Minister of State Ossian Smyth TD: Implementing the National Cyber Security Strategy

The Government recognises the resilience of public sector IT systems and the protection of critical infrastructure as vitally important, including to safeguard the delivery of services through digital means, writes Minister of State with responsibility for Procurement and eGovernment and Communications and Circular Economy, Ossian Smyth TD.

Our vision for the future is to expand further the range of online services and to maximise the opportunities offered by the development of cloud services. The ongoing crisis in Ukraine has once again highlighted the threat of cyber-attacks, including second-order impacts. In our connected society it is vital that governments take all necessary steps to enhance the cyber resilience of essential services.

The National Cyber Security Strategy is a whole-of-government approach to address the growing threat of cyber security incidents and to ensure that Ireland can benefit fully from the digital transformation. The strategy includes 20 separate measures to safeguard public sector networks and essential services, to facilitate the development of the cybersecurity industry and to promote awareness raising and international cooperation.

A number of measures are being led by the Department of the Environment, Climate and Communications, where, as Minister of State, I am responsible for Communications and Circular Economy. I am pleased to report that good progress is being made on their delivery. For example, the Department has published the Public Sector Cyber Security Baseline Standards to be applied by all government departments and agencies. The NCSC has worked with colleagues across government to develop the standards which will support public bodies to identify cyber risks, deploy appropriate mitigation measures, and protect personal and other important data. At its publication in 2019, we committed to reviewing the strategy at its mid-point. My officials have recently begun this mid-term review and will be engaging with relevant stakeholders in the coming months.

The National Cyber Security Centre (NCSC) is the lead government cybersecurity agency. Its functions are to lead in the management of major cybersecurity incidents, provide guidance and advice to citizens and businesses, and manage cyber security related risks to key services. The NCSC provides works with over 200 constituents from business, educational institutions, and the charitable and voluntary sector. The NCSC works closely with partner agencies in the UK, US, in other EU member states, and with the EU cybersecurity agency ENISA.

Strengthening our National Cyber Security Centre is a key component of the National Cyber Security Strategy and. In July 2021, the Government agreed to a significant expansion in the NCSC’s staffing and resources, which has progressed significantly. A dedicated HQ facility is being developed for the NCSC as part of my department’s new HQ facility in Dublin.

“I welcome the EU’s commitment to defining global standards for cybersecurity.” – Minister of State Ossian Smyth TD

In January 2022, Richard Browne was appointed as director of the NCSC, and there have been a number of additional staff appointed in recent months. My officials are also engaging with relevant departments to progress the drafting of legislation to provide a mandate for the NCSC, as well as appropriate powers to carry out its vital functions.

Like its counterparts across Europe, the NCSC is presently operating at a state of enhanced readiness in response to the war in Ukraine. I have been heartened by the high degree of coordination and information exchange in the EU and with likeminded partners. From my engagement with my colleagues in other member states, it is clear that we are united in our support for Ukraine, and in our desire to enhance the cybersecurity and resilience of critical infrastructure across the EU.

The recent agreement on a successor to the Network and Information Security Directive represents a step change for the EU cybersecurity regulatory framework. The expansion of scope including, for the first time, public administration bodies, will ensure all critical services are captured. The Directive also provides for a more robust system of sanctions and fines to ensure compliance by regulated bodies. I welcome the EU’s commitment to defining global standards for cybersecurity and look forward to working further with Commissioner for the Internal Market, Thierry Breton, and my ministerial colleagues to implement the Directive and to advance further regulatory measures, such as the proposed Cyber Resilience Act.

My department is committed to ensuring that all citizens can benefit from the myriad benefits of the digital transition. There is a massive development of national infrastructure under the National Broadband Plan State-led Intervention, which will be delivered by National Broadband Ireland (NBI) under a contract to roll out a high-speed and future-proofed broadband network within the Intervention Area. This area covers 1.1 million people living and working in almost 560,000 premises, including almost 100,000 businesses and farms along with some 679 schools.

The National Broadband Plan network will offer those premises in the intervention area a high-speed fibre broadband service with a minimum download speed of 500Mbps from the outset. In the first two years of the contract, construction commenced in all 26 counties and construction is ongoing.

This plan is the largest infrastructural project in rural Ireland since rural electrification, spanning 96 per cent of Ireland’s land mass. It will bring high-speed broadband to 23 per cent of Ireland’s population (69 per cent of the national total of farms). It will deliver fast, reliable broadband through laying 140,000km of fibre cable, utilising over 1.5 million poles and over 15,000km of underground duct networks. This marks a huge development in national critical infrastructure and is important in the rapid digitalisation of the many aspects of people’s lives.