Upload
others
View
17
Download
0
Embed Size (px)
Citation preview
National Cyber Security Strategy 2019-2024
Table of Contents Executive Summary .............................................................................................................. 3
Measures .............................................................................................................................. 5
1 Introduction .................................................................................................................... 8
2 Vision ........................................................................................................................... 11
3 Objectives .................................................................................................................... 12
4 Risk and the Information Society .................................................................................. 13
4.1 Strategic Risks ....................................................................................................... 13
4.2 Hybrid Threats........................................................................................................ 14
4.3 Risks to Critical National Infrastructure and Public Sector Systems and Data ........ 15
4.4 Citizen and Business .............................................................................................. 17
5 National Capacity Development ................................................................................... 19
5.1 State of Play ........................................................................................................... 19
5.2 Objective ................................................................................................................ 23
5.3 Measures ............................................................................................................... 23
6 Critical National Infrastructure Protection ..................................................................... 25
6.1 State of Play ........................................................................................................... 25
6.2 Objective ................................................................................................................ 26
6.3 Measures ............................................................................................................... 27
7 Public Sector Data and Networks ................................................................................. 31
7.1 State of Play ........................................................................................................... 31
7.2 Objective ................................................................................................................ 32
7.3 Measures ............................................................................................................... 32
8 Skills ............................................................................................................................ 36
8.1 State of Play ........................................................................................................... 36
8.2 Objectives .............................................................................................................. 38
8.3 Measures ............................................................................................................... 38
2
9 Enterprise Development ............................................................................................... 41
9.1 State of Play ........................................................................................................... 41
9.2 Objectives .............................................................................................................. 41
9.3 Measures ............................................................................................................... 41
10 Engagement .............................................................................................................. 43
10.1 State of Play ....................................................................................................... 43
10.2 Objective ............................................................................................................. 44
10.3 Measures ............................................................................................................ 44
11 Citizens ..................................................................................................................... 47
11.1 State of Play ....................................................................................................... 47
11.2 Objective ............................................................................................................. 48
11.3 Measures ............................................................................................................ 48
12 Governance Framework and Responsibilities ............................................................ 50
12.1 Governance Structure ......................................................................................... 50
12.2 Delivery of the National Cyber Security Strategy ................................................. 50
Appendix 1 List of Actions ................................................................................................... 51
3
Executive Summary Ireland ranks among the leading EU Member States in terms of the uptake and use of digital
technologies. Like the rest of the developed world, these technologies have come to play a
central role in supporting and facilitating economic and social life. Ireland has also gained
very significantly in economic terms from development of a global data ecosystem; our
geographic position, open economy and EU membership have ensured that we have
become host to a significant amount of data and economic activity.
However the progressive development and deployment of the internet and its constellation of
connected devices has been accompanied by an increasing dependence on these systems.
This dependence has created a complex and evolving set of risks, some of which flow from
flaws in the design or operation of systems, leading to unexpected loss of service. Others
exist as a consequence of deliberate actions by organised groups, including Nation States,
seeking to subvert or compromise these systems for a range of reasons. These
compromises can take the form of theft or destruction of data or money and the physical
disruption or destruction of services or infrastructure. In turn, these risks have a complex and
interrelated set of consequences for States, ranging from the protection of citizens data, to
the protection of key infrastructure and services.
Cyber Security is often defined as the means of ensuring the confidentiality, integrity,
authenticity and availability of networks, devices and data. However, as network and
information systems become more embedded and complex, securing these becomes
simultaneously more important and difficult. While these responses have evolved quickly in
an attempt to keep pace with technological and market developments, this process is made
vastly more challenging by the extremely dynamic nature of developments, both in terms of
technology and in terms of the global strategic environment.
Ireland’s first National Cyber Security Strategy was agreed by Government and published in
July 2015. It set out a road map for the development of the National Cyber Security Centre
(NCSC) and a series of measures to better protect Government data and networks, and
critical national infrastructure. This period since that time has seen the NCSC grow
significantly in scale and capacity, and the introduction of EU Network and Information
Security Directive 2016/1148 (NIS Directive), a significant set of measures to support
Government Departments and Agencies in managing their systems.
Furthermore, approximately 70 critical national infrastructure operators have been legally
designated as such, and have been made subject to binding security requirements and to a
binding incident notification requirement. Together, these mean that the State and critical
4
national infrastructure operators are far better prepared to deal with cyber security related
risks than before.
The technology sector is characterised by its extreme dynamism however, and it appears
likely that a fresh wave of developments are about to emerge, centred around virtualised
networks using advanced communications protocols (such as 5G), Artificial Intelligence and
the Internet of Things. In turn, these recursively linked developments will likely have a vast
range of use cases, meaning that they will penetrate further into the lives of citizens and the
key infrastructure that services depend on. Moreover, the software based nature of this
technology is such that new regulatory and governance tools are likely to be required to
ensure that both data and services are resilient and secure.
These developments have been accompanied by the rapid growth of a global industry
providing products and services aimed at securing digital systems and infrastructure. With
over 6,500 people employed in the cyber security sector in Ireland, the industry is already a
key part of the technology sector here, both in its own right and as an enabler for investment
in related sectors here. Sustaining and building on this success is an essential part of
ensuring future economic growth and high value jobs, and also ensuring that a cyber
security ecosystem with adequate critical mass exists in the State.
The integration of digital technologies at a national level remains an ongoing process also,
and one that has seen considerable Government action. The 2015 Public Service ICT
Strategy has been augmented by ‘Our Public Service 2020’, a new policy framework
designed to build on these previous reforms while expanding the scope of reform to focus on
collaboration, innovation and evaluation. At a national level, the National Broadband Plan
will ensure that more than half a million people will have access to high speed broadband for
the first time, and the forthcoming National Digital Strategy will set out how Government
intends to ensure that the benefits of digitisation are available for all. Taken together, these
will continue to have positive effects on economic growth, regional balance and individual
opportunity; however this digitisation also brings a degree of risk.
This Strategy sets out how Ireland will embrace these challenges, and also how we plan to
take advantage of the enterprise and job creation opportunities flowing from these global
technological developments. This Strategy sets out a series of measures designed to
address some of the complex challenges associated with sustaining and growing the
number of people employed in this sector.
5
Lastly, the development of network and information security as a key policy theme has
important international dimensions also, both in terms of the centrality of internet governance
and, critically, in the general diplomatic sphere. Cyber Security is a first tier international
relations issue; this Strategy establishes how Ireland will continue to play a role in shaping
this environment at a global level.
Measures Government will, over the period 2019-2024, implement the following systematic measures
to protect our nation, to develop our cyber security sector, and to deepen our international
engagement on the future of the internet.
1 The National Cyber Security Centre will be further developed, particularly with
regard to expand its ability to monitor and respond to cyber security incidents and
developing threats in the State.
2 Threat intelligence and analysis prepared by the National Cyber Security Centre will
be integrated into the work of the National Security Analysis Centre.
3 The existing Critical National Infrastructure Protection system flowing from the NIS
Directive will continue to be deployed and developed, with particular focus on the
ongoing compliance and audit programmes to mitigate risks to key services.
4 The NCSC, with the assistance of the Defence Forces and An Garda Síochána, will
perform an updated detailed risk assessment of the current vulnerability of all
Critical National Infrastructure and services to cyber attack.
5 The existing Critical National Infrastructure protection system will be expanded and
deepened over the life of the Strategy to cover a broader range of Critical National
Infrastructure, including aspects of the electoral system.
6 The existing information sharing groups operated by the National Cyber Security
Centre will be further developed, with the existing Threat Sharing Group being
broadened to include a wider range of Critical National Infrastructure.
7 Government will introduce a further set of compliance standards to support the
cyber security of telecommunications infrastructure in the State.
8 The NCSC will develop a baseline security standard to be applied by all
6
Government Departments and key agencies.
9 The existing ‘Sensor’ Programme will be expanded to all Government Departments,
and an assessment will be conducted as to the feasibility of expanding Sensor to
cover all of Government networks.
10 A Government IT Security Forum will be created, open to all Heads of IT Security
across Government, to facilitate information sharing on best practice for cyber
security and to allow the NCSC support the deployment of the baseline security
standard.
11 The NCSC will be tasked by Government to issue recommendations with regard to
the use of specific software and hardware on Government IT and
telecommunications infrastructure.
12 Government will continue to ensure that second and third level training in computer
science and cyber security is developed and deployed, including by supporting the
work of Skillnets Ireland in developing training programmes for all educational
levels and supporting SOLAS initiatives for ICT apprenticeship programmes in
cyber security.
13 Science Foundation Ireland (SFI) will promote cyber security as a career option in
schools and colleges by means of their Smart Futures Programme.
14 Science Foundation Ireland, along with DBEI and DCCAE, will explore the
feasibility through the SFI Research Centre Programme, the Research Centre
Spoke programme or other enterprise partnership programmes, to fund a significant
initiative in Cyber Security Research.
15 Government will continue to support and fully engage with the IDA funded Cyber
Ireland Programme and explore new mechanisms to support
Industry/Academia/Government cyber security collaboration.
16 Enterprise Ireland will develop a cyber security programme to facilitate collaborative
links between enterprise and the research community that leads to the practical
application of research in business.
17 We will reinforce Ireland’s diplomatic commitment to cyber security, including by
stationing cyber attaches in key diplomatic missions and by engaging in sustainable
7
capacity building in third countries.
18 We will create an interdepartmental group (IDG) on internet governance and
international cyber policy to coordinate national positions across Departments.
19 We will deepen our existing engagement in international organisations, including by
joining the Cyber Security Centre of Excellence (CCD-COE) in Tallinn, Estonia.
20 Government will develop a national cyber security information campaign which will
use information provided by the NCSC and the Garda National Cyber Crime
Bureau and be delivered by entities which are directly engaged in information
provision.
A detailed implementation plan of actions relating to these measures, including timelines and
responsible organisations, are set out in the accompanying Annex.
8
1 Introduction Ireland is among the leading ranks of EU Member States in terms of the uptake and use of
digital technologies (7th out of the 28 EU Member States in the European Commission
Digital Economy and Society Index (DESI) 2019). In practical terms, this means that the
internet and the vast array of technology and devices connected to it have played a central
role in delivering and enabling our economic success. Moreover, they have also allowed for
considerable improvements in productivity and quality of life, and for greater efficiency and
sustainability in the use of resources. However, these same technologies also bring with
them an embedded set of risks and vulnerabilities. This is a dynamic issue; it is rendered
more complex and challenging as systems become more embedded, connected to the
internet and integrated into virtually every aspect of our lives.
Meeting this challenge, both in terms of the resilience of key infrastructure and services and
the ability of the State to manage and respond to incidents is already critical to the social and
economic wellbeing of the State and its people. It is not a simple task. Cyber security brings
with it a complex web of issues to be dealt with. Internet enabled and connected
technologies already permeate every aspect of our lives, both at a personal level and in
providing the services that we rely upon. The diverse nature of these various sectors, with
different ownership models and technologies, means that there is no single model or
solution, technical or otherwise, that will suit every sector. In formulating a national response,
a dynamic and flexible approach is required, one in which different solutions are applied
according to the nature of the sector and to the risk posed to society, to human life, and to
the economy.
The global nature of the internet has significant geopolitical implications also - infrastructure
of any kind attached to the internet is vulnerable to threats from anywhere on the planet. As
such, the geography of national security has changed, posing some profound national
security policy questions for Ireland. In the first instance, the global management of the
Internet, how it is governed and how States and others behave and act, is now a key
national concern. Secondly, the security of every process, service and piece of infrastructure
in Ireland, from the electoral process through to military infrastructure and the security of
public sector data has to be approached in a different way, because they are all, to some
extent, dependent on connected devices and can now be targeted directly from anywhere on
the planet.
Lastly, the nature of our economy has changed radically. Ireland is home, according to some
estimates, to over 30% of all EU data, and to the European Headquarters of many of the
9
world’s largest technology companies. Our economic success is therefore closely bound up
with our ongoing ability to provide a secure environment for these companies to operate
here.
The security of our network and information systems is therefore crucial for the continued
economic and social development of Irish society. The first National Cyber Security Strategy,
published in 2015, has resulted in the establishment of a functional and evolving National
Cyber Security Centre, and the development of a comprehensive set of measures around
protecting key critical national infrastructure and the security of Government systems and
data. Given the expanding nature of the threat and the evolving complexity of systems, this
Strategy takes a broader perspective and sets out a series of measures that go well beyond
those in the 2015 Strategy. These measures also embrace a broader set of issues than
before; there are challenges around skills, enterprise development and research that require
specific actions.
The process for drawing up this Strategy was managed by a High Level Steering Group,
chaired by the Department of Communications, Climate Action and Environment, with
representation from the Department of the Taoiseach, the Department of Foreign Affairs and
Trade, the Department of Employment and Social Protection, the Department of Defence,
the Office of the Chief Government Information Officer, the Department of Justice and
Equality and the Department of Business, Enterprise and Innovation.
The process was also guided by a set of consultation mechanisms. Firstly, a set of five
sector specific engagement groups were drawn together, comprising of stakeholders from
across the public and private sector. These groups covered National Security and Policing,
Enterprise Development, Skills and Research, Public Sector ICT Security and Critical
National Infrastructure Protection, and were designed to ensure that the Strategy was
comprehensive and accurately reflected the diverse range of issues to be tackled. These
groups were each convened twice, once before the public consultation to ensure that the
consultation document and questions were appropriate, and to identify those fundamental
concerns affecting each sector. The second meeting occurred after the public consultation
was closed, and the groups were provided with the outcome of this, and with the proposed
outcome of the Strategy. These groups provided a forum in which participants could freely
voice opinions, concerns and ideas, and were extremely valuable in framing and
contextualising the Strategy, and in identifying solutions to some of the challenges faced.
A public consultation was run between March and May 2019, in which a brief draft of the
strategy was published as part of a public consultation process to gather the views of the
public and wider industry. Members of the public had 30 working days to make submissions
10
of the draft brief of the strategy, and a total of 47 submissions were received. These
submissions were then assessed by the Steering Group and the five sector specific
engagement groups, and the suggested measures from each were extracted and tabulated
for further analysis. This analysis also involved an assessment of more than 30 national
strategies from across Europe and beyond, as well as best practice documents from bodies
like the OECD and ENISA.
11
2 Vision Our vision is of an Irish society that can continue to safely enjoy the benefits of the digital
revolution and can play a full part in shaping the future of the internet. To that end, we will;
Protect the State, its people and critical national infrastructure from threats in the
cyber security realm in a dynamic and flexible manner, and in a way that fully
respects the rights of individuals and proportionately balances risks and costs.
Develop the capacity of the State, research institutions, businesses, the public sector
and of the people to both better understand and manage the nature of the challenges
we face in this space and to ensure that businesses and individuals can continue to
benefit from economic and employment opportunities in information technology, and
in particular in cyber security.
Engage nationally and internationally in a strategic manner, supporting a free, open,
peaceful and secure cyber space, and ensuring that cyber security is a key
component of our diplomatic posture across the full range of engagement.
12
3 Objectives
To continue to improve the ability of the State to respond to and manage cyber
security incidents, including those with a national security component
To identify and protect critical national infrastructure by increasing its resilience to
cyber attack and by ensuring that operators of essential services have appropriate
incident response plans in place to reduce and manage any disruption to services
To improve the resilience and security of public sector IT systems to better protect
data and the services that our people rely upon
To invest in educational initiatives to prepare the workforce for advanced IT and
cybersecurity careers
To raise awareness of the responsibilities of businesses around securing their
networks, devices and information and to drive research and development in cyber
security in Ireland, including by facilitating investment in new technology
To continue to engage with international partners and international organisations to
ensure that cyber space remains open, secure, unitary, free and able to facilitate
economic and social development
To increase the general level of skills and awareness among private individuals
around basic cyber hygiene practices and to support them in this by means of
information and training
13
4 Risk and the Information Society From its very origins as ‘Arpanet’ in the United States in the 1960s, the internet was
designed to be an open system that allowed any one point on a network to receive
messages from any other point, and to allow information find multiple routes from one point
to the other. Despite the fact that there are now billions of connected devices connected to a
network that spans the globe, that fundamental principal persists, and in fact has been
central to the rapid growth of the internet and its utility to humanity.
However this openness and ease of connection also facilitates the use of the network for
malicious activities. Over time, and as the internet has grown in importance, the potential
range and impact of such actions have grown, bringing with them a wide range of new risks
to critical social and economic functions. This Section outlines those key risks for Ireland.
4.1 Strategic Risks At a very high level, developments in cyber security pose two fundamental challenges for
Ireland. Firstly, the a-spatial nature of the internet exposes the State to new and rapidly
developing global threats, including those developed and deployed by threat actors with very
significant resources and expertise. These threats manifest at a national level in a variety of
ways that make detecting and mitigating the associated risks difficult. The fact that the global
security environment is in a particularly dynamic phase is also pertinent; the apparent return
of ‘great power’ politics in international relations, accompanied by tensions over trade and
technology vendors, pose particular challenges for small, open economies like Ireland.
Secondly, the technological base of the Irish economy has developed significantly in recent
years; the State is now home to a large proportion of Europe’s data (upwards of 30%
according to some industry assessments) and the European headquarters of a number of
the world’s largest technology firms. Critically also, the conceptual evolution of cloud
computing has had profound implications for Ireland. In many cases, rather than being
passive repositories of data, these centres are now home to live operational software
environments; an outage or incident affecting one of those facilities could therefore have
immediate disruptive effects on infrastructure or business across the EU or globally.
In turn, this means that the infrastructure supporting these centres, public and private, now
has an elevated security and economic risk associated with it.
Recent years have seen the development and regular use of very advanced tools for cyber
enabled attacks and espionage, and, likely for the first time, the physical destruction of
Critical National Infrastructure by cyber enabled means. As such, the field of cyber security
14
is characterised by an ongoing and high stakes technological arms race, between attack and
defence.
The nature of network connected infrastructure adds a further complexity. Firstly, these are
ultimately global systems, both in terms of the supply chains for devices and software and in
terms of the network that links them together; this means that any single State can only
exercise a degree of control over the operation of the network in its territory. Also, and
critically, these devices and systems are owned by a very wide range of types of businesses
and organisations. In fact, many private homes already have several connected devices,
something that is likely to become more prevalent with the ongoing rise of the Internet of
Things (‘IoT’). This means that coordinating protective measures or responses to incidents
or attacks across this very wide range of potential targets is a very complex challenge.
Moreover, unless Governments are willing to insist on an intrusive system of monitoring,
they have limited options available to them to predict or prevent all attacks or incidents on
their territory or against their citizens or infrastructure. The challenges in this space extend to
the most fundamental; the nature of cyber-attacks have often been such that many of them
have traditionally not been reported or publicised, posing an obvious issue for Governments
in understanding and responding to the underlying question.
The increasingly complex and dynamic nature of the security challenges facing the State
have already been recognised by Government with the establishment of a Cabinet
Committee dealing with national security matters. The Government has also established the
National Security Analysis Centre (NSAC) which will work across Government to support a
coherent approach to assessing, understanding and addressing national security challenges,
resulting in enhanced strategic advice for Government.
4.2 Hybrid Threats One of the more challenging issues to emerge in recent years has been the active use and
refinement of hybrid threats. These threats are defined by the EU as being
“multidimensional, combining coercive and subversive measures, using both conventional
and unconventional tools and tactics (diplomatic, military, economic, and technological) to
destabilise the adversary ”, and have arisen in a number of EU countries in the recent past.
Many of these threats have had a cyber component, the most common of which has been
the use of cyber tools to steal information for subsequent use in disinformation campaigns
(so called ‘hack and leak’). By their nature, these campaigns are designed to be difficult to
detect, and because of their explicitly political goals, even more difficult for public authorities
to counteract.
