Dáil Éireann Debate, Tuesday - 14 February 2023
73. Deputy Aindrias Moynihan asked the Minister for Further and Higher Education, Research, Innovation and Science his engagement with all third level institutions in view of the recent cyber breach at Munster Technological University, MTU; and if he will make a statement on the matter. [6941/23]
Amharc ar fhreagraI want to thank the Deputy for the question. It's very important that there is clarity about the respective roles of different institutions, agencies and Departments when it comes to the critical matter of cyber security.
As autonomous bodies, higher education institutions have governance and legal responsibility for their own administrative and corporate affairs, including in their management of ICT infrastructures, risk management, including cyber risk, business resilience and contingency planning.
At Government level, the National Cyber Security Centre, which is part of the Department of Environment, Climate and Communications, has lead responsibility for cyber security in the State, with inputs from An Garda Síochána and the Defence Forces. Their role covers incident response, cyber resilience and information provision, including to the tertiary education sector.
Therefore, in cases such as the incident in MTU, the primary engagement in responding to the cyber incident is between the institution and the National Cyber Security Centre, with regular updates also being provided by the institution to my Department and the Higher Education Authority. There should also be clear communications by the institution to students and stakeholders.
My Department, in close collaboration with the Department of Education, has an important role in resourcing and supporting the work of HEAnet, the education sector’s ICT shared services provider. My Department has provided additional resources to HEAnet, to strengthen their capabilities to support institutions in addressing cyber security risks.
Last year, my Department confirmed significant multi-annual funding for cyber-security resources to HEAnet. These resources will equip HEAnet to enhance its support to clients, including institutions across the tertiary education sector, in mitigating their cyber security risks. In particular, these new resources will allow HEAnet to provide advice and training and enhance support to institutions in preventing incidents and alerting them to potential cyber events.
