Tuesday, 29 June 2021

Ceisteanna (288)

Carol Nolan


288. Deputy Carol Nolan asked the Minister for Defence the role his Department has in implementing the National Cyber Security Strategy; and if he will make a statement on the matter. [34629/21]

Amharc ar fhreagra

Freagraí scríofa (Ceist ar Defence)

As we have all seen from recent incidents, Cyber security is an issue with very significant implications for governmental administration, for industry, for economic wellbeing and for the security and safety of citizens. It is a standing item on the agenda of the Government Task Force on Emergency Planning which I Chair where it is always a key topic of discussion.

The response to cyber threats is a whole-of-Government challenge, with the Department of Environment, Climate and Communications taking the lead role and with inputs in the security domain from An Garda Síochána and the Defence Forces.

The National Cyber Security Centre, which is part of the Department of Environment, Climate and Communications, is the primary authority responsible for cyber security in the State, including incident response, cyber resilience and information provision. While the primary role of the Defence Forces with regard to Cyber Security relates to the defence and security of its own networks and systems, the Department of Defence and the Defence Forces are committed to participating, under the leadership of the Department of Environment, Climate and Communications, in the delivery of measures to improve the Cyber Security of the State. This is being done in line with the Programme for Government commitment to implement the National Cyber Security Strategy, recognizing the potential and important role of the Defence Forces.

Ireland’s current National Cyber Security Strategy? was published in December 2019 and it follows on from the country's first Strategy which was issued in 2015. The current Strategy also reflects the operational experience gained by the National Cyber Security Centre since it was established in 2011, and from ongoing national and international engagements in the area. Department of Defence officials and the Defence Forces inputted to the drawing up of this Strategy.

Department officials and members of the Defence Forces are actively involved in the implementation of the new Strategy which, in conjunction with the White Paper on Defence 2015, will continue to inform our engagement in this critical area. This includes work to develop an updated, detailed risk assessment of the current vulnerability of all Critical National Infrastructure and services to cyber-attacks and the secondment of a member of the Defence Forces to the Cyber Security Centre of Excellence in Tallinn, Estonia. My Officials are also part of the steering group developing a Baseline Cyber Security Standard for Government Departments and Agencies, they participate in the UK-Ireland Critical National Infrastructure Cyber Cooperation Working Group and my officials also actively participate on the Inter-Departmental Committee overseeing the overall implementation of the National Cyber Security Strategy.

In addition, the Department of Defence and the Defence Forces have a Memorandum of Understanding and a Service Level Agreement with the Department of Environment, Climate and Communications to provide support in the area of national cyber security. The overall aim is to improve the cyber security of the State through various types of assistance and support while also ensuring the operational requirements of the Defence Forces are prioritised, including the ongoing sharing of information and analyses of risks.

I would also add that my Department implements a programme of continuous review in relation to ICT security in order to keep up to date with current threat levels given that cyber security is a multi-facetted challenge that is constantly evolving. Details of measures taken are not publicised for security reasons.

While it would also be inappropriate for me to comment on the specific cyber activities and the resourcing of same by the Defence Forces, for both security and operational reasons, I can inform the Deputy that the priority for the Defence Forces Communications and Information Services Corps is the protection of the Defence Forces Communications Network. Other activities undertaken by the CIS Corps include the monitoring and handling of cyber incidents, the enhancement of Defence Forces cyber situational awareness and the provision of cyber awareness training.