15
As an open liberal democracy, Ireland is vulnerable to campaigns of this type in much the
same way as other EU Member States. In December 2017, the Government established the
first ‘Interdepartmental Group on Security of Ireland’s Electoral Process and Disinformation’,
which is coordinated by the Department of the Taoiseach. The group is tasked with
assessing the risks to Ireland’s electoral process, taking into account the substantive issues
arising from recent experiences in other democratic countries with regard to the use of
social media by external, anonymous third parties. The Group published its first report in
July 2018 which overall found that while the risks to the electoral process in Ireland are
relatively low at present there is potential for future risks due to the spread of disinformation
online and the risk of cyber-attacks on the electoral system. The group has proposed a
number of measures to protect against these risks, including establishing an Electoral
Commission, modernising voter registration, regulating online political advertising and
supporting EU efforts to tackle disinformation. At a European level also, there has been
significant work, including the creation of the Hybrid Fusion Cell, set up in the European
External Action Service to facilitate the rapid sharing of information relating to the potential
hybrid type actions affecting multiple EU Member States.
4.3 Risks to Critical National Infrastructure and Public Sector Systems and Data
While general risks arise for society as a consequence of developments in cyber space,
there are particular sectors in which these incidents have potentially far greater implications.
In broad terms, these include those infrastructure sectors that are critical for societal and
economic functions, often termed Critical National Infrastructure (CNI), and Public Sector
Systems and Data.
The traditional conceptualisation of CNI has encompassed the energy and transport sectors,
the financial services sector, healthcare and the telecommunications system itself.
Government IT systems, in turn, are central to the delivery of many functions that are
essential to allow a modern society to function, including social services and payment
systems, tax collection and the functioning of democracy.
Recent decades have seen the development and use of tools to compromise, disrupt and
even destroy these systems. These threats have emanated from a wide range of actors,
varying in terms of access to resources and capability. These range from individuals acting
alone or in small groups engaged in nuisance type attacks, such as website defacement and
small scale denial of service attacks, through to ‘hacktivists’, criminals of various scales, and
Nation States. Among the higher level threats, organised criminal gangs are often
16
indistinguishable from Nation States in that they sometimes deploy advanced techniques to
infect and compromise networks and data.
Lastly, at the top of this pyramid, are those State sponsored entities, usually military or
security organisations, seeking to use network and information systems to conduct
operations ranging from the exfiltration of data to the destruction of physical infrastructure.
These threat actors, usually referred to as ‘advanced persistent threats’ (or APTs) have been
shown to be involved in attacks across a wide range of sectors, but with a particular focus on
Government IT systems, telecommunications networks, financial services and technology
companies. The resources at their disposal, their persistence and their expertise mean that
that these entities pose a very particular challenge, they are difficult to detect and difficult to
remove and therefore pose a serious and ongoing challenge to the security of network and
information systems.
Historically, States could hope to secure both Critical National Infrastructure and public
sector systems and data by securing a very small number of key installations. They could
make laws to prohibit parties using their territories for illicit purposes or activities, and they
could use physical borders as a means of defending against external threats. None of these
measures are as effective in the digital age. Moreover, for practical and legal reasons,
Governments generally do not have visibility of, or cannot secure, the vast range of devices
in their territory or the traffic flowing to and from them. This is because networks are privately
owned, as are both connected devices and a very large proportion of critical national
infrastructure.
For much of the period until 2016, the approach taken by many National Governments has
been to support organisations by providing information as to threats and to risk mitigation
measures, and by providing an incident response function. In Ireland, the signing into law of
the 2018 Network and Information Security Regulations (S.I. 360 of 2018) has resulted in a
far more proactive approach to the protection of Critical National Infrastructure, including the
formal identification of operators, and the commencement of a programme of security
measures that include assessments and audits of compliance, in line with measures being
taken across Europe. These will, over time, result in an increase in the resilience of these
key services against attack or incident. Risks remain however, both in those sectors covered
by the NIS Regulations and outside of these.
In the first instance, the adherence to the security measures in the NIS Regulations is a risk
reduction methodology, not a guarantee of absolute security. Secondly, the NIS Directive
and Regulations are explicitly limited to seven named sectors. Both the assessment of
Critical National Infrastructure carried out by the NCSC during the designation process and
17
the application of the security measures after designation have shown that some of the
infrastructure in the State outside of the scope of the NIS Regulations is in fact also critical,
and that there are a number of interdependencies between Critical National Infrastructure
sectors that are likely to give rise to particular risks.
Although the security of public sector ICT has seen considerable investment and attention,
not least due to the advent of the General Data Protection Regulation, the nature of the
sector poses some particular challenges. Some Departments and Agencies can readily
demonstrate compliance with international best practice (and international standards like
ISO27001) but challenges remain in ensuring a consistently high level of security across
Government Departments and agencies. Particular issues remain around the formal
governance of ICT security, both in general and in the context of national classified
information and classified information of other States and international bodies. Similar issues
exist in obtaining Facilities Security Clearance for companies engaged in the handling and
storage of confidential information. Some measures are being developed to deal with these
challenges, including the growing use of (and plans for) shared IT infrastructure between
Departments, but some fundamental challenges remain.
Critically, ongoing technological developments, including revolutions in telecommunications
are likely to render this situation even more complex. In allowing for low latency and high
bandwidth transmission of information, the deployment of 5G technologies will likely serve as
a key enabling infrastructure for a series of other technologies and use cases.
These potentially include customer facing services like autonomous vehicles, eHealth
services and entertainment, and industry oriented services. On that basis, it seems likely that
5G networks will form the backbone of a new set of services critical to the operation of vital
societal and economic functions. The nature of these networks and technology is relevant
also; being software defined and virtualised means that new types of security measures will
likely be required in this sector to ensure the security of both the 5G network and of the
services dependent on it.
4.4 Citizen and Business For private citizens, of all ages, many of the issues associated with cyber security are closely
related to online safety and the prevention of cyber crime. These matters usually refer to the
online behaviour of individuals, or the manner in which they maintain or use their personal or
home devices. These risks involve the potential loss of data to cryptoware attacks, or the
loss or theft of personal information including credentials or bank details.
18
For businesses, one of the more common and more damaging outcomes of the rise of
malicious online activity relates to attacks on businesses for financial gain. Despite an
increased level of awareness, Cyber Crime incidents in Ireland are increasing with 61% of
Irish organisations reported to have suffered cybercrime such as Fraud in the last two years
with an estimated loss on average of €3.1m.
19
5 National Capacity Development
5.1 State of Play Until 2011, governmental responsibility for cybersecurity in Ireland was spread across a
number of different organisations, including both military and civilian authorities. In July
2011, the Government decided to establish the National Cyber Security Centre (NCSC) in
what is now the Department of Communications, Climate Action and Environment, bringing
responsibility for all cyber security matters into one operational unit. This decision was based
on a detailed analysis of the evolving threats to security, and an assessment of the most
appropriate type of organisation to respond to issues and to proactively improve the
resilience of key infrastructure and services. This organisational concept has since come to
represent best practice in Europe, primarily because it allows for the creation of a single
critical mass of experience and operational expertise, and for the end to end management of
incidents of all types.
The first National Cyber Security Strategy, agreed by Government in 2015, set out a series
of measures that would be taken to build the capability of the National Cyber Security Centre
(NCSC) and to achieve a high level of security for computer networks and Critical National
Infrastructure in the State. These measures focusing capacity development within the NCSC
on the Computer Security Incident Response Team (or ‘CSIRT’), and a parallel series of
measures aimed at improving the network and information security of Public Bodies. The
Strategy also established how the resilience of critical national infrastructure would be
improved, in part by the transposition of the NIS Directive, and how the national incident
response process would be developed through ongoing participation in the National
Emergency Management System.
The initial focus of the NCSC was to be in the creation of a Computer Security Incident
Response Team, within the organisation. CSIRTs are an internationally recognised
organisation type with a set of formal roles around cyber security incident response and
information sharing. At their most basic, they are designed to act as focal points for
information; by taking in and anonymising incident reports from victims, and then sharing the
technical details of both incidents and mitigation strategies with their constituents (those
bodies they have been assigned to assist), they can ensure that the broader constituent
group has a higher degree of situational awareness as to what is occurring.
In this way, CSIRTs are expressly designed to obviate some of the structural challenges
emanating from the fragmented ownership of IT systems.
20
The CSIRT in the NCSC, called CSIRT-IE, went through an extended phase of capacity
building and upskilling. In the early stages, the focus was first on the primary tasks of being
able to securely and professionally manage and track incidents and share information with
constituents. To do so requires both a pool of trained and experienced staff, and a secure
stand-alone IT infrastructure. These have been very significantly developed since 2015, and
have resulted in the creation of an expert unit with significant capacity in the full range of
cyber security incident response functions. The Defence Forces and An Garda Síochána
were central to the early stages of this process, providing both seconded staff and expertise
in security, process development and threat intelligence assessment. Also, the UCD Centre
for Cybercrime Investigation has been critical in the development of cyber security skills in
Ireland; much of the knowledge base that established the NCSC flowed from students and
staff of UCD.
The development of the CSIRT’s operational capacity was designed to lead to a point where
the unit would have a high degree of situational awareness as to cyber security activity in the
State, and would have a network of ‘constituents’ with which it could securely share the
technical details of incidents, in an anonymised fashion, to allow them take measures to
protect their systems and services. These constituents include Government Departments
and agencies, and Critical National Infrastructure operators, and number in excess of 130
entities. However, the NCSC was involved in a number of serious cyber security incidents in
2016 and 2017 which pointed both to issues not comprehended in the Strategy. The
analysis of these incidents pointed to the need to evolve some of the tools of the NCSC to
better respond to future incidents. As such, the NCSC took a series of initiatives during this
period to support both critical national infrastructure operators and Government
stakeholders. Examples of this include: (i) formalising and augmenting the system of
advisories and alerts (which flowed from lessons learned in the incident management
process for WannaCry2 and NotPetya), and (ii) the formation in 2017 of the Threat Sharing
Group, which acts both as a forum for critical national infrastructure operators, and a means
for State Actors (including Gardaí and Defence Forces) to share information with these
operators and to engage with cyber security professionals. These same incidents also
reinforced the centrality of cyber security to the key security challenges facing the State, and
of the need for ongoing and close cooperation with the State’s security services on
operational matters.
The NCSC has developed significantly in terms of capacity and resources, and its roles have
been formally established in law, including responsibilities around Critical National
Infrastructure protection and dealing with EU requirements around the security of some
21
Digital Service Providers. The responsibilities of the CSIRT itself with regard to risk and
incident handling have been defined in law as requiring it to;
“(a) monitor incidents within the State,
(b) provide early warnings, alerts, announcements and dissemination of information
about risk and incidents to relevant stakeholders,
(c) respond to incidents notified to it under NIS Regulation 18 or 22,
(d) provide dynamic risk and incident analysis and situational awareness,
(e) participate and co-operate in the CSIRTs network,
(f) establish relationships with persons in the private sector to facilitate co-operation
with that sector1”.
The CSIRT received its first international accreditation in late 2017, (Trusted Introducer
accreditation), signifying that the team had reached a defined level of best practice and
maturity. The NCSC has developed a threat intelligence database that is being used to
assist Agencies and Departments in protecting their networks. There has also been a
comprehensive expansion of the NCSC constituent base to over 130 members. This base
now includes Government Departments and Agencies, and key entities across the Financial
Sector, Critical National Infrastructure (CNI) providers and other Operators of Essential
Services (OES).
Since that period, the CSIRT has further developed its incident response capacity by means
of an integrated incident response and analytics platform, and a highly augmented system of
advisories to constituents across Government and Critical National Infrastructure.
Furthermore, the CSIRT has pivoted from a solely reactive stance to a more proactive
position. This includes the deployment and use of MISPs (Malware Information Sharing
Platform) to share threat intelligence directly with Critical National Infrastructure Providers,
and the evolution and use of a series of tools to identify, parse and analyse open source
intelligence (OSINT). The CSIRT has also developed, tested and deployed the ‘Sensor’
platform, now operational on the infrastructure of a number of Government Departments, to
detect and warn of certain types of threat.
The evolution of the NCSC was accompanied by developments in related areas. The 2015
Defence White Paper notes that “… the Department of Communications, Energy and Natural
Resources has lead responsibilities relating to cyber security” and explained that “The 1 Regulation 10 of S.I. 360 of 2018
22
primary focus of the Department of Defence and the Defence Forces will remain the
protection of Defence networks” but that “… as in any emergency/crisis situation, once
Defence systems are supported, the Department of Defence and the Defence Forces will
provide support to the CSIRT-IE team in so far as resources allow”. As such, the role of
Defence Forces with regard to cyber security is explicitly a supporting one, with their primary
responsibilities in this area relating to the protection of their own systems. This supporting
role has evolved over time, and the Defence Forces continue to play a central role in
facilitating the operations of the NCSC. The NCSC maintains close cooperation with the
Defence Forces and the Gardaí on national security issues, and has a secondment
arrangement with both entities.
An Garda Síochána also have a set of responsibilities in the sector, both in preventing,
investigating and prosecuting cyber-crime and as a consequence of their national security
roles. Their capacity and organisation has evolved somewhat in recent years, as the
Computer Crime Investigation Unit (established in 1991) was re-established as the Garda
National Cyber Crime Bureau (GNCCB) in 2017. The Bureau is the national Garda unit
tasked with the forensic examination of computer media seized during the course of any
criminal investigations. In addition, the bureau conducts investigation into cyber dependent
crime including network intrusions, data interference and attacks on websites belonging to
Government Departments, institutions and corporate entities, An Garda Síochána has
invested heavily in the area, with a particular focus on developing capacity in the regions.
The NCSC and Garda National Cyber Crime Bureau have developed a positive co-operative
relationship with ongoing shared training and secondment opportunities for staff.
Key Developments
1. The CSIRT has been made fully operational and internationally accredited.
2. The information sharing and outreach programmes operated by the NCSC have very
significantly developed, including by means of the deployment of Malware
Information Sharing Platforms (MISPs).
3. The CSIRT has developed, tested and deployed the Sensor platform.
4. The Garda National Cyber Crime Bureau has been established, and the capacity of
the organisation significantly augmented.
5. The National Security Assessment Centre has been established in the Department of
the Taoiseach.
23
5.2 Objective To continue to improve the ability of the State to respond to and manage cyber security
incidents, including those with a national security component.
5.3 Measures The National Cyber Security Centre (NCSC) will remain the primary Cyber Security authority
in the State, and will further develop its capacity to deliver on its two key roles; leading the
national response to cyber security incidents and building the resilience of key networks and
devices across the State. The core response element of the NCSC will continue to grow, and
its pivot from a reactive stance towards a proactive one will be maintained, including by
means of new ways of detecting threats before they impact on services and citizens. By the
end of 2022 the NCSC will also have a number of new and expanded roles in protecting
Government networks and data, and will continue to work with the Office of the Government
Chief Information Officer to develop and implement policies and practices relating
specifically to Government and public services.
1. The National Cyber Security Centre will be further developed, particularly with regard to expand its ability to monitor and respond to cyber security incidents and developing threats in the State.
The CSIRT within the NCSC will be developed into a ‘Joint Security Operations Centre’
(or JSOC) by the end of 2020 to better support the security of both Government ICT,
and Critical National Infrastructure. Separate specialist teams will be formed within the
JSOC, including Threat Intelligence, Incident Response and Network Monitoring. This
will facilitate the ongoing development of the response team while allowing for the
maintenance and progressive development of the capacity of the NCSC to monitor
network activity across Government and Critical National Infrastructure. This unit will
continue to function as the national point of contact for all cyber security incidents, and
will continue to lead the response to cyber security incidents of all scales.
2. Threat intelligence and analysis prepared by the National Cyber Security Centre will be integrated into the work of the National Security Analysis Centre.
The National Security Analysis Centre (NSAC) in the Department of the Taoiseach will
play a central role in coordinating the strategic analysis of threats to National Security,
24
and in providing improved situational awareness to Government. The NCSC will assist in
ensuring that new and emerging cyber security challenges that have a national security
impact are fully reflected in the work of the NSAC, including in the development a new
National Security Strategy.
Measure 1: The National Cyber Security Centre will be further developed, particularly with regard to expand its ability to monitor and respond to cyber security incidents and developing threats in the State.
Actions for Delivery Timeline by
Quarter
Lead Key
Stakeholders
1 Develop detailed technical and
organisational plan for the JSOC.
Q4 2020 NCSC DCCAE
2 Receive sanction for resourcing and
staffing for NCSC expansion.
Q2 2021 NCSC DCCAE,
D/PER
3 Build prototype JSOC in interim facility Q4 2021 NCSC OPW,
DCCAE
4 Commission Final JSOC Facility in
NCSC HQ
Q2 2023 NCSC OPW,
DCCAE
Measure 2: Threat intelligence and analysis prepared by the National Cyber Security Centre will be integrated into the work of the National Security Analysis Centre.
Actions for Delivery Timeline by
Quarter
Lead Key
Stakeholders
1 Establish Formal Reporting and
Information Sharing arrangements with
NSAC
Q1 2020 NCSC NSAC
25
6 Critical National Infrastructure Protection
6.1 State of Play Until relatively recently, accepted best practice in Europe for the protection of critical national
infrastructure and services against cyber-attack involved two types of actions, (1) the
creation of a national incident response function such as the NCSC, and (2) instituting formal
information sharing arrangements whereby information relating to threats to this
infrastructure could be shared with owners and operators, including urgent information
relating to imminent threats. The NCSC established and still runs precisely these services
and has worked, on an ongoing basis, with utility operators and with similar bodies in other
jurisdictions to manage risks to Critical National Infrastructure in Ireland, including the active
management of ongoing incidents.
However, experience over time across Europe and elsewhere has made it clear that there is
a risk asymmetry between the public interest and that of many operators of this type of
infrastructure. In many cases, critical services remained vulnerable despite comprehensive
attempts by Government to provide information and support to operators. As such, and
building on work underway in some EU Member States and on previous Directives in
Telecommunications, the European Commission published a draft of the ‘Network and
Information Security Directive’ in 2013. This NIS Directive, which was formally agreed in
2016, included a series of measures aimed at improving the resilience of Critical National
Infrastructure across 7 different sectors (including energy, transport, drinking water, banking,
financial markets, healthcare and digital infrastructure). These measures include requiring
Member States to formally assess their infrastructure, and legally designate so called
‘Operators of Essential Services’ – those entities that are critical to the provision of these
services in each State. Moreover, these entities are required to be made subject to a formal
set of security requirements, and to a binding incident reporting requirement. As such, the
NIS Directive aims to (a) compel improvements in the security and resilience of Critical
National Infrastructure, and (b) improve State awareness of cyber security incidents across
Europe, and (c) allow for greater consistency and coordination of response at an EU level.
The 2015 strategy was written in anticipation of the NIS Directive, and detailed work was
underway from before the Strategy was complete on a detailed assessment of Critical
National Infrastructure in Ireland, which included an Infrastructure Interdependency Study
with the UK (completed mid in 2017). These assessments were then used to derive a
national list of Operators of Essential Services (OES), which were formally designated
following the transposition of the NIS Directive in Ireland in September 2018 by S.I. 360 of
26
2018. Enforcement powers under the NIS Regulations allow Authorised Officers of the
NCSC to conduct security assessments and audits in 5 of the 7 sectors (the Central Bank of
Ireland retains responsibility for the application of security measure to the Financial Services
sectors), and require the provision of information and issue binding instructions to remedy
any deficiencies. The NCSC has also prepared detailed guidance documents relating to
security measures, compliance and incident reporting to provide additional support to the
OES, which were published for public consultation in January 2019.
For the purposes of this document Critical National Infrastructure is defined as “… an asset,
system or part thereof located in Member States which is essential for the maintenance of
vital societal functions, health, safety, security, economic or social well-being of people, and
the disruption or destruction of which would have a significant impact in a Member State as a
result of failure to maintain those functions.” The aim of Government is to secure our CNI
from attack by mandating that measures are taken by operators to manage risks to this
infrastructure, including by having appropriate incident response plans in place to cope with
any disruption to services.
