Cybersecurity Policy

Cyber security is an issue with very significant implications for governmental administration, for industry, for economic well-being and for the security and safety of citizens. It is a standing item on the agenda of the Government Task Force on Emergency Planning which I Chair. This Task Force last met on 9 September and included a very useful briefing and discussion on cyber security.

The response to cyber threats is a whole-of-Government challenge, with the Department of Environment, Climate and Communications taking the lead role and with inputs in the security domain from An Garda Síochána and the Defence Forces.

The National Cyber Security Centre, which is part of the Department of Environment, Climate and Communications, is the primary authority responsible for cyber security in the State, including incident response, cyber resilience and information provision. While the primary role of the Defence Forces with regard to Cyber Security relates to the defence and security of its own networks and systems, the Department of Defence and the Defence Forces are committed to participating, under the leadership of the Department of Environment, Climate and Communications, in the delivery of measures to improve the Cyber Security of the State. This is being done in line with the Programme for Government commitment to implement the National Cyber Security Strategy, recognizing the potential and important role of the Defence Forces.

Ireland’s current National Cyber Security Strategy was published in December 2019 and follows on from the country's first Strategy which was issued in 2015. It is a broader and more comprehensive document than the last one, and takes advantage of the operational experience gained by the National Cyber Security Centre from 2015 to 2019, and from ongoing national and international engagements in the area. Department of Defence officials and the Defence Forces inputted to the drawing up of this Strategy.

Department officials and members of the Defence Forces are actively involved in the implementation of the new Strategy which, in conjunction with the White Paper on Defence 2015, will continue to inform our engagement in this critical area. This includes work to develop an updated, detailed risk assessment of the current vulnerability of all Critical National Infrastructure and services to cyber-attacks and the provision of a member of the Defence Forces for secondment to the Cyber Security Centre of Excellence in Tallinn, Estonia. My Officials also actively participate on the Inter-Departmental Committee overseeing implementation of the Strategy which is chaired by the Department of Environment, Climate and Communications.

In addition, the Department of Defence and the Defence Forces have a Memorandum of Understanding and a Service Level Agreement with the Department of Environment, Climate and Communications to provide support in the area of national cyber security. The overall aim is to improve the cyber security of the State through various types of assistance and support while also ensuring the operational requirements of the Defence Forces are prioritised, including the ongoing sharing of information and analyses of risks.

I would also add that my Department implements a programme of continuous review in relation to ICT security in order to keep up to date with current threat levels given that cyber security is a multifaceted challenge that is constantly evolving. Details of measures taken are not publicised for security reasons.

While it would also be inappropriate for me to comment on the specific cyber activities and the resourcing of same by the Defence Forces, for both security and operational reasons, I can inform the Deputy that the priority for the Defence Forces Communications and Information Services Corps is the protection of the Defence Forces Communications Network. Other activities undertaken by the CIS Corps include the monitoring and handling of cyber incidents, the enhancement of Defence Forces cyber situational awareness and the provision of cyber awareness training.