of cyber security. The State is required to identify key critical infrastructure operators in a range of sectors, including energy, transport, health, drinking water supply and distribution and digital infrastructure. These operators will be required to meet a set of binding obligations in respect of security measures and incident reporting. The Directive also requires the State to apply a new regulatory regime on Digital Service Providers (DSPs) in the areas of cloud computing, online search engines and online market places. The Directive also places other obligations on the State in terms of ensuring that States can co-operate and share information in the event of a large scale incident affecting several countries and to ensure that every State has significant capacity of its own. These requirements include the designation of a National Computer Security Incident Response Team (CSIRT) with responsibility for risk and incident handling and the designation of a National Competent Authority (NCA) and a Single Point of Contact (SPoC).

In Ireland, the National Cyber Security Centre (NCSC) in my Department, which will be the National Competent Authority, has been working on transposition of the Directive for some time and this has included extensive engagement with industry.  The NCSC has provisionally identified a set of critical infrastructure operators and has published a set of draft security measures which will apply to these operators. Regulations to transpose the Directive itself are at a very advanced stage. The NCSC has also been developing its own capacity internally, particularly with regard to the CSIRT which received international accreditation last year.

Question No. 43 answered with Question No. 15.
Question No. 44 answered with Question No. 19.
Question No. 45 answered with Question No. 28.
Barr
Roinn