The progressive dependence of Critical National Infrastructure and services on network
connected devices has led to the State taking a series of measures to ensure the resilience
of certain categories of critical national infrastructure. However, given the nature and extent
of the risk, and because of developing technologies, this system needs to be further
developed and expanded. To that end, Government will take the following measures to
further protect Critical National Infrastructure and services;
Key Developments 1. The Critical Infrastructure Protection methodology set out in the EU NIS Directive
has been implemented.
2. This has resulted in the designation of Operators of Essential Services across 7 key
sectors, and the commencement of a series of formal assessments of readiness by
Operators.
3. The introduction of tailored information sharing mechanisms to share sensitive
information with key Operators.
6.2 Objective To identify and protect critical national infrastructure by increasing its resilience to cyber
attack and by ensuring that operators of essential services have appropriate incident
response plans in place to reduce and manage any disruption to services.
27
6.3 Measures The NCSC will also continue to implement its existing Critical National Infrastructure
protection programme, premised on the already implemented NIS Directive process, but will
significantly evolve this, based on a broad ranging piece of analysis. It will be supported in
this in particular effort by the Defence Forces and An Garda Síochána, and will engage
across Government to ensure that cyber security concerns are integrated into all relevant
policy matters.
3. The existing Critical National Infrastructure Protection system flowing from the NIS Directive will continue to be deployed and developed, with particular focus on the ongoing compliance and audit programmes to mitigate risks to key services.
The main objective of the NIS Directive is to ensure that there is a high common level of
cyber security across Member States. The NCSC is the national competent authority
charged with providing guidance on the security of Critical National Infrastructure, and
with auditing the application of security controls for many of these sectors. The NCSC
will continue to develop and apply these measures to ensure that the NIS Directive is
fully applied in Ireland, and that this application keeps pace with changes in technology
and best practice.
4. The NCSC, with the assistance of the Defence Forces and An Garda Síochána will perform an updated detailed risk assessment of the current vulnerability of all Critical National Infrastructure and services to cyber attack.
Building on the existing assessment process conducted under the NIS Directive, the
NCSC will conduct a detailed risk assessment of the vulnerability of all Critical National
Infrastructure and services to cyber attack. This will include an assessment of the
criticality of a wide variety of services and a mapping of interdependencies between
these. The output from this process will inform the expanded scope of the existing cyber
security Critical National Infrastructure protection process.
5. The existing Critical National Infrastructure protection system will be expanded
and deepened over the life of the Strategy to cover a broader range of Critical National Infrastructure, including aspects of the electoral system.
28
We will broaden and deepen the existing regulatory system for the cyber security of CNI
to include a wider range of operators across a broader range of sectors and to allow for
the closer monitoring of compliance. This expanded system is likely to include aspects
of higher education and electoral systems and will build upon the work already in place
as a consequence of the NIS Directive.
6. The existing information sharing groups operated by the National Cyber Security Centre will be further developed, with the existing Threat Sharing Group being broadened to include a wider range of Critical National Infrastructure.
The existing cyber security information sharing forums, such as the ‘Threat Sharing
Group’ (TSG) and the ‘All Island Information Exchange’ (AIIE) will be substantially
developed.
7. Government will introduce a further set of compliance standards to support the
cyber security of telecommunications infrastructure in the State.
We will introduce a new and specific set of security requirements for the
telecommunications sector, with detailed risk mitigation measures to be developed by
the NCSC to assist Comreg in fulfilling their statutory functions under existing EU
Security Regulations (transposed by S.I. 333 of 2011), and the forthcoming EU
Telecommunications Code ( Directive 2018/1972)
Measure 3: The existing Critical Infrastructure Protection system flowing from the NIS Directive will continue to be deployed and developed, with particular focus on the ongoing compliance and audit programmes to mitigate risks to key services.
Actions for Delivery Timeline by
Quarter
Lead Key
Stakeholders
1 Complete first phase of Operators of
Essential Services (OES) Self-
Assessment against Security Control
Framework
Q1 2020 NCSC Designated
OES
2 Commence Security Control Testing of
Operators of Essential Services (OES)
Q3 2020 NCSC Designated
OES
3 Reassess Register of Designated OES Q3 2020 NCSC
29
and Security Guidelines
4 Security Control testing post incidents,
and ongoing audits of OES compliance
Ongoing NCSC Designated
OES
Measure 4: The NCSC, with the assistance of the Defence Forces and An Garda Síochána, will perform an updated detailed risk assessment of the current vulnerability of all Critical National Infrastructure and services to cyber attack.
Actions for Delivery Timeline by
Quarter
Lead Key
Stakeholders
1 Steering Group formed and terms of
reference for the review agreed
Q1 2020 NCSC AGS, DF,
NSAC, CBI,
COMREG,
CRU, IAA
2 Information gathering phase complete,
and methodology agreed
Q3 2020 NCSC AGS, DF,
NSAC, CBI,
COMREG,
CRU, IAA
3 Complete Assessment Process,
including international consultation and
detailed assessment of cross sectoral
interdependencies.
Q2 2021 NCSC AGS, DF,
NSAC, CBI,
COMREG,
CRU, IAA
4 Final Report and Recommendations
Complete
Q4 2021 NCSC AGS, DF,
NSAC, CBI,
COMREG,
CRU, IAA
Measure 5: The existing Critical National Infrastructure protection system will be expanded and deepened over the life of the Strategy to cover a broader range of Critical National Infrastructure, including aspects of the electoral system.
Actions for Delivery Timeline by
Quarter
Lead Key
Stakeholders
1 Draft Heads of Bill for Agreement by
Government
Q4 2021 DCCAE AGO
2 Drafting Process with AGO Q1 2022 DCCAE AGO
30
3 Oireachtas Process Q2 2022 DCCAE AGO,
Oireachtas
Measure 6: The existing information sharing groups operated by the National Cyber Security Centre will be further developed, with the existing Threat Sharing Group being broadened to include a wider range of critical national infrastructure.
Actions for Delivery Timeline by
Quarter
Lead Key
Stakeholders
1 Expand the current Threat Sharing
Group (TSG) representatives to include
CNI, with new Terms of Reference.
Q2 2020 NCSC AGS, DF,
CNI
2 Refine existing arrangements with the
UK on information sharing and incident
response, with particular reference to
North-South critical infrastructure
protection.
Q4 2020 NCSC OEP, CPNI
UK
Measure 7: Government will introduce a further set of compliance standards to support the cyber security of telecommunications infrastructure in the State.
Actions for Delivery Timeline by
Quarter
Lead Key
Stakeholders
1 Transposition of Directive 2018/1972 Q4 2020 DCCAE NCSC,
Comreg
2 Provision of Technical Support to
Comreg
Q4 2020 NCSC Comreg
3 Application of revised security
measures
Q1 2021 Comreg DCCAE,
NCSC,
Telecoms
Operators
31
7 Public Sector Data and Networks
7.1 State of Play Responsibility for the operation and security of public sector IT systems sits with individual
Departments and Agencies, with the Office of the Government Chief Information Officer
having an overarching role in leading the implementation of the Public Service ICT Strategy
and managing the network which Departments and Agencies use to connect with each other
and the wider internet. The primary role of the CSIRT within the NCSC in its early years
involved establishing an incident response function to support these Departments and
agencies when they reported incidents to the NCSC, and to build an Advisory system to
allow for the rapid dissemination of specific information relating to threats and incidents, and
best practice with regard to cyber security. The NCSC had no direct insight into activities on
Government networks however, and no formal or precise means of determining what
security measures might be in place in individual Departments or agencies.
On this basis, and in tandem with the ongoing development of the CSIRT and the expanding
toolset that are available to all constituents, the NCSC began to rollout a project titled
‘Sensor’; this is essentially an additional layer of boundary protection for Government
Departments that alerts the NCSC when particular types of activity are observed transiting
Government networks. Also, the NCSC issued a ‘5 Point Guide’ for Departments in late
2018, setting out a recommended baseline of security measures that Departments might
take, based on some of the common incidents that the CSIRT had reported to it over the
previous period.
Key Developments
1. The Advisory system operated by the NCSC has been augmented substantially to
allow for the rapid dissemination of information.
2. The NCSC has developed, tested and deployed the Sensor platform across a
number of Government Departments, improving the security of IT systems and data
against high level threats.
3. Government Departments and agencies have invested heavily in security, supported
by guidance from the NCSC.
32
7.2 Objective To improve the resilience and security of public sector IT systems to better protect services
that our people rely upon, and their data.
7.3 Measures The Public Sector relies heavily on Information Technology to deliver practically all of the
services it provides; these services therefore need to be secure, resilient and capable of
ensuring that personal information remains private. To that end, Government will take the
following specific initiatives;
8. The NCSC will develop a baseline security standard to be applied by all Government Departments and key agencies.
The NCSC, in conjunction with the OGCIO, will formulate a minimum cyber security
baseline standard for Government ICT. This will be aligned with international standards
and phased in across all Government bodies, beginning with Government Departments.
These standards typically include measures and controls in relation to staff training,
identity and access management. It is envisaged that the standard will be audited at a
local Departmental level with support and guidance provided by the NCSC.
9. The existing ‘Sensor’ Programme will be expanded to cover all Government Departments, and an assessment will be conducted as to the feasibility of expanding Sensor to cover all of Government networks.
The NCSC Sensor Programme will be rolled out across all Government Departments
with a view to improving the early detection and removal of threats. The NCSC will
support its application across the public sector, and the Joint Security Operations Centre
will be developed to support and operationalise this system. It is envisaged that every
significant Government Department and Agency will be monitored by the Joint SOC
managed by the NCSC.
10. A Government IT Security forum will be created, open to all Heads of IT Security across Government, to facilitate information sharing on best practice for cyber security and to allow the NCSC support the deployment of the baseline security standard.
33
The NCSC will lead in creating, chairing and implementing a new Public Sector IT
Security forum, with Heads of IT security from across Government Departments and
Agencies. The forum will meet quarterly to exchange and share information around best
practice, inter organisational processes, cyber security threats and measures to comply
with the new public sector cyber security baseline standard.
11. The NCSC will be tasked by Government to issue recommendations with regard to the use of specific software and hardware on Government IT and telecommunications infrastructure.
The NCSC will be tasked to issue recommendations with regard to the procurement and
use of certain types of IT infrastructure and software in securing Government data and
services, and to recommend the prohibition or removal of certain infrastructure from
Government IT networks and communications if the NCSC determines that its presence
poses an unacceptable risk to the security of Government data.
Measure 8: The NCSC will develop a baseline security standard to be applied by all Government Departments and key agencies.
Actions for Delivery Timeline by
Quarter
Lead Key
Stakeholders
1 Design suitable minimum standard
for Government IT, in conjunction
with Government IT Security
Forum.
Q4 2021 NCSC/OGCIO/Govt
IT Forum
Government
Departments
and key
agencies
2 Develop detailed measures,
controls and implementation
procedures.
Q1 2022 NCSC/OGCIO/Govt
IT Forum
Government
Departments
and key
agencies
3 Draft guidance and support
materials for IT teams and Internal
Audit Units on compliance
assessment.
Q2 2022 NCSC/OGCIO/Govt
IT Forum
Government
Departments
and key
agencies
4 Support Government Departments
and Key Agencies in
implementation of the baseline
Ongoing NCSC/OGCIO/Govt
IT Forum
Government
Departments
and key
34
standard. agencies
5 Conduct assessment of the
implementation of the baseline
standard
Q4 2023 NCSC/OGCIO/Govt
IT Forum
Government
Departments
and key
agencies
Measure 9 The existing ‘Sensor’ Programme will be expanded to all Government Departments, and an assessment will be conducted by the same date as to the feasibility of expanding Sensor to cover all of Government networks.
Actions for Delivery Timeline by
Quarter
Lead Key
Stakeholders
1 Deploy Sensor on the IT infrastructure
of all 15 Government Departments.
Q4 2020 NCSC All
Government
Departments,
Gov IT
Security
Forum
2 Review costs and legal issues
associated with the application of
Sensor on Government Networks,
covering all of public sector ICT, and
bring outcome to Government for
decision.
Q4 2021 NCSC OGCIO, AGO,
D/PER
Measure 10: A Government IT Security forum will be created, open to all Heads of IT Security across Government, to facilitate information sharing on best practice for cyber security and to allow the NCSC support the deployment of the baseline security standard.
Actions for Delivery Timeline by
Quarter
Lead Key
Stakeholders
1 Resource the creation of Public Sector
IT Team in the NCSC, and establish
Terms of Reference for the Forum
Q1 2020 NCSC OGCIO, All
Government
Departments
2 Plan a briefing session for all Heads of
IT Security to outline the purpose of the
Q1 2020 NCSC OGCIO, All
Government
35
Security Forum Departments
3 Establish quarterly meetings of the
Forum and appoint a Chairperson and
Secretary
Q4 2020 NCSC OGCIO, All
Government
Departments
Measure 11: The NCSC will be tasked by Government to issue Recommendations with regard to the use of specific software and hardware on Government IT and telecommunications infrastructure.
Actions for Delivery Timeline by
Quarter
Lead Key
Stakeholders
1 Rationale and Terms of Reference
Prepared and brought to Government
for Agreement
Q3 2020 NCSC OGCIO,
AGS, DF,
NSAC
2 Entry into effect of NCSC
Recommendation Process
Q4 2020 NCSC OGCIO,
AGS, DF,
NSAC
36
8 Skills
8.1 State of Play A number of substantial skills gaps have emerged in cyber security, largely as a
consequence of its rapid development as a societal challenge. This skills gap is a global
issue, with upwards of 2 million unfilled cyber security vacancies worldwide in 2019. At a
national level, ensuring a ready supply of staff is critical to both preserving the ability to
secure our own infrastructure, and to be able to continue to attract and retain data heavy
investment. In turn, meeting this demand requires not only the training of new entrants but
the encouragement of cross training and upskilling from professionals in ICT and other
relevant sectors. In recent years Ireland has made important strides towards addressing and
improving skills, developing research capabilities and raising awareness of cyber security as
a career. However there remains a time lag between industry and academia in fast moving
sectors like this, and a need to ensure that graduates are leaving third level institutions with
the requisite skills for the employment requirements in industry.
The Government is seeking to address the growing demand for cyber security skills through
the implementation of Technology Skills 2022, the third ICT Skills Action Plan. Cyber
security was identified in the underlying research for the plan, undertaken by the Expert
Group on Future Skills Needs, as one of the key emerging fields that will drive the demand
for high level ICT skills in Ireland in the coming years. The cyber security skills agenda is
being advanced in the context of Technology Skills 2022 through a number of channels,
including Skillnet Ireland, the expansion of provision in higher education and the promotion
of ICT apprenticeships through SOLAS, the Further Education and Training Authority.
In October 2018, a new Cyber Security Skills Initiative was launched by Skillnet Ireland in
partnership with the NCSC, Garda National Cyber Crime Bureau, and other agencies and
third level institutions. The core aims of the initiative are to develop awareness, bridge the
skills gap and to set standards for skills and competencies for Cyber Security roles. The
three year plan is focused on building training and accreditation in the field to address skills
gaps, attracting more young people, and in particular women into the sector and promoting
Continuous Professional Development. Skillnet Ireland estimates that the initiative will
deliver Cyber Security training to in excess of 5,000 people in the industry over the next
three years. Also, the third level sector in Ireland has also begun to offer a significant
number of courses in cyber security, with at least 8 Masters level courses now on offer.
37
Developed by industry led consortia, apprenticeships combine both work-based and off the
job training while in employment. Approved by the Apprenticeship Council and funded under
the National Training Fund, apprenticeships provide a pathway to careers for school leavers,
jobseekers and those looking to change career. A 2 year Associate Professional in
CyberSecurity apprenticeship at QQI level 6 was launched in February 2019 with SAP as the
industry lead and Fastrack to Information Technology (FIT) as the coordinating provider.
Also, the third level sector in Ireland has also begun to offer a significant number of courses
in cyber security, with at least 8 Masters level courses now on offer. Cyber security
programmes are also being supported through the Springboard+ programme, which is
increasingly facilitating those already in employment to reskill into alternative roles or
occupations. This will be important with the rising demand for cyber security skillsets.
The Department of Business Enterprise and Innovation with the Department of the
Taoiseach launched Future Jobs Ireland in March 2019, a new multi-annual framework to
ensure our enterprises and workers are resilient and prepared for future challenges and
opportunities. Future Jobs Ireland will also ensure our enterprises and workers are well
positioned to adapt to the technological and other transformational changes our economy
and society will face in the years ahead. Although wide ranging in scope, one of the five
Pillars within Future Jobs Ireland is “Embracing Innovation and Technological Change”. The
framework recognises the need for new and diverse skillsets to meet our changing economy
and “exploit cutting edge technological areas such as Artificial Intelligence, Data Analytics,
the Internet of Things and Blockchain to facilitate and help companies co-innovate and
develop solutions”.
A series of ambitions and deliverables have been identified to achieve these aims including
increasing the capacity of SMEs to engage in research & development, providing high
quality education and training, encouraging lifelong learning, and enhancing participation in
apprenticeship programmes. A number of initiatives have already commenced under the
medium-term ambitions outlined in Future Jobs Ireland 2019. Each year Future Jobs Ireland
will set out new steps to deliver on these ambitions.
Key Developments
1. Technology Skills 2022 has been published and implemented.
2. Skillnet Ireland launched their Cyber Security Skills Initiative to deliver a broad
programme of initiatives in the field.
3. Fastrack to Information Technology have launched a Cyber Security Programme for
apprentices.
38
4. Government has launched Future Jobs Ireland, a multiannual framework for skills
and enterprise development, including the technology sector.
8.2 Objectives To invest in educational initiatives to prepare the workforce for advanced IT and
cybersecurity careers.
8.3 Measures Through the implementation of Technology Skills 2022, Future Jobs Ireland, and this
Strategy Government aims to ensure that the employment market has sufficient skilled and
trained staff to meet demands from employers.
12. Government will continue to ensure that second and third level training in computer science and cyber security is developed and deployed, including by supporting the work of Skillnets Ireland in developing training programmes for all educational levels and supporting SOLAS initiatives for ICT apprenticeship programmes in cyber security.
Government will continue to support the work of Skillnets Ireland in developing and
delivering training to private industry aimed to promote cyber workforce participation,
upskilling and general career development. The NCSC will provide assistance in
developing initiatives which encourage women into the cyber security field and
encourage participants from other disciplines to cross train.
13. Science Foundation Ireland (SFI) will promote cyber security as a career option in
schools and colleges by means of their Smart Futures Programme.
Smart Futures is a collaborative education programme run by Science Foundation
Ireland that provides second-level students in Ireland with information about careers in
Science, Technology, Engineering and Maths (STEM). SFI will develop a Cyber Security
component, using input from industry professionals, for inclusion in Smart Futures so
students remain aware of the wide range of career opportunities available in the field.
14. Science Foundation Ireland along with DBEI and DCCAE, will explore the feasibility through the SFI Research Programme, the Research Centre Spoke
39
programme or other enterprise partnership programmes to fund a significant initiative in Cyber Security Research.
This research centre would link scientists and engineers in partnership across academia
and industry to address crucial research questions.
Measure 12: Government will continue to ensure that second and third level training in computer science and cyber security is developed and deployed, including by supporting the work of Skillnets Ireland in developing training programmes for all educational levels and supporting SOLAS initiatives for ICT apprenticeship programmes in cyber security.
