National Cyber Security Strategy
-
From: Department of the Environment, Climate and Communications
- Published on: 12 December 2019
- Last updated on: 28 June 2023
The current National Cyber Security Strategy was published in December 2019, and follows on from the country's first Strategy which was published in 2015. It is a broader and more comprehensive document than the last one, and takes advantage of the operational experience gained by the National Cyber Security Centre from 2015 to 2019, and from ongoing national and international engagements in the area.
The vision behind the 2019 Strategy is to allow Ireland to continue to safely enjoy the benefits of the digital revolution and to play a full part in shaping the future of the Internet.
This vision will be achieved through:
- the Protection of the State, its people, and its critical national infrastructure from threats in the cyber security realm
- the Development of the capacity of the State, of research institutions, of businesses and of the people, to both better understand and manage the nature of the challenges we face in this space
- the Engagement by the State, nationally and internationally, in a strategic manner, supporting a free, open, peaceful and secure cyber space
The objectives of the Strategy are to:
- continue to improve the ability of the State to respond to and manage cyber security incidents, including those with a national security component
- identify and protect critical national infrastructure by increasing its resilience to cyber-attack and by ensuring that operators of essential services have appropriate incident response plans in place to reduce and manage any disruption to services
- improve the resilience and security of public sector IT systems to better protect services that our people rely upon, and their data
- invest in educational initiatives to prepare the workforce for advanced IT and cybersecurity careers
- raise awareness of the responsibilities of businesses around securing their networks, devices and information and to drive research and development in cyber security in Ireland, including by facilitating investment in new technology
- continue to engage with international partners and international organisations to ensure that cyber space remains open, secure, unitary and free and able to facilitate economic and social development
- increase the general level of skills and awareness among private individuals around basic cyber hygiene practices and to support them in this by means of information and training
A Public Consultation process was undertaken in the first half of 2019 in order to inform the Strategy and ensure that awareness and best practice in cyber security and cyber hygiene were at the core of the Strategy formulation process. The public consultation process was designed to elicit the views of the general public and also the views of those with an interest in the subject, such as specialists in the field of Cyber Security.
The Public Consultation Document was published on the department's website and the consultation process concluded on 1 May 2019. The responses to the consultation process were analysed and collated and have informed the revised Strategy.
Mid-term Review
The Mid-Term Review of the National Cyber Security Strategy (NCSS) was informed by an extensive public consultation, stakeholder engagement and further consideration by all relevant government departments and agencies. Based on this, 18 new strategic actions have been added to the NCSS, which will be delivered across Government by the end of 2024.
Responding to the cyber security skills gap in Ireland and globally, the Mid-Term Review includes new measures to continue the development of relevant cyber skills to fill skills gaps and support the potential growth of the cyber security industry in Ireland. In addition, a priority action will see the development of a whole-of-Government cyber security industrial strategy to support Ireland’s cyber security industry to achieve its potential.
The Government will continue investment in the capacity of the National Cyber Security Centre (NCSC), particularly in its ability to monitor and respond to cyber security incidents and developing threats in the State such as ransomware. The Government has agreed to expand the range of entities supported by the NCSC, including a number of new measures to support SMEs and other stakeholders. The Mid-Term Review will also ensure Ireland plays a full and active part in the cyber discussions in the EU and internationally and is fully prepared to implement the revised EU Network and Information Systems Directive (NIS2) from next year.
The delivery of these measures will continue to be overseen by the existing high-level Inter-departmental Committee, and annual reports will be published to provide greater transparency on the implementation of the Strategy.