Cybersecurity Policy

The National Cyber Security Centre, or NCSC, which is located within my Department, is the primary cyber security authority in the State, and has a number of roles, including leading on cyber security incident response and on the resilience and security of critical infrastructure. The National Cyber Security Centre had 21 staff in 2018, 23 in 2019 and has 24 to date in 2020, with a further staff member to join in the coming weeks.

The NCSC contains the State’s Computer Security Incident Response Team, or CSIRT. This is the body that responds to the full range of cyber security incidents in the State. The CSIRT has international accreditations and operates its own, purpose built, secure incident response software environment. Since its foundation in 2011, the CSIRT has developed significant expertise in managing cyber security incidents, and now handles in excess of 2,000 incidents every year. The CSIRT has also developed and deployed the Sensor platform across Government Departments, and the deployed Malware Information Sharing Platforms (MISPs) across a range of critical infrastructure operators.

The NCSC also has a set of statutory powers in terms of ensuring that critical infrastructure operators maintain and operate that infrastructure in a secure manner. To date, 67 Operators of Essential Services have been designated. The Compliance Team in the NCSC has been working with these entities to improve their security since 2018, and formal audits will start in the current Quarter 3.

The Programme for Government commits to the implementation of the 2019 National Cyber Security Strategy in full. This Strategy includes a number of measures designed to ensure that our level of preparedness remains appropriate to likely future threats.