Actions for Delivery Timeline by
Quarter
Lead Key
Stakeholders
1 Provide support to initiatives under
Technology Skills 2022 including
development of Skillnets and ICT
apprenticeship initiatives
Ongoing DCCAE Skillnets,
SOLAS, DES
2 Add education and upskilling as a
standing item on the agenda of the Gov
IT Security Forum
Q2 2020 NCSC Gov IT
Security
Forum
3
Support the development of a Junior
Cycle short course in cyber security,
which will provide for the inclusion of
cyber security education in second level
Q4 2020 NCSC NCCA
4
Support initiatives which encourage
women into the cyber security field
Ongoing NCSC/DES Industry
Measure 13: Science Foundation Ireland (SFI) will promote cyber security as a career option in schools and colleges by means of their Smart Futures Programme.
Actions for Delivery Timeline by
Quarter
Lead Key
Stakeholders
1 NCSC to seek industry partners to
participate in Smart Futures
Q1 2020 NCSC SFI,Industry
2 NCSC will work with Smart Futures to
support initiatives which encourage
Q1-Q4 NCSC SFI
40
female students into the cyber security
field
Measure 14: Science Foundation Ireland along with DBEI and DCCAE, will explore the feasibility through the SFI Research Centre Programme, the Research Centre Spoke programme or other enterprise partnership programmes to fund a significant initiative in Cyber Security Research.
Actions for Delivery Timeline by
Quarter
Lead Key
Stakeholders
1 Issue calls to which cyber security
community can respond
Q4 2020 SFI NCSC,DBEI,
SFI
2 Assess proposals based on
independent international peer review.
Q1 2021 SFI NCSC,DBEI,
SFI
41
9 Enterprise Development
9.1 State of Play IDA Ireland has supported the establishment of the ‘Cyber Ireland’ Programme by Cork
Institute of Technology (CIT), to establish and grow an Irish Cyber Security Cluster in
Ireland. Cyber Ireland was officially launched on 20th May 2019 and is hosted by Cork
Institute of Technology (CIT). This national cluster aims to represent the needs of the sector
in Ireland and includes stakeholders from industry, academia and government. It will
encourage co-operation, raise awareness of education and career opportunities, drive
innovation and stimulate new business in the Cyber Security field. CIT has secured 2 years
funding from the IDA to facilitate the establishment of developing the cluster and has drafted
a 7 phase structured programme to achieve this aim. The development of Cyber Ireland is
included in Future Jobs Ireland 2019 underscoring the Government’s commitment to
developing the sector.
Key Developments
1. The Cyber Ireland Initiative has been launched, funded by the IDA, to assist in the
development of the sector in Ireland.
9.2 Objectives To raise awareness of the responsibilities of businesses around securing their networks,
devices and information and to drive research and development in cyber security in Ireland,
including by facilitating investment in new technology.
9.3 Measures
15. Government will continue to support and fully engage with the IDA funded Cyber Ireland Programme and explore new mechanisms to support Industry/Academia/ Government cyber security collaboration.
The NCSC, along with the IDA and Enterprise Ireland, will participate as active inaugural
board members of Cyber Ireland supporting their initiative of bringing together industry,
academia and government to enhance the cyber security environment in Ireland. Cyber
42
Ireland are actively involved in promoting education and skills, forums for
communications, attracting foreign direct investment and research and development.
16. Enterprise Ireland will develop a cyber security programme to facilitate
collaborative links between enterprise and the research community that lead to the practical application of research in business.
Consistent with Enterprise Ireland’s mission, Enterprise Ireland will leverage its sectoral
knowledge and experience of industrial-academic collaborative initiatives and engage
with the NCSC to explore opportunities to support economically beneficial cyber security
collaborative links between enterprise and the research community.
Measure 15: Government will continue to support and fully engage with the IDA funded Cyber Ireland Programme and explore new mechanisms to support Industry/Academia/Government cyber security collaboration.
Actions for Delivery Timeline by
Quarter
Lead Key
Stakeholders
1 Support given to Cyber Ireland in
developing a Cyber Security Cluster of
Industry, Academia and Government
Ongoing IDA Cyber
Ireland, EI,
NCSC, DBEI
Measure 16: Enterprise Ireland will develop a cyber security programme to facilitate collaborative links between enterprise and the research community that lead to the practical application of research in business.
Actions for Delivery Timeline by
Quarter
Lead Key
Stakeholders
1 Establish a National Cyber Security
Competence Centre
Q1 2021 NCSC NCSC, EI,
DBEI.
43
10 Engagement
10.1 State of Play Cyber security is inherently an international field, and has multiple implications for many
aspects of the State’s international engagement. We recognise the importance of cyber
security as a priority for foreign policy. Developments in this field have been an integral part
of foreign policy making in Ireland for some time already but there is a clear need to evolve
and develop that engagement, both in general and specifically across the European Union.
At a global level the last 10 years have been marked by a number of increasingly high profile
attacks and incidents, including attacks on electricity infrastructure in Ukraine in 2015 and
the ‘Wannacry2’ and ‘NotPetya’ incidents in 2017. These have brought with them a
reinvigorated debate about the role of States and the international community in moderating
State behaviour online, and as to the appropriate set of measures for countries to use within
their own territory to ensure the integrity and resilience of key systems.
A number of international organisations have brought forward initiatives to try and frame
these issues within existing international relations frameworks. The most notable of these
has been the UN Group of General Government Experts (or GGE). This was established in
2004 on the basis of discussions that had been underway since 1998, on the basis of
Resolution 53/70. In the period since 2004, there have been five separate iterations of the
GGE, with three agreeing on substantive reports, and two, including the most recent one in
2017 failing to reach agreement.
In late 2018, the UN adopted two new resolutions on cyber security matters. The first
established an open-ended working group, which convened initially in June 2019 and will
focus on raising awareness, building common understanding and advancing implementation
of previously agreed norms and principles of responsible State behaviour. The second
underlined the three successful GGE reports and called for the establishment of another
GGE, with a focus on the application of international law to cyberspace and advancing the
consensus on responsible State behaviour in cyberspace.
At a regional level, both the Organisation for Security and Cooperation in Europe (OSCE)
and the European Union has also played an increasingly progressive role in the area of
Cybersecurity. The OSCE has produced two sets set of draft confidence-building measures
(CBMs) in 2013 and 2016 to “enhance interstate co-operation, transparency, predictability,
and stability, and to reduce the risks of misperception, escalation, and conflict that may stem
from the use of ICTs”.
44
Key Developments
1. The UN adopted two new resolutions focusing on co-operation and building
awareness of cyber security matters.
2. The OSCE produced two sets of confidence building measures enhancing co-
operation and stability.
10.2 Objective To continue to engage with international partners and international organisations to ensure
that cyber space remains open, secure, unitary and free and able to facilitate economic and
social development.
10.3 Measures
17. We will reinforce Ireland’s diplomatic commitment to cyber security, including by stationing cyber attachés in key diplomatic missions and by engaging in sustainable capacity building in third countries.
Ireland will reinforce its diplomatic commitment to cyber security as part of the ‘Global
Ireland’ initiative, by assigning designated Cyber Attachés to key diplomatic missions.
Based on our support for an open, free, peaceful and secure cyberspace, we will
advocate for preventative diplomacy in our international engagement. We will support
international cooperation to combat cybercrime and promote formal and informal
cooperation in cyberspace, including by engaging in sustainable capacity building in
third countries. As part of our commitment to combatting cybercrime, we will ratify the
Budapest convention as early as practicable. The applicability of international law,
including international humanitarian law, and respect for human rights will guide our
international commitment to cybersecurity. We will provide sustainable capacity-building
support to developing countries and civil society actors and ensure we are fully aware of
potential human rights abuses, targeting of human rights defenders, and
monitoring/controlling ethnic minorities through technology.
18. We will create an interdepartmental group (IDG) on internet governance and international cyber policy to coordinate national positions across Departments.
45
We will create an Interdepartmental Group (IDG) on international cyber policy matters to
coordinate engagement on issues with a geopolitical dimension and to develop a
coordinated position on internet governance and cyber security matters.
19. We will deepen our existing engagement in international organisations, including by joining the Cyber Security Centre of Excellence (CCD-COE) in Tallinn, Estonia.
We will deepen our engagement in International Organisations in dealing with the full
range of issues arising under this Strategy. As such, Ireland will join and play a full part
in the Cyber Security Centre of Excellence (CCD-COE) in Tallinn, Estonia. This will
include the secondment, initially, of a member of the Defence Forces2 to the Centre in
due course. We will also fully support the UN processes in seeking to develop and
implement a framework for stability in cyberspace.
Measure 17: We will reinforce Ireland’s diplomatic commitment to cyber security, including by stationing cyber attachés in key diplomatic missions and by engaging in sustainable capacity building in third countries.
Actions for Delivery Timeline by
Quarter
Lead Key
Stakeholders
1 Appoint Cyber Attachés to key
Diplomatic Missions.
Q3 2020 DFAT NCSC
2 Ratify the Budapest Convention Q2 2021 D/Justice NCSC,
D/Taoiseach
3 Develop a sustainable capacity building
programme for developing countries
Q2 2021 DFAT,
NCSC
NCSC
Measure 18: We will create an interdepartmental group (IDG) on internet governance and international cyber policy to coordinate national positions across Departments.
Actions for Delivery Timeline by
Quarter
Lead Key
Stakeholders
1 Establish a IDG to coordinate on cyber
policy matters
Q2 2020 DFAT NCSC, All
Govt
2 While the initial deployment to the CCD-COE will be from the Defence Forces, the persons deployed
thereafter may be either civilian or military in accordance with the Government approval.
46
Departments
Measure 19: We will deepen our existing engagement in international organisations, including by joining the Cyber Security Centre of Excellence (CCD-COE) in Tallinn, Estonia.
Actions for Delivery Timeline by
Quarter
Lead Key
Stakeholders
1 Secondment of a member of DF to
CCD-COE
Q4 2020 NCSC DF,
D/Defence,
DFAT
47
11 Citizens
11.1 State of Play In terms of cyber security awareness, there have been a number of important national
initiatives over the last number of years, particularly in the educational system. To begin
with, Webwise, an internet safety initiative co-funded by the Department of Education and
Skills and operated by the Professional Development Service for Teachers (PDST)
Technology in Education, promotes the autonomous, effective, and safer use of the internet
by young people through a sustained information and awareness strategy targeting parents,
teachers, and children themselves with consistent and relevant messages including
guidance on acceptable usage in schools.
A range of resources have been developed including “UP2US”, “My Selfie and the wider
world” and “Lockers”; the online Parenting Hub: Webwise Parents; and ‘Be in Ctrl’, which
supports teachers to address the topic of online sexual coercion and extortion with their
students. In mid 2019, the ‘HTML Heroes’ resource was launched, which aims to assist and
support educators when teaching children aged 7–10 years about the safe and responsible
use of the Internet, including social media.
Smart Futures is coordinated by Science Foundation Ireland in partnership with
organisations and academia. The programme provides second-level school students in
Ireland with information about careers in science, technology, engineering and maths
(STEM). Smart Futures engages with guidance counsellors, teachers and industry to
develop resources and activities to stimulate interest in students. The Smart Futures website
provides information on the wide range of opportunities available such as courses,
apprenticeships, festival and events. In February 2019, Smart Futures launched a new
national campaign titled “I get paid to do this” in partnership with the Department of
Education and Skills. The campaign centres around an online resource of profiles on
professionals working in STEM related industries to give students insight into what they can
expect from a career in STEM and the diverse opportunities open to them.
The programme is currently being implemented by a Sponsors Group under the Chair of the
Department of Education & Skills. Enactment of the Online Safety Act which will set out how
we can ensure the further safety of children online has been brought forward. This will
involve, for the first time, setting a clear expectation for service providers to take reasonable
steps to ensure the safety of the users of their service.
48
Key Developments
1. Through a sustained information and awareness programme Webwise has provided
parents, teachers, and children with guidance on the safe use of the internet.
2. Smart Futures has been launched to provide second-level students with information
about careers in science, technology, engineering and maths related disciplines.
11.2 Objective To increase the general level of skills and awareness among private individuals around basic
cyber hygiene practices and to support them by means of information and training.
11.3 Measures By developing good cyber hygiene practices in the wider population we can create a more
secure society. Awareness of cyber risks is of particular importance in vulnerable parts of the
population.
20. Government will develop a national cyber security information campaign which will use information provided by the NCSC and the Garda National Cyber Crime Bureau and be delivered by entities which are directly engaged in information provision.
A National Cyber awareness campaign will be developed and delivered to the public.
This programme will harness the experience of the NCSC and the Garda National Cyber
Crime Bureau, and will be developed as a collaborative effort between multiple partners,
to include PDST and the Online Safety Commissioner. The aim of this campaign will be
to improve societal awareness around common cyber risks such as basic cyber hygiene
and social engineering. It will also facilitate more targeted awareness campaigns aimed
at vulnerable groups such as children and the elderly, including by the provision of
information to Webwise.
49
Measure 20: Government will develop a national cyber security information campaign which will use information provided by the NCSC and the Garda National Cyber Crime Bureau and be delivered by entities which are directly engaged in information provision.
Actions for Delivery Timeline by
Quarter
Lead Key
Stakeholders
1 Support the continued inclusion of
cyber security elements in Webwise
programmes
Q4 2020 DCCAE AGS, DES
2 Develop a public awareness campaign
to include information on cyber security
and cyber crime prevention.
Q1 2021 NCSC, Online
Safety
Commissioner
DCCAE,
AGS, DJE,
DES
50
12 Governance Framework and Responsibilities
12.1 Governance Structure Delivering the National Cyber Security Strategy will require a governance framework and
structure, both in terms of operational response and the overarching components of the
Strategy itself.
12.2 Delivery of the National Cyber Security Strategy The Cabinet Committee on Security will be the primary means of coordinating responses to
national security matters. However, a High Level Interdepartmental Committee will be
created, meeting twice a year, tasked with assessing and reporting on progress towards
meeting the Measures under this Strategy, and with agreeing any amendments to the
actions to be taken to meet these.
51
Appendix 1 List of Actions
National Capacity Development
Measure 1: The National Cyber Security Centre will be further developed, particularly with regard to expand its ability to monitor and respond to cyber security incidents and developing threats in the State.
Actions for Delivery Timeline by
Quarter
Lead Key
Stakeholders
1 Develop detailed technical and
organisational plan for the JSOC.
Q4 2020 NCSC DCCAE
2 Receive sanction for resourcing and staffing
for NCSC expansion
Q2 2021 NCSC DCCAE,
D/PER
3 Build prototype JSOC in interim facility Q4 2021 NCSC OPW, DCCAE
4 Commission Final JSOC Facility in NCSC
HQ
Q2 2023 NCSC OPW, DCCAE
Measure 2: Threat intelligence and analysis prepared by the National Cyber Security Centre will be integrated into the work of the National Security Analysis Centre.
Actions for Delivery Timeline by
Quarter
Lead Key
Stakeholders
1 Establish Formal Reporting and Information
Sharing arrangements with NSAC
Q1 2020 NCSC NSAC
52
Critical National Infrastructure Protection
Measure 3: The existing Critical Infrastructure Protection system flowing from the NIS Directive will continue to be deployed and developed, with particular focus on the ongoing compliance and audit programmes to mitigate risks to key services.
Actions for Delivery Timeline by
Quarter
Lead Key
Stakeholders
1 Complete first phase of Operators of
Essential Services (OES) Self-Assessment
against Security Control Framework
Q1 2020 NCSC Designated
OES
2 Commence Security Control Testing of
Operators of Essential Services (OES)
Q3 2020 NCSC Designated
OES
3 Reassess Register of Designated OES and
Security Guidelines
Q3 2020 NCSC
4 Security Control testing post incidents, and
ongoing audits of OES compliance
Ongoing NCSC Designated
OES
Measure 4: The NCSC, with the assistance of the Defence Forces and An Garda Síochána, will perform an updated detailed risk assessment of the current vulnerability of all Critical National Infrastructure and services to cyber attack.
Actions for Delivery Timeline by
Quarter
Lead Key
Stakeholders
1 Steering Group formed and terms of
reference for the review agreed
Q1 2020 NCSC AGS, DF,
NSAC, CBI,
COMREG,
CRU, IAA
2 Information gathering phase complete, and
methodology agreed
Q3 2020 NCSC AGS, DF,
NSAC, CBI,
COMREG,
CRU, IAA
3 Complete Assessment Process, including
international consultation and detailed
Q2 2021 NCSC AGS, DF,
NSAC, CBI,
53
assessment of cross sectoral
interdependencies.
COMREG,
CRU, IAA
4 Final Report and Recommendations
Complete
Q4 2021 NCSC AGS, DF,
NSAC, CBI,
COMREG,
CRU, IAA
Measure 5: The existing Critical National Infrastructure protection system will be expanded and deepened over the life of the Strategy to cover a broader range of Critical National Infrastructure, including aspects of the electoral system.
Actions for Delivery Timeline by
Quarter
Lead Key
Stakeholders
1 Draft Heads of Bill for Agreement by
Government
Q4 2021 DCCAE AGO
2 Drafting Process with AGO Q1 2022 DCCAE AGO
3 Oireachtas Process Q2 2022 DCCAE AGO,
Oireachtas
Measure 6: The existing information sharing groups operated by the National Cyber Security Centre will be further developed, with the existing Threat Sharing Group being broadened to include a wider range of critical national infrastructure.
Actions for Delivery Timeline by
Quarter
Lead Key
Stakeholders
1 Expand the current Threat Sharing Group
(TSG) representatives to include CNI, with
new Terms of Reference.
Q2 2020 NCSC AGS, DF, CNI
2 Refine existing arrangements with the
UK on information sharing and incident
response, with particular reference to
North-South critical infrastructure
protection
Q4 2020 NCSC OEP, CPNI
UK
54
Measure 7: Government will introduce a further set of compliance standards to support the cyber security of telecommunications infrastructure in the State.
Actions for Delivery Timeline by
Quarter
Lead Key
Stakeholders
1 Transposition of Directive 2018/1972 Q4 2020 DCCAE NCSC,
Comreg
2 Provision of Technical Support to Comreg Q4 2020 NCSC Comreg
3 Application of revised security measures Q1 2021 Comreg DCCAE,
NCSC,
Telecoms
Operators
Public Sector Data and Networks
Measure 8: The NCSC will develop a baseline security standard to be applied by all Government Departments and key agencies.
Actions for Delivery Timeline by
Quarter
Lead Key
Stakeholders
1 Design suitable minimum standard for
Government IT, in conjunction with
Government IT Security Forum.
Q4 2021 NCSC/OGCIO/Govt
IT Forum
Government
Departments
and key
agencies
2 Develop detailed measures, controls
and implementation procedures.
Q1 2022 NCSC/OGCIO/Govt
IT Forum
Government
Departments
and key
agencies
3 Draft guidance and support materials
for IT teams and Internal Audit Units on
compliance assessment.
Q2 2022 NCSC/OGCIO/Govt
IT Forum
Government
Departments
and key
agencies
4 Support Government Departments and
Key Agencies in implementation of the
baseline standard.
Ongoing NCSC/OGCIO/Govt
IT Forum
Government
Departments
and key
55
agencies
5 Conduct assessment of the
implementation of the baseline
standard
Q4 2023 NCSC/OGCIO/Govt
IT Forum
Government
Departments
and key
agencies
Measure 9: The existing ‘Sensor’ Programme will be expanded to all Government Departments, and an assessment will be conducted by the same date as to the feasibility of expanding Sensor to cover all of Government networks.
Actions for Delivery Timeline by
Quarter
Lead Key
Stakeholders
1 Deploy Sensor on the IT infrastructure of all
15 Government Departments.
Q4 2020 NCSC All
Government
Departments,
Gov IT
Security
Forum
2 Review costs and legal issues associated
with the application of Sensor on
Government Networks, covering all of
public sector ICT, and bring outcome to
Government for decision.
