Cybersecurity Policy

The role of the National Cyber Security Centre, NCSC, is to support Departments and other public bodies to improve the resilience and security of their IT systems to better protect services upon which people rely and their data. The NCSC has a number of vital functions, including co-ordinating the response to large-scale cybersecurity incidents; supporting public sector bodies and critical national infrastructure to safeguard their systems and mitigate cyber risks; and sharing advice and guidance on cyber threats with its constituents and the wider community.

The NCSC avails of external export support, as required, including a number of third-party incident response services. It also engages, on an ongoing basis, with relevant partner agencies in the EU, as well as in the US and the UK. In July 2021, on foot of a memorandum for the Government, the Government agreed to implement a number of capacity-building measures in the NCSC. The overall full-time staffing complement of the NCSC will also be increased to at least 70 over the coming five years, with 20 additional staff to be recruited by the end of this year, bringing the serving complement to 45.

In addition to the creation of 20 new permanent posts in the NCSC, a cybersecurity graduate training programme was initiated last year, with four computer science graduates to be recruited each year on contracts for a three-year duration. Currently, there are 29 staff members in the NCSC, the highest level of staffing since its establishment.

It seems that number is quite small, given the threat that is out there and its scale and complexity. I brought up the issue of mobile phone platform security in a question earlier on. Will the Minister tell me whether the NCSC has a responsibility for security of the mobile phone network with respect to hacking and, if not, who does?

The first responsibility there is on the network providers. I have seen in the past how they work on a collective basis, including with the NCSC and other agencies, to make sure their networks are as secure as possible. They have the primary responsibility for the networks. However, the NCSC has overall responsibility. It is the centre of excellence and expertise in the State, to which the Garda, the Defence Forces, other corporations and, in particular, Departments and public agencies can have recourse to seek best advice. Its job is not to manage and monitor each and every network.

It is to oversee and make sure that the best information is shared and the best practices put in place. As I said, the team is expanding. I said in response to an earlier question that we had a further round this week. It is a difficult environment because it is a very well-paid area. Cybersecurity is a very large industry in this country. My experience is that we were able to get very capable people who were inspired by national interest in their work.

I am getting back to it again. I am sorry for focusing on this but it is very important. Is there somebody in the Minister's Department at assistant secretary or principal officer level who has responsibility for and a focus on the security of our national telephone platforms, many of which are based outside the State? Is there somebody whose focus is solely on this or who has a responsibility in this area; a go-to person who is co-ordinating it? The Minister agreed with me earlier that this is a very important and sensitive area in which we are exposed. Is there somebody in his Department who has expertise and who is focusing on this?

The first person I go to is the Secretary General in the Department. There is, however, a specific assistant secretary who I go to in terms of anything related to our network system. It is our responsibility in our Department to oversee the development, deployment and security of the networks. Both that assistant secretary and the director of the NCSC are directly responsible to me and to the Minister of State, Deputy Ossian Smyth. They are our first port of call in terms of seeking advice or making sure our networks are safe and secure.