Q4 2021 NCSC OGCIO, AGO,
D/PER
Measure 10: A Government IT Security forum will be created, open to all Heads of IT Security across Government, to facilitate information sharing on best practice for cyber security and to allow the NCSC support the deployment of the baseline security standard.
Actions for Delivery Timeline by
Quarter
Lead Key
Stakeholders
1 Resource the creation of Public Sector IT
Team in the NCSC, and establish Terms of
Reference for the Forum
Q1 2020 NCSC OGCIO, All
Government
Departments
2 Plan a briefing session for all Heads of IT Q1 2020 NCSC OGCIO, All
56
Security to outline the purpose of the
Security Forum
Government
Departments
3 Establish quarterly meetings of the Forum
and appoint a Chairperson and Secretary
Q4 2020 NCSC OGCIO, All
Government
Departments
Measure 11: The NCSC will be tasked by Government to issue Recommendations with regard to the use of specific software and hardware on Government IT and telecommunications infrastructure.
Actions for Delivery Timeline by
Quarter
Lead Key
Stakeholders
1 Rationale and Terms of Reference
Prepared and brought to Government for
Agreement
Q3 2020 NCSC OGCIO, AGS,
DF, NSAC
2 Entry into effect of NCSC Recommendation
Process
Q4 2020 NCSC OGCIO, AGS,
DF, NSAC
Skills
Measure 12: Government will continue to ensure that second and third level training in computer science and cyber security is developed and deployed, including by supporting the work of Skillnets Ireland in developing training programmes for all educational levels and supporting SOLAS initiatives for ICT apprenticeship programmes in cyber security.
Actions for Delivery Timeline by
Quarter
Lead Key
Stakeholders
1 Provide support to initiatives under
Technology Skills 2022 including
development of Skillnets and ICT
apprenticeship initiatives
Ongoing DCCAE Skillnets,
SOLAS, DES
2 Add education and upskilling as a standing
item on the agenda of the Gov IT Security
Forum
Q2 2020 NCSC Gov IT
Security
Forum
57
3
Support the development of a Junior Cycle
short course in cyber security, which will
provide for the inclusion of cyber security
education in second level
Q4 2020 NCSC NCCA
4
Support initiatives which encourage women
into the cyber security field
Ongoing NCSC/DES/ Industry
Measure 13: Science Foundation Ireland (SFI) will promote cyber security as a career option in schools and colleges by means of their Smart Futures Programme.
Actions for Delivery Timeline by
Quarter
Lead Key
Stakeholders
1 NCSC to seek industry partners to
participate in Smart Futures
Q1 2020 NCSC SFI, Industry
2 NCSC will work with Smart Futures to
support initiative which encourage female
students into the cyber security field
Q1- Q4 NCSC SFI
Measure 14: Science Foundation Ireland along with DBEI and DCCAE, will explore the feasibility through the SFI Research Centre Programme, the Research Centre Spoke programme or other enterprise partnership programmes to fund a significant initiative in Cyber Security Research.
Actions for Delivery Timeline by
Quarter
Lead Key
Stakeholders
1 Issue calls to which cyber security
community can respond
Q4 2020 SFI NCSC,DBEI,
SFI
2 Assess proposals based on independent
international peer review.
Q1 2021 SFI NCSC,DBEI,SFI
58
Enterprise Development
Measure 15: Government will continue to support and fully engage with the IDA funded Cyber Ireland Programme and explore new mechanisms to support Industry/Academia/Government cyber security collaboration.
Actions for Delivery Timeline by
Quarter
Lead Key
Stakeholders
1 Support given to Cyber Ireland in
developing a Cyber Security Cluster of
Industry, Academia and Government
Ongoing IDA Cyber Ireland,
NCSC, EI,
DBEI
Measure 16: Enterprise Ireland will develop a cyber security programme to facilitate collaborative links between enterprise and the research community the leads to practical application of research in business.
Actions for Delivery Timeline by
Quarter
Lead Key
Stakeholders
1 Establish a National Cyber Security
Competence Centre
Q1 2021 NCSC NCSC, DBEI,
EI
Engagement
Measure 17: We will reinforce Ireland’s diplomatic commitment to cyber security, including by stationing cyber attachés in key diplomatic missions and by engaging in sustainable capacity building in third countries.
Actions for Delivery Timeline by
Quarter
Lead Key
Stakeholders
1 Appoint Cyber Attachés to Key Diplomatic
Missions.
Q3 2020 DFAT NCSC
2 Ratify the Budapest Convention Q2 2021 D/Justice NCSC,
D/Taoiseach
3 Develop a sustainable capacity building
programme for developing countries
Q2 2021 DFAT, NCSC NCSC
59
Measure 18: We will create an interdepartmental group (IDG) on internet governance and international cyber policy to coordinate national positions across Departments.
Actions for Delivery Timeline by
Quarter
Lead Key
Stakeholders
1 Establish a IDG to coordinate on cyber
policy matters.
Q2 2020 DFAT NCSC,, All
Gov
Departments
Measure 19: We will deepen our existing engagement in international organisations, including by joining the Cyber Security Centre of Excellence (CCD-COE) in Tallinn, Estonia.
Actions for Delivery Timeline by
Quarter
Lead Key
Stakeholders
1 Secondment of a member of DF to CCD-
COE
Q4 2020 NCSC DF,
D/Defence,
DFAT
Citizens
Measure 20: Government will develop a national cyber security information campaign which will use information provided by the NCSC and the Garda National Cyber Crime Bureau and be delivered by entities which are directly engaged in information provision.
Actions for Delivery Timeline by
Quarter
Lead Key
Stakeholders
1 Support the continued inclusion of
cyber security elements in Webwise
programmes
Q4 2020 DCCAE AGS, DES
2 Develop a public awareness campaign to
include information on cyber security and
cyber crime prevention.
Q1 2021 NCSC, Online
Safety
Commissioner
DCCAE, AGS,
DJE, DES
Straitéis Náisiúnta Cibearshlándála 2019-2024
Clár na nÁbhar Achoimre Fheidhmeach ........................................................................................................ 3
Bearta ................................................................................................................................... 5
1 Réamhrá ........................................................................................................................ 8
2 Fís................................................................................................................................ 11
3 Cuspóirí ....................................................................................................................... 12
4 Riosca agus an tSochaí Faisnéise ............................................................................... 13
4.1. Rioscaí Straitéiseacha ........................................................................................ 13
4.2. Bagairtí Hibrideacha ........................................................................................... 14
4.3. Rioscaí don Bhonneagar Náisiúnta Criticiúil agus do Chórais agus Sonraí na
hEarnála Poiblí ................................................................................................................ 15
4.4. Saoránaigh agus Gnó ......................................................................................... 18
5 Forbairt Náisiúnta Cumais ............................................................................................ 19
5.1. An Cás Mar Atá................................................................................................... 19
5.2. Cuspóir ............................................................................................................... 23
5.3. Bearta ................................................................................................................. 23
6 Cosaint Bonneagar Náisiúnta Criticiúil ......................................................................... 26
6.1. An Cás Mar Atá................................................................................................... 26
6.2. Cuspóir ............................................................................................................... 28
6.3. Bearta ................................................................................................................. 28
7 Sonraí agus Líonraí na hEarnála Poiblí ........................................................................ 33
7.1. An Cás Mar Atá................................................................................................... 33
7.2. Cuspóir ............................................................................................................... 34
7.3. Bearta ................................................................................................................. 34
8 Scileanna ..................................................................................................................... 38
8.1. An Cás Mar Atá................................................................................................... 38
8.2. Cuspóirí .............................................................................................................. 40
2
8.3. Bearta ................................................................................................................. 40
9 Forbairt Fiontar ............................................................................................................ 44
9.1. An Cás Mar Atá................................................................................................... 44
9.2. Cuspóirí .............................................................................................................. 44
9.3. Bearta ................................................................................................................. 44
10 Rannpháirtíocht ......................................................................................................... 46
10.1. An Cás Mar Atá................................................................................................... 46
10.2. Cuspóir ............................................................................................................... 47
10.3. Bearta ................................................................................................................. 47
11 Saoránaigh ................................................................................................................ 50
11.1. An Cás Mar Atá................................................................................................... 50
11.2. Cuspóir ............................................................................................................... 51
11.3. Bearta ................................................................................................................. 51
12 Creat Rialachais agus Freagrachtaí .......................................................................... 53
12.1. Struchtúr Rialachais ............................................................................................ 53
12.2. An Straitéis Náisiúnta Cibearshlándála a Chur ar Fáil ......................................... 53
Aguisín 1 Liosta Gníomhartha ............................................................................................. 54
3
Achoimre Fheidhmeach Tá Éire rangaithe i measc na bpríomh-Bhallstát AE chomh fada is a bhaineann le roghnú
agus úsáid teicneolaíochtaí digiteacha. Cosúil leis an gcuid eile den domhan forbartha, tá ról
lárnach ag na teicneolaíochtaí seo i dtacú leis an saol geilleagrach agus sóisialta, agus an
saol sin a éascú. Chomh maith leis sin, bhain Éire tairbhe shuntasach i dtéarmaí
geilleagracha as forbairt éiceachóras domhanda sonraí; chinntigh ár suíomh geografach,
geilleagar oscailte agus ballraíocht AE go bhfuilimid ag déileáil le líon suntasach sonraí agus
gníomhaíochta geilleagraí.
É sin ráite, chiallaigh forbairt agus úsáid leanúnach an Idirlín agus na gléasanna nasctha a
bhaineann leis go bhfuil daoine ag brath níos mó ná riamh ar na córais seo. De bhrí go bhfuil
daoine ag brath chomh mór sin ar na córais seo, tá tacar casta agus forbarthach rioscaí
cruthaithe, cuid acu a eascraíonn as fabhtanna i ndearadh nó in oibriú na gcóras, rud is cúis
le caillteanas seirbhíse gan choinne. Eascraíonn cuid eile fós as iarmhairt gníomhartha atá á
ndéanamh d’aon turas ag grúpaí eagraithe, Náisiúnstáit san áireamh, atá ag iarraidh na
córais seo a threascairt nó a chur i mbaol le haghaidh cúiseanna éagsúla. D’fhéadfadh go
mbeadh na córais seo á gcur i mbaol trí ghoid nó scriosadh sonraí nó airgid, agus trí chur
isteach ar nó scriosadh fisiciúil seirbhísí nó bonneagair. Dá réir sin, tá tacar iarmhairtí casta
agus idirghaolmhara ag na rioscaí seo do Stáit, idir cosaint sonraí saoránach, agus cosaint
príomhbhonneagair agus príomhsheirbhísí.
Go minic, deirtear gurb éard atá i gceist le Cibearshlándáil modh chun rúndacht, sláine,
údaracht agus infhaighteacht líonraí, gléasanna agus sonraí a chinntiú. De réir mar a éiríonn
córais líonra agus faisnéise níos leabaite agus níos casta, áfach, éiríonn sé níos tábhachtaí
agus níos deacra iad seo a choinneáil slán go comhuaineach. Cé gur fhorbair na freagairtí
seo go tapa mar iarracht coinneáil suas leis na forbairtí teicneolaíocha agus margaidh, tá an
próiseas seo i bhfad níos dúshlánaí mar gheall ar nádúr dinimiciúil na bhforbairtí, i dtéarmaí
na teicneolaíochta agus i dtéarmaí na timpeallachta domhanda straitéisí.
Chomhaontaigh agus d’fhoilsigh an Rialtas an chéad Straitéis Náisiúnta Cibearshlándála in
Éirinn i mí Iúil 2015. Leagadh amach ann treochlár d’fhorbairt an Lárionaid Náisiúnta
Cibearshlándála (LNCS) agus sraith beart chun sonraí agus líonraí Rialtais, agus bonneagar
náisiúnta criticiúil a chosaint. Tá fás suntasach tagtha ar scála agus ar acmhainn LNCS ó
shin, agus tugadh isteach Treoir an AE maidir le Slándáil Líonra agus Faisnéise 2016/1148
(Treoir NIS), tacar suntasach beart chun tacú le Ranna agus le Gníomhaireachtaí Rialtais a
gcórais a bhainistiú. Os a choinne sin, tá thart ar 70 oibreoir bonneagar náisiúnta criticiúil
ainmnithe go dleathach, agus tá siad faoi réir ceanglas ceangailteach slándála agus
4
ceanglas ceangailteach maidir le fógairt teagmhas. I dteannta a chéile, ciallaíonn siad seo
go bhfuil an Stát agus na hoibreoirí bonneagar náisiúnta critiúil ullmhaithe níos fearr chun
déileáil le rioscaí cibearshlándála ná mar a bhí roimhe seo.
Tá an earnáil teicneolaíochta an-dinimiciúil, agus is cosúil go bhfuil neart forbairtí nua ar na
bacáin, bunaithe ar líonraí fíorúlaithe a bhfuil ardphrótacail chumarsáide (cosúil le 5G),
Intleacht Shaorga agus Idirlíon na nEarraí, in úsáid acu. Dá réir sin, is cosúil go mbeidh raon
leathan cásanna úsáide luaite leis na forbairtí athchúrsacha nasctha seo, rud a chiallaíonn
go mbeidh níos mó tionchair acu ar shaol saoránach agus ar an bpríomhbhonneagar a bhfuil
seirbhísí ag brath air. Sa bhreis air sin, ciallaíonn nádúr bogearraí-bhunaithe na
teicneolaíochta seo gur dócha go mbeidh gá le huirlisí nua rialála agus rialachais lena
chinntiú go bhfuil sonraí agus seirbhísí seasmhach agus slán.
Ar aon dul leis na forbairtí seo, d’fhorbair an tionscal domhanda atá ag soláthar táirgí agus
seirbhísí a bhfuil sé mar aidhm aige córais agus bonneagar digiteach a choimeád slán. Tá
os cionn 6,500 duine fostaithe san earnáil cibearshlándála in Éirinn, agus is cuid
thábhachtach den earnáil teicneolaíochta é an tionscadal anseo cheana féin, ina cháil féin
agus mar chumasóir le haghaidh infheistíochta in earnálacha gaolmhara anseo. Is
dlúthchuid d’fhás geilleagrach amach anseo agus poist ardluacha é an rath seo a
chothabháil agus cur leis, mar aon lena chinntiú gur ann d’éiceachóras cibearshlándála sa
Stát ag a bhfuil mais chriticiúil oiriúnach.
Is próiseas leanúnach freisin é comhtháthú teicneolaíochtaí digiteacha ag leibhéal náisiúnta,
próiseas a bhfuil neart gníomhaíochta Rialtais déanta ina leith. Tá Straitéis TFC na
Seirbhíse Poiblí 2015 méadaithe ag ‘Ár Seirbhís Phoiblí 2020’, creat beartais nua atá
deartha chun cur leis na hathchóirithe roimhe seo agus ag an am céanna scóip an leasaithe
chun díriú ar chomhoibriú, nuálaíocht agus meastóireacht a leathnú. Ag leibhéal náisiúnta,
cinnteoidh an Plean Náisiúnta Leathanbhanda go mbeidh rochtain ag breis is leathmhilliún
duine ar leathanbhanda ardluais den chéad uair, agus leagfar amach sa Straitéis Náisiúnta
Dhigiteach atá le foilsiú conas a bhfuil sé beartaithe ag an Rialtas a chinntiú gur féidir le
gach duine tairbhe a bhaint as na buntáistí a bhaineann le digitiú. I dteannta a chéile,
leanfaidh siad seo le héifeachtaí dearfacha a bheith acu ar fhás geilleagrach, cothromaíocht
réigiúnach agus deis don duine aonair; baineann riosca áirithe le digitiú freisin, áfach.
Leagtar amach sa Straitéis seo conas a rachaidh Éire i ngleic leis na dúshláin seo, agus
conas a bhfuil sé beartaithe againn tairbhe a bhaint as na deiseanna fiontraíochta agus
cruthaithe fostaíochta a eascróidh as na forbairtí domhanda teicneolaíocha seo. Leagtar
amach sa Straitéis seo tacar beart atá deartha chun déileáil le roinnt de na dúshláin chasta a
bhaineann le líon na ndaoine atá fostaithe san earnáil seo a chothabháil agus a fhorbairt.
5
Ar deireadh, tá gnéithe tábhachtacha idirnáisiúnta ag baint le forbairt na slándála líonra agus
faisnéise freisin, i dtéarmaí lárnacht an rialachais Idirlín agus, níos tábhachtaí fós, sa sféar
ginearálta taidhleoireachta. Is saincheist caidreamh idirnáisiúnta den chéad sraith é
Cibearshlándáil; leagtar síos sa Straitéis seo conas a leanfaidh Éire le ról a bheith aici sa
timpeallacht seo a mhúnlú ag leibhéal domhanda.
Bearta Cuirfidh an Rialtas, sa tréimhse 2019-2024, na bearta córasacha seo a leanas i bhfeidhm
chun ár náisiún a chosaint, ár n-earnáil cibearshlándála a fhorbairt, agus ár rannpháirtíocht
idirnáisiúnta maidir le todhchaí an Idirlín a fhorbairt.
1 Déanfar tuilleadh forbartha ar an Lárionad Náisiúnta Cibearshlándála, go háirithe
ag féachaint dá chumas monatóireacht a dhéanamh ar agus freagairt do
theagmhais chibearshlándála agus bagairtí atá ag forbairt sa Stát.
2 Comhtháthófar faisnéis agus anailís bhagartha ullmhaithe ag an Lárionad Náisiúnta
Cibearshlándála le hobair an Ionaid Náisiúnta um Anailís Slándála.
3 Leanfar leis an gcóras reatha do Chosaint an Bhonneagair Náisiúnta Chriticiúil
bunaithe ar an Treoir NIS a úsáid agus a fhorbairt, agus leagfar béim ar leith ar
chláir leanúnacha chomhlíontachta agus iniúchta chun rioscaí do phríomhsheirbhísí
a mhaolú.
4 Déanfaidh LNCS, le cúnamh ó na Fórsaí Cosanta agus An Garda Síochána,
measúnú riosca mionsonraithe nuashonraithe ar leochaileacht reatha gach
Bonneagar Náisiúnta Criticiúil agus seirbhísí do chibirionsaí.
5 Forbrófar agus leathnófar córas cosanta reatha an Bhonneagair Náisiúnta Chriticiúil
thar shaolré na Straitéise chun raon níos leithne de Bhonneagar Náisiúnta Criticiúil
a chur san áireamh, lena n-áirítear gnéithe den chóras toghcháin.
6 Déanfar tuilleadh forbartha ar na grúpaí comhroinnte faisnéise atá á n-oibriú ag an
Ionad Náisiúnta Cibearshlándála cheana féin, agus leathnófar an Grúpa
Comhroinnte Bagartha atá ann cheana féin chun raon níos leithne de Bhonneagar
Náisiúnta Criticiúil a chur san áireamh.
7 Bunóidh an Rialtas tacar breise de chaighdeáin chomhlíontachta chun tacú le
cibearshlándáil an bhonneagair teileachumarsáide sa Stát.
8 Forbróidh LNCS caighdeán slándála bonnlíne atá le cur i bhfeidhm ag gach Roinn
Rialtas agus príomhghníomhaireacht.
6
9 Cuirfear an Clár ‘Sensor’ reatha i bhfeidhm i ngach Roinn Rialtais, agus déanfar
measúnú ar an bhféidearthacht a bhaineann le Sensor a chur i bhfeidhm i ngach
líonra Rialtais.
10 Cruthófar Fóram Slándála TF an Rialtais, a mbeidh cead ag Ceannasaithe
Shlándáil TF ar fud an Rialtais a bheith páirteach ann, chun comhroinnt faisnéise
maidir le dea-chleachtas le haghaidh cibearshlándáil a éascú agus chun cead a
thabhairt do LNCS tacú le húsáid a bhaint as an gcaighdeán slándála bonnlíne.
11 Éileoidh an Rialtas ar LNCS moltaí a eisiúint ag féachaint d’úsáid bogearraí agus
crua-earraí sonracha ar bhonneagar TF agus teileachumarsáide an Rialtais.
12 Leanfaidh an Rialtas lena chinntiú go bhfuil oiliúint dara agus tríú leibhéal san
eolaíocht ríomhaireachta agus sa chibearshlándáil á forbairt agus á húsáid, lena n-
áirítear trí thacú leis an obair atá ar bun ag Skillnet Ireland chun cláir oiliúna a
fhorbairt do gach leibhéal oideachais agus chun tacú le tionscnaimh SOLAS do
chlár TFC printíseachta i gcibearshlándáil.
13 Déanfaidh Fondúireacht Eolaíochta Éireann (SFI) cibearshlándáil a chur chun cinn
mar rogha gairme i scoileanna agus i gcoláistí tríd an gClár Smart Futures.
14 Déanfaidh Fondúireacht Eolaíochta Éireann, i dteannta le RGFN agus RCGAC,
scrúdú ar an bhféidearthacht trí Chlár Ionad Taighde SFI, clár Spoke an Ionaid
Taighde nó cláir chomhpháirtíochta fiontair eile, chun tionscnamh suntasach i
réimse an Taighde Cibearshlándála a mhaoiniú.
15 Leanfaidh an Rialtas ag tacú le agus le rannpháirtíocht iomlán le Clár Cyber
Ireland, clár atá á mhaoiniú ag an IDA, agus scrúdóidh sé meicníochtaí nua chun
tacú le comhoibriú cibearshlándála Tionscail/Acadúil/Rialtais.
16 Forbróidh Fiontraíocht Éireann clár cibearshlándála chun naisc chomhoibríocha a
éascú idir lucht fiontar agus an pobal taighde, na daoine a bheidh i gceannas ar
chur chun feidhme praiticiúil taighde i ngnó.
17 Neartófar tiomantas taidhleoireachta na hÉireann do chibearshlándáil, lena n-
áirítear cibear-attachés a bhunú i bpríomh-mhisin taidhleoireachta agus trí pháirt a
ghlacadh i bhforbairt acmhainní inbhuanaithe i dtríú tíortha.
18 Cruthóimid grúpa idir-rannach (GIR) maidir le rialachas Idirlín agus cibirbheartais
idirnáisiúnta chun seasamh náisiúnta a chomhordú i Ranna.
19 Cuirfimid lenár rannpháirtíocht reatha le heagraíochtaí idirnáisiúnta, lena n-áirítear
7
trí bheith páirteach san Ionad Barr Feabhais Cibearshlándála (CCD-COE) i
dTaillinn, san Eastóin.
20 Forbróidh an Rialtas feachtas náisiúnta faisnéise cibearshlándála a úsáidfidh
faisnéis a bheidh curtha ar fáil ag LNCS agus Biúró Cibearchoireachta Náisiúnta an
Gharda Síochána, agus beidh eintitis a bhfuil baint dhíreach acu le soláthar
faisnéise i mbun reáchtáil an fheachtais.
Tá plean cur feidhme mionsonraithe gníomhartha a bhaineann leis na bearta seo, lena n-
áirítear amlínte agus eagraíochtaí freagracha, leagtha amach san Iarscríbhinn tionlacain.
8
1 Réamhrá Tá Éire rangaithe i measc na bpríomh-Bhallstát AE chomh fada is a bhaineann le roghnú
agus úsáid teicneolaíochtaí digiteacha (7 as 28 Ballstát den Aontas Eorpach in Innéacs
Geilleagair Dhigitigh agus Sochaí Digití (DESI) an Choimisiúin Eorpaigh 2019). Go
praiticiúil, ciallaíonn sé seo go raibh ról lárnach ag an Idirlíon agus ag an éagsúlacht mhór
teicneolaíochta agus gléasanna atá nasctha leis inár rath geilleagrach a sholáthar agus a
chumasú. Os a choinne sin, cheadaigh siad feabhas suntasach ar tháirgiúlacht agus ar
cháilíocht na beatha, agus breis éifeachtúlachta agus inbhuanaitheachta in úsáid acmhainní.
Ag an am céanna, áfach, baineann tacar leabaithe rioscaí agus leochaileachtaí leis na
teicneolaíochtaí seo. Is saincheist dhinimiciúil é seo; éiríonn rudaí níos casta agus níos
dúshlánaí de réir mar a bhíonn córais níos leabaithe, nasctha leis an Idirlíon, agus
comhtháite i mbeagnach gach gné dár saol.
Baineann fíorthábhacht le déileáil leis an dúshlán seo cheana féin, i dtéarmaí seasmhacht
príomhbhonneagair agus príomhsheirbhísí agus cumas an Stáit teagmhais a bhainistiú agus
freagairt dóibh, ar mhaithe le leas sóisialta agus geilleagrach an Stáit agus an phobail. Níl an
tasc seo simplí. Tá sraith chasta saincheisteanna nach mór déileáil leo i gceist le
cibearshlándáil. Tá ról ag teicneolaíochtaí Idirlíon-chumasaithe agus nasctha i ngach gné
dár saol, ag leibhéal pearsanta agus chomh fada is a bhaineann leis na seirbhísí a bhfuilimid
ag brath orthu a chur ar fáil. Ciallaíonn éagsúlacht na n-earnálacha éagsúla seo, le
samhlacha agus teicneolaíochtaí úinéireachta difriúla, nach bhfuil aon samhail nó réiteach
amháin ann, teicniúil nó eile, a bheidh oiriúnach do gach earnáil. Nuair atá freagairt náisiúnta
á forbairt, tá gá le cur chuige dinimiciúil agus solúbtha, freagairt ina gcuirtear réitigh dhifriúla
i bhfeidhm de réir nádúr na hearnála agus an riosca don tsochaí, do shaol an duine, agus
don gheilleagar.
Tá impleachtaí suntasacha geopholaitiúla ag nádúr domhanda an Idirlín freisin - tá
bonneagar de chineál ar bith atá nasctha leis an Idirlíon leochaileach do bhagairtí ó áit ar
bith ar domhan. Dá réir sin, tá athrú tagtha ar gheografaíocht na slándála náisiúnta, agus tá
roinnt cruacheisteanna náisiúnta maidir le beartas slándála le freagairt ag Éire. Ar an gcéad
dul síos, bainistíocht dhomhanda an Idirlín, conas a bhfuil an tIdirlíon á rialú agus conas a
iompraíonn agus a ngníomhaíonn Stáit, arb ionann é agus príomhábhar imní náisiúnta
anois. Ar an dara dul síos, ní mór déileáil ar bhealach difriúil le slándáil gach próiseas,
seirbhís agus píosa bonneagair in Éirinn, ón bpróiseas toghcháin go dtí an bonneagar
míleata agus slándáil shonraí na hearnála poiblí, mar go bhfuil siad ar fad, go pointe áirithe,
ag brath ar ghléasanna nasctha agus is féidir díriú orthu ó áit ar bith ar fud an domhain. Ar
deireadh, tá athrú suntasach tagtha ar nádúr ár ngeilleagair. Is in Éirinn atá, de réir roinnt
9
meastachán, breis is 30% de shonraí uile an AE, agus Ceanncheathrú Eorpach go leor de
na cuideachtaí teicneolaíochta is mó ar domhan. Dá réir sin, tá ár rath geilleagrach nasctha
go dlúth lenár gcumas leanúnach timpeallacht shlán a chur ar fáil do na cuideachtaí seo
ionas gur féidir leo oibriú anseo.
Dá réir sin, baineann fíorthábhacht le slándáil ár gcóras líonra agus faisnéise d’fhorbairt
leanúnach gheilleagrach agus shóisialta shochaí na hÉireann. Mar thoradh ar an gcéad
Straitéis Náisiúnta Cibearshlándála, a foilsíodh in 2015, bunaíodh Lárionad Náisiúnta
Cibearshlándála feidhmiúil agus forbarthach, agus forbraíodh tacar cuimsitheach beart
bunaithe ar phríomhbhonneagar náisiúnta criticiúil agus slándáil chórais agus shonraí
Rialtais a chosaint. Bunaithe ar nádúr forbarthach na bagartha agus castacht na gcóras,
glactar le peirspictíocht níos leithne sa Straitéis seo agus leagtar amach sraith beart atá níos
forbartha ná mar atá sonraithe i Straitéis 2015. Ina theannta sin, cuimsítear sna bearta seo
tacar níos leithne saincheisteanna ná roimhe seo; baineann dúshláin le scileanna, forbairt
fiontar agus taighde a éilíonn gníomhartha sonracha.
Bhí an próiseas a bhain leis an Straitéis seo a fhorbairt á bhainistiú ag Grúpa Stiúrtha
Ardleibhéil, faoi chathaoirleacht na Roinne Cumarsáide, Gníomhaithe ar son na hAeráide
agus Comhshaoil, le hionadaíocht ó Roinn an Taoisigh, an Roinn Gnóthaí Eachtracha agus
Trádála, an Roinn Gnóthaí Fostaíochta agus Coimirce Sóisialaí, an Roinn Cosanta, Oifig
Phríomh-Oifigeach Faisnéise an Rialtais, an Roinn Dlí agus Cirt agus Comhionannais, agus
an Roinn Gnó, Fiontar agus Nuálaíochta.
Bhí an próiseas á threorú ag tacar meicníochtaí comhairliúcháin chomh maith. Ar an gcéad
dul síos, tugadh tacar de chúig ghrúpa shonracha rannpháirtíochta earnála le chéile, ar a
raibh páirtithe leasmhara as ar fud na hearnála poiblí agus príobháidí. Rinne na grúpaí seo
ionadaíocht ar Shlándáil agus Póilíneacht Náisiúnta, Forbairt Fiontar, Scileanna agus
Taighde, Slándáil TFC na hEarnála Poiblí agus Cosaint an Bhonneagair Náisiúnta Chriticiúil,
agus dearadh iad lena chinntiú go raibh an Straitéis cuimsitheach agus go raibh léargas á
thabhairt inti ar an raon éagsúil saincheisteanna nach mór déileáil leo. Tionóladh na grúpaí
seo faoi dhó, uair amháin roimh an gcomhairliúchán poiblí lena chinntiú go raibh an
doiciméad agus na ceisteanna comhairliúcháin oiriúnach, agus chun na hábhair bhunúsacha
atá ag déanamh imní do gach earnáil a shainaithint. Reáchtáladh an dara cruinniú nuair a
bhí an comhairliúchán poiblí dúnta, agus cuireadh an toradh in iúl do na grúpaí, mar aon leis
an toradh a rabhthas ag súil leis a bheadh ag an Straitéis. Sholáthair na grúpaí seo fóram
ina bhféadfadh rannpháirtithe tuairimí, ábhair imní agus smaointe a chur in iúl go héasca,
fóram a bhí an-luachmhar chomh fada is a bhain leis an Straitéis a fhrámú agus a chur i
gcomhthéacs, agus réitigh ar roinnt de na dúshláin atá le sárú a shainaithint.
10
Reáchtáladh comhairliúchán poiblí idir Márta agus Bealtaine 2019, agus foilsíodh dréacht
achomair den straitéis mar chuid de phróiseas comhairliúcháin phoiblí a raibh sé mar aidhm
leis tuairimí an phobail agus an tionscail trí chéile a bhailiú. Bhí 30 lá oibre ag baill den
phobal chun aighneachtaí a dhéanamh faoi dhréacht achomair na straitéise, agus fuarthas
47 aighneacht ar fad. Ina dhiaidh sin, rinne an Grúpa Stiúrtha agus na cúig ghrúpa
shonracha rannpháirtíochta earnála na haighneachtaí seo a mheas, agus rinneadh na
bearta molta a asbhaint agus a tháblú chun breis anailíse a dhéanamh. San áireamh san
anailís seo freisin bhí measúnú ar bhreis is 30 straitéis náisiúnta as ar fud na hEorpa agus
níos faide ó bhaile, mar aon le doiciméid dea-chleachtais ó chomhlachtaí cosúil le OECD
agus ENISA.
11
2 Fís Is í an fhís atá againn gur féidir le sochaí na hÉireann leanúint ar aghaidh ag baint tairbhe
go sábháilte as an réabhlóid dhigiteach agus ról iomlán a ghlacadh i múnlú thodhchaí an
Idirlín. Chuige sin, déanfaimid an méid seo a leanas:
Cosnóimid an Stát, agus a phobal agus an bonneagar náisiúnta criticiúil ó bhagairtí
sa réimse cibearshlándála ar bhealach dinimiciúil agus solúbtha, agus ar bhealach a
léiríonn meas iomlán ar chearta daoine agus a chinntíonn cothromaíocht
chomhréireach idir rioscaí agus costais.
Forbróimid cumas an Stáit, institiúidí taighde, gnóthaí, na hearnála poiblí agus
daoine chun na dúshláin atá os ár gcomhair sa réimse seo a thuiscint agus a
bhainistiú níos fearr, agus lena chinntiú gur féidir le gnóthaí agus le daoine aonair
leanúint le tairbhe a bhaint as na deiseanna geilleagracha agus fostaíochta a
bhaineann leis an teicneolaíocht faisnéise, agus go háirithe leis an gcibearshlándáil.
Beimid rannpháirteach ar bhonn straitéiseach go náisiúnta agus go hidirnáisiúnta,
agus tacóimid le cibearspás saor, oscailte, síochánta agus slán, agus cinnteoimid gur
gné lárnach é cibearshlándáil dár seasamh taidhleoireachta sa raon rannpháirtíochta
trí chéile.
12
3 Cuspóirí
Leanúint le cumas an Stáit freagairt do agus bainistíocht a dhéanamh ar theagmhais
chibearshlándála a fheabhsú, lena n-áirítear iad siúd le comhpháirt slándála
náisiúnta.
An bonneagar náisiúnta criticiúil a shainaithint agus a chosaint trína sheasmhacht do
chibirionsaí a mhéadú agus trína chinntiú go bhfuil pleananna oiriúnacha freagartha
teagmhas bunaithe ag oibreoirí seirbhísí bunriachtanacha chun aon chur isteach ar
sheirbhísí a laghdú agus a bhainistiú.
Seasmhacht agus slándáil chórais TF na hearnála poiblí a fheabhsú chun na sonraí
agus na seirbhísí a mbraitheann daoine orthu a chosaint ar bhealach níos fearr.
Infheistiú i dtionscnaimh oideachais chun an lucht oibre a ullmhú le haghaidh
gairmeacha TF agus cibearshlándála.
Feasacht a mhúscailt faoi fhreagrachtaí gnóthaí maidir le slándáil a líonraí,
gléasanna agus faisnéis, agus dlús a chur faoi thaighde agus forbairt sa
chibearshlándáil in Éirinn, lena n-áirítear infheistíocht i dteicneolaíocht nua a éascú.
Leanúint le rannpháirtíocht le comhpháirtithe idirnáisiúnta agus le heagraíochtaí
idirnáisiúnta lena chinntiú go bhfuil an cibearspás oscailte, slán, aonadach, saor agus
in ann forbairt gheilleagrach agus shóisialta a éascú.
Cur leis an leibhéal ginearálta scileanna agus feasachta i measc daoine maidir le
cleachtais bhunúsacha chibearshláinteachais agus tacú leo trí fhaisnéis agus trí
oiliúint.
13
4 Riosca agus an tSochaí Faisnéise Ó laethanta tosaigh ‘Arpanet’ sna Stáit Aontaithe sna 1960idí, dearadh an tIdirlíon mar
chóras oscailte a cheadaigh d’aon phointe ar líonra teachtaireachtaí a fháil ó aon phointe
eile, agus a cheadaigh d’fhaisnéis bealaí iolracha ó phointe amháin go dtí pointe eile a
aimsiú. D’ainneoin go bhfuil na billiúin gléasanna nasctha anois nasctha le líonra a théann
mórthimpeall an domhain, tá an bunphrionsabal sin fós i gceist, agus go deimhin bhí ról
lárnach aige i bhforbairt thapa an Idirlín agus an úsáid atá á baint ag an duine as.
É sin ráite, áfach, éascaíonn an oscailteacht seo agus an éascaíocht a bhaineann le
nascadh úsáid a bhaint as an líonra le haghaidh gníomhaíochtaí mailíseacha. Le himeacht
ama, agus de réir mar a d’éirigh an tIdirlíon níos tábhachtaí, tá forbairt tagtha ar raon agus
tionchar féideartha a leithéid de ghníomhartha, rud a chiallaíonn go bhfuil raon leathan de
rioscaí nua d’fheidhmeanna criticiúla sóisialta agus geilleagracha le cur san áireamh.
Déantar cur síos sa Rannóg seo ar na príomhrioscaí atá ann d’Éirinn.
4.1. Rioscaí Straitéiseacha Ag leibhéal an-ard, cruthaíonn forbairtí i gcibearshlándáil dhá dhúshlán bhunúsacha
d’Éirinn. Ar an gcéad dul síos, ciallaíonn nádúr neamhspásúil an Idirlín go bhfuil an Stát i
mbaol bagairtí domhanda nua agus atá ag fás go tapa, lena n-áirítear iad siúd atá forbartha
agus in úsáid ag gníomhaithe bagartha ag a bhfuil acmhainní agus saineolas suntasach.
Tagann na bagairtí seo chun solais ag leibhéal náisiúnta ar bhealaí éagsúla a chiallaíonn
go bhfuil sé deacair na rioscaí gaolmhara a bhrath agus a mhaolú. Baineann tábhacht
chomh maith leis an bpointe go bhfuil an timpeallacht slándála domhanda ag céim
dhinimiciúil; cruthaíonn an filleadh ar pholaitíocht ‘na cumhachta móire’ i gcaidreamh
idirnáisiúnta, i dteannta le teannas maidir le díoltóirí trádála agus teicneolaíochta, dúshláin
ar leith do gheilleagair bheaga, oscailte cosúil le hÉireann.
Ar an dara dul síos, tá forbairt shuntasach tagtha ar bhonn teicneolaíoch gheilleagar na
hÉireann le blianta beaga anuas; is sa Stát atá céatadán mór de shonraí na hEorpa anois
(níos mó ná 30% de réir measúnuithe tionscail áirithe) agus ceanncheathrú Eorpach cuid
de na gnólachtaí teicneolaíochta is mó ar domhan. Go suntasach chomh maith, bhí
impleachtaí móra ag éabhlóid choincheapúil na néalríomhaireachta ar Éirinn. Ina lán
cásanna, seachas a bheith ag feidhmiú mar stórtha éighníomhacha sonraí, is timpeallachtaí
beo oibríochtúla bogearraí iad; dá réir sin, d’fhéadfadh éaradh seirbhíse nó teagmhas a
chuirfeadh isteach ar cheann de na háiseanna seo éifeachtaí láithreacha bunathraitheacha
a bheith acu ar bhonneagar nó ar ghnó ar fud an AE nó ar fud an domhain. Ciallaíonn sé
sin, go bhfuil riosca níos mó slándála agus geilleagrach ag baint leis an mbonneagar atá ag
14
tacú leis na hionaid seo, poiblí agus príobháideach.
Le blianta beaga anuas, tá forbairt agus úsáid rialta á baint as ard-uirlisí le haghaidh
ionsaithe agus spiaireacht chibirchumasaithe, agus, den chéad uair seans, scriosadh
fisiciúil an Bhonneagair Náisiúnta Chriticiúil trí mhodhanna cibirchumasaithe. Dá réir sin,
dlúthchuid de réimse na cibearshlándála é rás leanúnach agus contúirteach
teicneolaíochta, idir ionsaí agus chosaint.
Ciallaíonn nádúr an bhonneagair nasctha líonra go bhfuil cúrsaí níos casta fós. Ar an gcéad
dul síos, is córais dhomhanda iad seo, i dtéarmaí na slabhraí soláthair do ghléasanna agus
do bhogearraí agus i dtéarmaí an líonra a nascann le chéile iad; ciallaíonn sé seo nach
féidir le haon Stát ar leith ach méid áirithe smachta a bheith aige ar oibriú an líonra ina
dhlínse féin. Chomh maith leis sin, tá na gléasanna agus na córais seo faoi úinéireacht raon
leathan cineálacha gnóthaí agus eagraíochtaí. Go deimhin, tá roinnt gléasanna nasctha ina
lán tithe príobháideacha cheana féin, rud éigin a bhfuiltear ag súil leis a éireoidh níos
coitianta mar thoradh ar an méadú atá ag teacht ar Idirlíon na nEarraí (‘IoT’). Ciallaíonn sé
seo gur dúshlán casta é bearta nó freagairtí cosantacha ar theagmhais nó ar ionsaithe thar
an raon leathan spriocanna féideartha seo a chomhordú. Os a choinne sin, mura bhfuil
Rialtais toilteanach córas faireacháin ionsáite a éileamh, beidh roghanna teoranta ar fáil
dóibh chun gach ionsaí nó teagmhas ar a ndlínse nó in aghaidh a saoránach nó bonneagair
a thuar nó a chosc. Áirítear i measc na ndúshlán a bhaineann leis an réimse seo na
dúshláin is bunúsaí; go minic, mar gheall ar a nádúr, ní raibh cibirionsaithe á dtuairisciú ná
á bpoibliú, rud a chruthaigh saincheist shoiléir do Rialtais chomh fada is a bhaineann leis an
gceist bhunúsach a thuiscint agus a fhreagairt.
Tá aitheantas tugtha ag an Rialtas cheana féin do nádúr níos casta agus dinimiciúil na
ndúshlán slándála atá os comhair an Stáit trí Choiste Comh-Aireachta a bhunú atá ag
déileáil le saincheisteanna slándála náisiúnta. Chomh maith leis sin, tá Lárionad Náisiúnta
Cibearshlándála (LNCS) bunaithe ag an Rialtas a oibreoidh leis an Rialtas chun tacú le cur
chuige soiléir maidir le dúshláin slándála náisiúnta a mheas, a thuiscint agus déileáil leo,
cur chuige a mbeidh comhairle straitéiseach níos fearr á cur ar fáil don Rialtas dá bharr.
4.2. Bagairtí Hibrideacha Ceann de na saincheisteanna is dúshlánaí a tháinig chun cinn le blianta beaga anuas ba ea
úsáid agus mionchoigeartú gníomhach bagairtí hibrideacha. Seo a leanas an sainmhíniú
atá luaite ag an AE leis na bagairtí seo “bearta iltoiseacha, a chomhcheanglaíonn gnéithe
comhéigneacha agus treascracha, ag úsáid uirlisí agus beartaíochta gnásúla agus
neamhghnásúla (taidhleoireachta, míleata, geilleagrach, agus teicneolaíoch) chun an
15
coimhlinteoir a dhíchobhsú”, agus atá tagtha chun cinn i roinnt tíortha san AE le blianta
beaga anuas. Bhí cibir-chomhpháirt i gceist in go leor de na bagairtí seo, arb é an cineál is
coitianta úsáid a bhaint as cibir-uirlisí chun faisnéis a ghoid le húsáid i bhfeachtais
bhréagaisnéise ina dhiaidh sin (ar a dtugtar ‘haiceáil agus sceitheadh faisnéise’). De réir a
nádúir, tá na feachtais seo deartha ar shlí nach furasta iad a bhrath, agus mar gheall ar na
cuspóirí sainráite polaitiúla a bhaineann leo, tá sé níos deacra fós d’údaráis phoiblí
gníomhú ina n-aghaidh.
Mar dhaonlathas liobrálach oscailte, tá Éire leochaileach d’fheachtais den chineál seo ar
bhealach mórán mar an gcéanna le Ballstáit eile an AE. I mí na Nollag 2017, bhunaigh an
Rialtas an chéad ‘Grúpa Idir-Rannach maidir le Slándáil Phróiseas Toghcháin agus
Bréagaisnéise na hÉireann’, atá á chomhordú ag Roinn an Taoisigh. Tá sé de dhualgas ar
an ngrúpa seo measúnú a dhéanamh ar na rioscaí do phróiseas toghcháin na hÉireann, ag
cur san áireamh na saincheisteanna substainteacha a eascraíonn ó eispéiris le déanaí i
dtíortha daonlathacha eile maidir le húsáid a bheith á baint ag na meáin shóisialta as tríú
páirtithe seachtracha, anaithnide. D’fhoilsigh an Grúpa a chéad tuarascáil i mí Iúil 2018 inar
aimsíodh cé go bhfuil na rioscaí don phróiseas toghcháin in Éirinn sách íseal faoi láthair, go
bhfuil seans ann go mbeidh rioscaí ann amach anseo amr gheall ar scaipeadh
bréagaisnéise ar líne agus an riosca a bhaineann le cibirionsaithe ar an gcóras toghcháin.
Tá roinnt beart molta ag an ngrúpa seo chun cosaint i gcoinne na rioscaí seo, lena n-áirítear
Coimisiún Toghcháin a bhunú, clárú vótálaithe a nuachóiriú, fógraíocht pholaitiúil ar líne a
rialú, agus tacú le hiarrachtaí AE dul i ngleic le bréagaisnéis. Ag leibhéal Eorpach freisin,
rinneadh obair shuntasach, lena n-áirítear an Hybrid Fusion Cell a chruthú, atá bunaithe sa
tSeirbhís Eorpach Gníomhaíochta Seachtraí chun comhroinnt thapa faisnéise a bhaineann
leis na gníomhartha hibrideacha a bhfuil tionchar acu ar roinnt Ballstát den AE a éascú.
4.3. Rioscaí don Bhonneagar Náisiúnta Criticiúil agus do Chórais agus Sonraí na hEarnála Poiblí
Cé go mbíonn rioscaí ginearálta i gceist don tsochaí mar iarmhairt ar fhorbairtí sa
chibearspás, tá earnálacha áirithe ann ina bhféadfadh impleachtaí i bhfad níos mó a bheith
ag na teagmhais seo. Go ginearálta, áirítear ina measc seo earnálacha bonneagair atá
riachtanacha d’fheidhmeanna sochaíocha agus geilleagracha, ar a dtugtar Bonneagar
Náisiúnta Criticiúil (BNC), agus Córais agus Sonraí na hEarnála Poiblí go minic.
Cuimsíodh i gcoincheapú traidisiúnta BNC na n-earnálacha fuinnimh agus iompair, earnáil
na seirbhísí airgeadais, cúram sláinte agus an córas teileachumarsáide féin. Tá ról lárnach
ag córais TF Rialtais, i seachadadh go leor feidhmeanna atá riachtanach chun cur ar
16
chumas sochaí nua-aimseartha feidhmiú, lena n-áirítear seirbhísí sóisialta agus córais
íocaíochta, bailiúchán cánach agus feidhmiú an daonlathais.
Le blianta anuas tá forbairt tagtha agus tá úsáid bainte as uirlisí chun na córais seo a chur i
mbaol, cur isteach orthu, agus iad a scriosadh fiú. D’eascair na bagairtí seo as raon leathan
gníomhaithe, agus tá éagsúlacht le tabhairt faoi deara chomh fada is a bhaineann le
rochtain ar acmhainní agus cumas. Ina measc tá daoine aonair ag obair leo féin nó i
ngrúpaí beaga chun ionsaithe núise a dhéanamh, cosúil le haghlot suímh ghréasáin agus
ionsaithe diúltaithe mionscála, agus ‘haiceálaithe cúise’, coirpigh de chineálacha éagsúla,
agus Náisiúnstáit. I measc na mbagairtí ag leibhéal níos airde, go minic bíonn grúpaí
coireachta eagraithe inaitheanta ó Náisiúnstáit sa mhéid is go n-úsáideann siad, uaireanta,
ardteicnící chun líonraí agus sonraí a ionfhabhtú agus cur isteach orthu.
Ag deireadh, ag barr na pirimide seo, tá na heintitis atá urraithe ag an Stát, eagraíochtaí
míleata nó slándála go hiondúil, a dhéanann iarracht córais líonra agus faisnéise a úsáid
chun oibríochtaí a dhéanamh, idir ghadaíocht sonraí agus scriosadh bonneagar fisiciúil. Tá
sé léirithe go raibh baint ag na gníomhaithe bagartha seo, ar a dtugtar ‘ardbhagairtí
seasmhacha’ (nó ABSanna) de ghnáth, le hionsaithe i raon leathan earnálacha, ach go
raibh béim ar leith ar chórais TF an Rialtais, líonraí teileachumarsáide, seirbhísí airgeadais
agus cuideachtaí teicneolaíochta. Ciallaíonn na hacmhainní atá acu, a seasmhacht agus a
saineolas go mbaineann dúshlán ar leith leis na heintitis seo, tá sé deacair iad a bhrath
agus tá sé deacair iad a bhaint agus, dá réir sin, cruthaíonn siad dúshlán tromchúiseach
agus leanúnach do shlándáil an líonra agus na gcóras faisnéise.
Go stairiúil, bheadh Stáit ag súil le Bonneagar Náisiúnta Criticiúil agus córais agus sonraí
na hearnála poiblí a choimeád slán trí líon an-bheag príomhshuiteálacha. D’fhéadfaidís
dlíthe a dhéanamh chun páirtithe a thoirmeasc óna ndlínsí a úsáid chun críocha nó
gníomhaíochtaí aindleathacha, agus d’fhéadfaidís teorainneacha fisiciúla a úsáid mar
mhodh cosanta in aghaidh bagairtí seachtracha. Níl aon cheann de na bearta seo chomh
héifeachtach céanna sa ré dhigiteach. Os a choinne sin, le haghaidh cúiseanna praiticiúla
agus dlíthiúla, go ginearálta ní fheiceann Rialtais, nó ní féidir leo an raon leathan gléasanna
ina ndlínse nó an trácht ag sreabhadh chucu agus uathu a choinneáil slán. Is amhlaidh atá
mar go bhfuil na líonraí faoi úinéireacht phríobháideach, mar atá gléasanna nasctha agus
céatadán mór den bhonneagar náisiúnta criticiúil.
Le haghaidh go leor den tréimhse go dtí 2016, ba é an cur chuige a bhí ag go leor Rialtas
Náisiúnta tacú le heagraíochtaí trí fhaisnéis a sholáthar maidir le bagairtí agus bearta
maolaithe riosca, agus feidhm tuairisce teagmhas a sholáthar. In Éirinn, chiallaigh síniú i
ndlí na Rialachán maidir le Slándáil Líonra agus Faisnéise 2018 (I.R. 360 de 2018) go bhfuil
17
cur chuige i bhfad níos réamhghníomhaí ann anois maidir le cosaint an Bhonneagair
Náisiúnta Chriticiúil, lena n-áirítear sainaithint fhoirmiúil oibreoirí, tús a chur le clár beart
slándála a áirítear ann measúnuithe agus iniúchtaí ar chomhlíontacht, ar aon dul le bearta
atá á gcur i gcrích ar fud na hEorpa. Le himeacht ama, beidh méadú ar sheasmhacht na
bpríomhsheirbhísí seo in aghaidh ionsaithe nó teagmhais. Tá rioscaí fós ann, áfach, sna
hearnálacha atá clúdaithe ag Rialacháin NIS agus lasmuigh díobh seo.
Sa chéad chás, is modheolaíocht laghdaithe riosca, seachas ráthaíocht maidir le slándáil
absalóideach, é cloí leis na bearta slándála atá sonraithe sna Rialacháin NIS. Ar an dara
dul síos, tá an Treoir agus Rialacháin NIS teoranta go sainráite do sheacht n-earnáil
ainmnithe. Léiríodh sa mheasúnú a rinneadh ar an mBonneagar Náisiúnta Criticiúil a rinne
LNCS i rith an phróisis ainmnithe agus cur chun feidhme na mbeart slándála i ndiaidh
ainmnithe go bhfuil cuid den bhonneagar sa Stát lasmuigh de scóip na Rialachán NIS
fíorthábhachtach freisin, agus go bhfuil roinnt idirspleáchas idir earnálacha Bonneagar
Náisiúnta Criticiúil ar dócha go mbeidh siad mar bhonn le rioscaí ar leith.
Cé go bhfuil infheistíocht shuntasach agus aird shuntasach dírithe ar shlándáil TFC na
hearnála poiblí, ní hamháin mar gheall ar an Rialachán Ginearálta maidir le Cosaint Sonraí,
baineann roinnt dúshlán ar leith le nádúr na hearnála. Is féidir le roinnt Rann agus
Gníomhaireachtaí a gcomhlíontacht le dea-chleachtas idirnáisiúnta a léiriú go héasca (agus
caighdeáin idirnáisiúnta cosúil le ISO27001) ach fós féin baineann dúshláin le hardleibhéal
slándála a chinntiú ar bhonn comhsheashmhach i Ranna agus i ngníomhaireachtaí Rialtais.
Baineann saincheisteanna áirithe le rialachas foirmiúil shlándáil TFC, go ginearálta agus i
gcomhthéacs faisnéis rangaithe náisiúnta agus faisnéis rangaithe Stát agus comhlachtaí
idirnáisiúnta eile. Baineann saincheisteanna cosúla le hImréiteach Slándála Saoráidí a fháil
le haghaidh cuideachtaí a bhfuil baint acu le láimhseáil agus le stóráil faisnéis rúnda. Tá
roinnt beart á forbairt chun déileáil leis na dúshláin seo, lena n-áirítear níos mó úsáide a
bhaint as (agus pleananna le haghaidh) bonneagar TF comhroinnte idir Ranna, ach tá
roinnt dúshlán bunúsach fós le sárú.
Go criticiúil, is cosúil go n-éireoidh an cás seo níos casta fiú fós mar thoradh ar fhorbairtí
leanúnacha teicneolaíocha, lena n-áirítear réabhlóidí san earnáil teileachumarsáide. Trí aga
folaigh íseal agus tarchur ard bandaleithid faisnéise a cheadú, is dócha go bhfeidhmeoidh
úsáid teicneolaíochtaí 5G mar phríomhbhonneagar cumasaithe do shraith teicneolaíochtaí
eile agus cásanna úsáide. D’fhéadfaí go n-áireofaí ina measc seo seirbhísí do chustaiméirí
cosúil le feithiclí uathrialaitheacha, seirbhísí ríomhshláinte agus siamsaíocht, agus seirbhísí
atá dírithe ar an earnáil thionsclaíoch. Ar an mbonn sin, is cosúil go mbeidh líonraí 5G mar
bhonn le tacar nua seirbhísí a bheidh riachtanach d’oibriú feidhmeanna riachtanacha
18
sochaíocha agus geilleagracha. Tá nádúr na líonraí agus na teicneolaíochta seo ábhartha
freisin; ó tharla go bhfuil sé sainithe agus fíorúlaithe ar bhogearraí ciallaíonn sé gur dócha
go mbeidh gá le cineálacha nua beart slándála san earnáil seo chun slándáil an líonra 5G
agus na seirbhísí a bhraitheann air a chinntiú.
4.4. Saoránaigh agus Gnó Maidir le saoránaigh phríobháideacha, de gach aois, tá dlúthnasc idir go leor
saincheisteanna a bhaineann le cibearshlándáil agus sábháilteacht ar líne agus
cibearchoireacht a chosc. Is iondúil go dtagraíonn na nithe seo d’iompar ar líne daoine
aonair, nó don tslí ina gcoimeádann nó ina n-úsáideann siad a ngléasanna pearsanta nó
baile. Áirítear sna rioscaí seo caillteanas sonraí mar thoradh ar ionsaithe criptea-earraí, nó
caillteanas nó goid faisnéis phearsanta lena n-áirítear faisnéis aitheantais nó sonraí bainc.
I gcás gnóthaí, baineann ceann de na torthaí is coitianta agus is mó damáiste a eascraíonn
as an méadú ar ghníomhaíocht mhailíseach ar líne le hionsaithe ar ghnóthaí chun críche
tairbhe airgeadais. D’ainneoin leibhéal méadaithe feasachta, tá líon na dteagmhas
Cibearchoireachta in Éirinn ag méadú, agus thuairiscigh 61% d’eagraíochtaí Éireannacha
cibearchoireacht cosúil le Calaois le dhá bhliain anuas, rud is cúis le caillteanas de €3.1m
ar an mean.
19
5 Forbairt Náisiúnta Cumais 5.1. An Cás Mar Atá Go dtí 2011, bhí freagracht rialtais as cibearshlándáil in Éirinn luaite le roinnt eagraíochtaí
difriúla, lena n-áirítear údaráis mhíleata agus sibhialtaigh. I mí Iúil 2011, chinn an Rialtas an
Lárionad Náisiúnta Cibearshlándála (LNCS) a bhunú arb ionann é anois agus an Roinn
Cumarsáide, Gníomhaithe ar son na hAeráide agus Comhshaoil, a chiallaíonn go bhfuil an
fhreagracht as na nithe cibearshlándála ar fad anois cuimsithe in aonad oibríochtúil amháin.
Bunaíodh an cinneadh seo ar anailís mhionsonraithe ar na bagairtí slándála atá ag forbairt,
agus ar mheasúnú ar an gcineál eagraíochta is oiriúnaí chun freagairt do shaincheisteanna
agus feabhas a chur go réamhghníomhach ar sheasmhacht príomhbhonneagair agus
príomhsheirbhísí. Is ionann an coincheap eagraíochtúil seo anois agus dea-chleachtas san
Eoraip, go príomha mar go gceadaíonn sé mais chriticiúil taithí agus saineolas oibríochtúil a
chruthú, agus bainistíocht ceann go ceann teagmhas de gach cineál.
Leagadh amach sa chéad Straitéis Náisiúnta Cibearshlándála, a chomhaontaigh an Rialtas
in 2015, sraith beart ar a bhforbrófaí cumas an Lárionaid Náisiúnta Cibearshlándála (LNCS)
agus chun ardleibhéal slándála a bhaint amach do líonraí ríomhaireachta agus don
Bhonneagar Náisiúnta Criticiúil sa Stát. Díríonn na bearta seo ar fhorbairt cumais laistigh de
LNCS ar an bhFoireann Freagartha i gcás Teagmhas Slándála Ríomhaireachta (nó
‘CSIRT’), agus sraith chomhthreomhar beart a bhfuil sé mar aidhm leo slándáil líonra agus
faisnéise Comhlachtaí Poiblí a fheabhsú. Bunaíodh sa Straitéis seo chomh maith conas a
d’fhéadfaí seasmhacht an bhonneagair náisiúnta chriticiúil a fheabhsú, i bpáirt trí thrasuíomh
Threoir NIS, agus conas a bhforbrófaí an próiseas freagartha náisiúnta maidir le teagmhais
trí rannpháirtíocht leanúnach sa Chóras Náisiúnta Bainistíochta Éigeandála.
Ar dtús, bhí an bhéim á leagan in LNCS ar Fhoireann Freagartha i gcás Teagmhas Slándála
Ríomhaireachta a bhunú, laistigh den eagraíocht. Is cineál eagraíochta aitheanta
idirnáisiúnta iad CSIRTanna ag a bhfuil sraith ról foirmiúil maidir le freagairt do theagmhas
cibearshlándála agus comhroinnt faisnéise. Ag an leibhéal is bunúsaí, tá siad deartha chun
feidhmiú mar phointí fócais le haghaidh faisnéise; trí ghlacadh le agus tuairiscí teagmhais ó
íospartaigh a anaithnidiú, agus ansin sonraí teicniúla an dá theagmhas agus straitéisí
maolaithe a chomhroinnt lena gcomhbhaill (na comhlachtaí sin a bhfuil siad sannta cabhrú
leo), is féidir leo a chinntiú go bhfuil an grúpa comhbhall níos mó agus go bhfuil leibhéal níos
airde feasachta staide acu maidir lena bhfuil ag tarlú. Ar an tslí seo, tá CSIRTanna deartha
go sainráite chun roinnt de na dúshláin struchtúrtha a eascraíonn ó úinéireacht ilroinnte
chórais TF a chosc.
20
Caitheadh tréimhse fhada i mbun cumas a fhorbairt agus uasoiliúint san CSIRT in LNCS, ar
a dtugtar CSIRT-IE. I rith na gcéimeanna tosaigh, leagadh an bhéim ar na tascanna
bunúsacha a bhain le bheith in ann teagmhais a bhainistiú agus a rianú go slán agus go
gairmiúil agus faisnéis a chomhroinnte leis na comhbhaill. Chun é sin a dhéanamh,
teastaíonn foireann oilte agus le taithí, mar aon le bonneagar TF slán saorsheasaimh. Tá
forbairt shuntasach déanta orthu ó 2015, agus mar thoradh orthu cruthaíodh aonad
saineolaithe ag a bhfuil cumas suntasach sa raon iomlán feidhmeanna freagartha do
theagmhais chibearshlándála. Bhí ról lárnach ag na Fórsaí Cosanta agus ag An Garda
Síochána i gcéimeanna tosaigh an phróisis, ag soláthar foireann ar iasacht agus saineolas
slándála, forbairt próisis agus measúnú ar fhaisnéis bagartha. Chomh maith leis sin, bhí ról
tábhachtach ag an Ionad um Iniúchadh Cibearchoireachta in UCD i bhforbairt scileanna
cibearshlándála in Éirinn; tháinig go leor den bhonn eolais ar a bunaíodh LNCS ó mhic léinn
agus ó bhaill foirne in UCD.
Dearadh forbairt chumas oibríochtúil CSIRT ionas go mbeadh ardleibhéal feasachta suímh
san aonad maidir le gníomhaíocht cibearshlándála sa Stát, agus go mbeadh líonra de
‘chomhbhaill’ aige a bheadh in ann sonraí teicniúla teagmhas a chomhroinnt go slán, ar
bhealach anaithnidithe, chun cead a thabhairt dóibh bearta a dhéanamh chun a gcórais
agus seirbhísí a chosaint. Áirítear i measc na gcomhbhall seo Ranna agus
gníomhaireachtaí Rialtais, agus oibreoirí Bonneagar Náisiúnta Criticiúil, agus tá breis is 130
eintiteas i gceist. In 2016 agus 2017, áfach, bhí baint ag LNCS le roinnt teagmhas
tromchúiseach cibearshlándála a raibh baint acu le saincheisteanna nár tuigeadh sa
Straitéis. Thug an anailís ar na teagmhais seo le fios go raibh sé riachtanach roinnt uirlisí
LNCS a fhorbairt chun freagairt níos fearr do theagmhais amach anseo. Dá réir sin, thug
LNCS faoi shraith tionsncamh i rith na tréimhse seo chun tacú le hoibreoirí bonneagar
náisiúnta criticiúil agus páirtithe leasmhara Rialtais. Áirítear i measc na samplaí: (i) an
córas comhairlí agus foláireamh a leagan síos ar bhonn foirmiúil agus a mhéadú (bunaithe
ar cheachtanna foghlamtha sa phróiseas bainistíochta teagmhas le haghaidh WannaCry2
agus NotPetya), agus (ii) bunú, in 2017, an Ghrúpa Comhroinnte Bagartha, a fheidhmíonn
mar fhóram d’oibreoirí an bhonneagair náisiúnta chriticiúil, agus mar mhodh do
Ghníomhaithe Stáit (An Garda Síochána agus Na Fórsaí Cosanta san áireamh) chun
faisnéis a chomhroinnt leis na hoibreoirí seo agus chun oibriú i gcomhpháirt le gairmithe
cibearshlándála. Chomh maith leis sin, neartaigh na teagmhais chéanna lárnacht na
cibearshlándála i bpríomhdhúshláin slándála an Stáit, agus an gá atá le comhar leanúnach
agus dlúthchomhar le seirbhísí slándála an Stáit maidir le nithe oibríochtúla.
21
Tá forbairt shuntasach tagtha ar LNCS i dtéarmaí cumais agus acmhainní, agus tá a róil
bunaithe go foirmiúil le dlí, lena n-áirítear freagrachtaí maidir le cosaint an Bhonneagair
Náisiúnta Chriticiúil agus déileáil le ceanglais AE maidir le slándáil roinnt Soláthraithe
Seirbhíse Digití. Tá sainmhíniú sa dlí tugtha ar fhreagrachtaí CSIRT maidir le láimhseáil
rioscaí agus teagmhas chun an méid seo a leanas a dhéanamh;
“(a) monatóireacht a dhéanamh ar theagmhais laistigh den Stát,
(b) rabhaidh, foláirimh, fógraí agus scaipeadh faisnéise maidir le rioscaí agus
teagmhais a chur ar fáil do pháirtithe leasmhara ábhartha go luath,
(c) freagairt do theagmhais fógartha faoi Rialachán NIS 18 nó 22,
(d) anailís dhinimiciúil riosca agus teagmhas agus feasacht suímh a sholáthar,
(e) páirt a ghlacadh in agus comhoibriú i líonra CSIRT,
(f) caidreamh a bhunú le daoine san earnáil phríobháideach chun comhoibriú leis an
earnáil sin a éascú1”.
Fuair CSIRT a chéad chreidiúnú idirnáisiúnta ag deireadh 2017, (creidiúnú Tionscnóir
Iontaofa), fianaise go raibh leibhéal sainithe dea-chleachtais agus aibíochta bainte amach
ag an bhfoireann. Tá bunachar sonraí faisnéise bagartha forbartha ag LNCS atá á úsáid
chun cabhrú le Gníomhaireachtaí agus Ranna a líonraí a gcosaint. Tá forbairt chuimsitheach
déanta ar bhonn comhbhall LNCS freisin go dtí breis is 130 ball. Áirítear ina measc anois
Ranna agus Gníomhaireachtaí Rialtais, agus príomh-eintitis san Earnáil Airgeadais,
soláthróirí an Bhonneagair Náisiúnta Chriticiúil (BNCI) agus Oibreoirí eile Seirbhísí
Bunriachtanacha (OSB).
Ón tréimhse sin i leith, tá tuilleadh forbartha déanta ag CSIRT ar a chumas freagartha do
theagmhais trí ardán comhtháite freagartha do theagmhais agus anailísíochta, agus córas
méadaithe de chomhairleoirí do chomhbhaill ar fud an Rialtais agus an Bhonneagair
Náisiúnta Chriticiúil. Os a choinne sin, tá an CSIRT athraith ó sheasamh fhrithghníomhach
amháin a bheith aige go dtí seasamh níos réamhghníomhaí. Áirítear anseo úsáid a bhaint as
ACFBManna (Ardán Comhroinnte Faisnéise Bogearraí Mailíseacha) chun faisnéis bagartha
a chomhroinnt go díreach le Soláthraithe Bonneagar Náisiúnta Criticiúil, agus forbairt agus
úsáid sraith uirlisí chun faisnéis foinse oscailte (OSINT) a shainaithint, a pharsáil agus a
anailísiú. Chomh maith leis sin, tá an t-ardán ‘Sensor’ forbartha, tástáilte agus úsáidte ag
1 Rialachán 10 de I.R. 360 de 2018
22
CSIRT, atá anois ag obair ar an mbonneagar i roinnt Rann Rialtais, chun cineálacha áirithe
bagartha a bhrath agus rabhadh a thabhairt maidir leo.
Tharla roinnt forbairtí i réimsí gaolmhara taobh le forbairt LNCS. Sonraítear an méid seo a
leanas i bPáipéar Bán Cosanta 2015 “… tá an phríomhfhreagracht ar an Roinn Cumarsáide,
Fuinnimh agus Acmhainní Nádúrtha as cibearshlándáil” agus míníodh ann “Beidh
príomhbhéim á leagan ag an Roinn Cosanta agus ag na Fórsaí Cosanta ar chosaint na
líonraí Cosanta” ach “… mar a bheadh i gceist in aon chás éigeandála/géarchéime, fad is go
bhfuil tacaíocht á tabhairt do chórais Chosanta, soláthróidh an Roinn Cosanta agus na
Fórsaí Cosanta tacaíocht d’fhoireann CSIRT-IE bunaithe ar na hacmhainní a bheith ar fáil”.
Dá réir sin, is ról tacaíochta go sainráite é ról na bhFórsaí Cosanta maidir le cibearshlándáil,
agus baineann na príomhfhreagrachtaí sa réimse seo le cosaint a gcóras féin. D’fhorbairt an
ról tacaíochta seo le himeacht ama, agus tá na Fórsaí Cosanta ag leanúint le ról lárnach a
bheith acu in oibríochtaí LNCS a éascú. Tá dlúthchomhar idir LNCS agus na Fórsaí Cosanta
agus An Garda Síochána maidir le saincheisteanna slándála náisiúnta, agus tá socrú
iasachtaithe i bhfeidhm leis an dá eintiteas.
Chomh maith leis sin, tá tacar freagrachtaí ar An Garda Síochána san earnáil, chomh fada is
a bhaineann le cibearchoireacht a chosc, a iniúchadh agus a ionchúiseamh agus mar
iarmhairt a bhaineann le róil slándála náisiúnta. Tá roinnt mhaith forbartha tagtha ar a
gcumas agus eagrú le blianta beaga anuas, mar gur athbhunaíodh an tAonad Imscrúdaithe
um Choireacht Ríomhaire (a bunaíodh in 1991) mar Bhiúró Cibearchoireachta an Gharda
Síochána (BCCGS) in 2017. Is é an Biúró aonad náisiúnta an Gharda Síochána atá
freagrach as scrúdú fóiréinseach a dhéanamh ar aon mheáin ríomhaireachta gafa i rith aon
imscrúduithe coiriúla. Lena chois sin, déanann an biúró imscrúdú ar choireacht chibirspleách
lena n-áirítear ionraí líonra, trasnaíocht sonraí agus ionsaithe ar shuíomhanna gréasáin de
chuid Ranna Rialtais, institiúidí agus eintiteas corparáideach, tá infheistíocht shuntasach
déanta ag An Garda Síochána sa réimse, le béim ar leith ar chumas a fhorbairt sna réigiúin.
Tá caidreamh dearfach comhoibríoch bunaithe ag LNCS agus ag Biúró Cibearchoireachta
an Gharda Síochána agus tá deiseanna leanúnacha comhroinnte oiliúna agus iasachtaithe á
gcur ar fáil do bhaill foirne.
Príomhfhorbairtí
1. Tá CSIRT lánoibríochtúil agus creidiúnaithe go hidirnáisiúnta.
23
2. Tá forbairt shuntasach déanta ar na cláir chomhroinnte faisnéise agus for-rochtana
atá á n-oibriú ag LNCS, lena n-áirítear trí mhodhanna úsáide Ardán Comhroinnte
Faisnéise Bogearraí Mailíseacha (ACFBM).
3. Tá an t-ardán Sensor forbartha, tástáilte agus úsáidte ag CSIRT.
4. Tá Biúró Cibearchoireachta an Gharda Síochána bunaithe, agus tá cumas na
heagraíochta méadaithe go suntasach.
5. Tá an Lárionad Measúnachta Náisiúnta Slándála bunaithe i Roinn an Taoisigh.
5.2. Cuspóir Leanúint le cumas an Stáit freagairt do agus bainistíocht a dhéanamh ar theagmhais
chibearshlándála a fheabhsú, lena n-áirítear iad siúd le comhpháirt slándála náisiúnta.
5.3. Bearta Is é an Lárionad Náisiúnta Cibearshlándála (LNCS) an príomh-údarás Cibearshlándála a
bheidh sa Stát, agus déanfaidh sé tuilleadh forbartha ar a chumas a dhá phríomhról a chur i
gcrích; an fhreagairt náisinta ar theagmhais chibearshlándála a threorú agus seasmhacht
príomhlíonraí agus gléasanna ar fud an Stáit a fhorbairt. Leanfaidh príomhghné freagartha
LNCS ag fás, agus leanfar leis an athrú ó sheasamh frithghníomhach go dtí seasamh
réamhghníomhach, lena n-áirítear trí theacht ar bhealaí nua chun bagairtí a bhrath sula
mbíonn tionchar acu ar sheirbhísí agus ar shaoránaigh. Faoi dheireadh 2022, beidh roinnt
ról nua agus níos leithne ag LNCS maidir le líonraí agus sonraí Rialtais a chosaint, agus
leanfaidh sé ag obair le hOifig Phríomh-Oifigeach Faisnéise an Rialtais chun beartais agus
cleachtais a fhorbairt agus a chur chun feidhme a bhaineann go sonrach le seirbhísí Rialtais
agus poiblí.
1. Déanfar tuilleadh forbartha ar an Lárionad Náisiúnta Cibearshlándála, go háirithe ag féachaint dá chumas monatóireacht a dhéanamh ar agus freagairt do theagmhais chibearshlándála agus bagairtí atá ag forbairt sa Stát.
Forbrófar an CSIRT laistigh de LNCS mar ‘Ionad Comh-Oibríochtaí Slándála’ (nó JSOC)
faoi dheireadh 2020 chun tacú níos fearr le slándáil TFC an Rialtais, agus Bonneagar
Náisiúnta Criticiúil. Bunófar foirne speisialaithe laistigh de JSOC, lena n-áirítear Faisnéis
Bagartha, Freagairt do Theagmhais agus Monatóireacht Líonra. Éascóidh sé seo forbairt
leanúnach na foirne freagartha agus ceadóidh sé cothabháil agus forbairt
fhorchéimnitheach chumas LNCS monatóireacht a dhéanamh ar ghníomhaíocht líonra i
24
mBonneagar Rialtais agus Náisiúnta Criticiúil. Leanfaidh an t-aonad seo ag feidhmiú mar
phointe teagmhála náisiúnta do gach teagmhas cibearshlándála, agus leanfaidh sé leis
an bhfreagairt do theagmhais chibearshlándála de gach uile chineál a threorú.
2. Comhtháthófar faisnéis agus anailís bhagartha ullmhaithe ag an Lárionad Náisiúnta Cibearshlándála le hobair an Ionaid Náisiúnta um Anailís Slándála.
Beidh ról lárnach ag an Lárionad Náisiúnta Cibearshlándála (LNCS) i Roinn an Taoisigh
san anailís straitéiseach ar bhagairtí don tSlándáil Náisiúnta a chomhordú, agus i
bhfeasacht suímh feabhsaithe a sholáthar don Rialtas. Cabhróidh LNCS lena chinntiú go
bhfuil léargas iomlán á thabhairt ar dhúshláin nua agus fhorbarthacha cibearshlándála a
bhfuil tionchar acu ar an tslándáil náisiúnta in obair LNCS, lena n-áirítear forbairt
Straitéis Náisiúnta Slándála nua.
Beart 1: Déanfar tuilleadh forbartha ar an Lárionad Náisiúnta Cibearshlándála, go háirithe ag féachaint dá chumas monatóireacht a dhéanamh ar agus freagairt do theagmhais chibearshlándála agus bagairtí atá ag forbairt sa Stát.
Gníomhartha le Cur i gCrích Amlíne de réir na Ráithe
Ceannasaí Príomhpháirtithe Leasmhara
1 Plean mionsonraithe teicniúil agus eagraíochtúil do JSOC.
Ráithe 4 2020
LNCS RCGAC
2 Ceadú a fháil acmhainní agus foireann a chur ar fáil le haghaidh fhorbairt LNCS.
Ráithe 2 2021
LNCS RCGAC, RCPA
3 JSOC fréamhshamhla a fhorbairt in acmhainn eatramhach
Ráithe 4 2021
LNCS ONP, RCGAC
4 Áis Deiridh JSOC a Choimisiúnú i gCeanncheathrú LNCS
Ráithe 2 2023
LNCS ONP, RCGAC
25
Beart 2: Comhtháthófar faisnéis agus anailís bhagartha ullmhaithe ag an Lárionad Náisiúnta Cibearshlándála le hobair an Ionaid Náisiúnta um Anailís Slándála.
Gníomhartha le Cur i gCrích Amlíne de
réir na
Ráithe
Ceannasaí Príomhpháirtithe
Leasmhara
1 Socruithe Foirmiúla Tuairiscithe agus
Comhroinnte Faisnéise a bhunú le
INAS
Ráithe 1
2020
LNCS INAS
26
6 Cosaint Bonneagar Náisiúnta Criticiúil 6.1. An Cás Mar Atá Go dtí le déanaí, bhí dhá chineál ghníomh i gceist leis an dea-chleachtas a raibh glacadh
leis san Eoraip le haghaidh chosaint an bhonneagair náisiúnta chriticiúil agus seirbhísí in
aghaidh cibirionsaithe, (1) feidhm freagartha náisiúnta teagmhas cosúil le LNCS a chruthú,
agus (2) socruithe foirmiúla comhroinnte faisnéise a bhunú trína bhféadfaí faisnéis maidir le
bagairtí don bhonneagar seo a chomhroinnt le húinéirí agus le hoibreoirí, lena n-áirítear
faisnéis phráinneach maidir le bagairtí atá ar tí tarlú. Bhunaigh agus reáchtálann LNCS na
seirbhísí seo go beacht agus d’oibrigh sé, ar bhonn leanúnach, le hoibreoirí fóntas agus le
comhlachtaí cosúla i ndlínsí eile chun rioscaí don Bhonneagar Náisiúnta Criticiúil in Éirinn a
bhainistiú, lena n-áirítear bainistíocht ghníomhach teagmhas leanúnach.
Is léir bunaithe ar thaithí, áfach, le himeacht ama ar fud na hEorpa agus in áiteanna eile, go
bhfuil neamhshiméadracht riosca idir leas an phobail agus leas go leor oibreoirí an chineáil
seo bonneagair. Ina lán cásanna, bhí seirbhísí criticiúla fós leochaileach d’ainneoin
iarrachtaí cuimsitheacha a bheith déanta ag an Rialtas faisnéis agus tacaíocht a chur ar fáil
d’oibreoirí. Dá réir sin, agus obair ar bun i roinnt Ballstát den AR agus ar Threoracha
Teileachumarsáide roimhe seo, d’fhoilsigh Coimisiún na hEorpa dréacht den ‘Treoir maidir le
Slándáil Líonra agus Faisnéise’ in 2013. Áiríodh sa Treoir NIS seo, a comhaontaíodh go
foirmiúil in 2016, sraith beart a bhfuil sé mar aidhm leo athléimneacht an Bhonneagair
Náisiúnta Chriticiúil a fheabhsú in 7 n-earnáil dhifriúla (lena n-áirítear fuinneamh, iompar,
uisce óil, baincéireacht, margaí airgeadais, cúram sláinte agus bonneagar digiteach).
Áirítear i measc na mbeart seo a éileamh ar Bhallstáit measúnú foirmiúil a dhéanamh ar a
mbonneagar, agus ‘Oibreoirí Seirbhísí Bunriachtanacha’ a ainmniú go dleathach – na
heintitis sin atá fíorthábhachtach chomh fada is a bhaineann le soláthar na seirbhísí seo i
ngach Stát. Os a choinne sin, éilítear ar na heintitis seo a bheith faoi réir sraith fhoirmiúil
ceanglas slándála, agus ceanglais cheangailteacha tuairiscithe teagmhas. Dá réir sin, tá sé
mar aidhm le Treoir NIS (a) feabhsuithe a dhéanamh i slándáil agus seasmhacht an
Bhonneagair Náisiúnta Chriticiúil, agus (b) feasacht an Stáit ar theagmhais chibearshlándála
ar fud na hEorpa a fheabhsú, agus (c) breis comhsheasmhachta agus comhordaithe na
freagartha ag leibhéal AE a cheadú.
Scríobhadh straitéis 2015 roimh Threoir NIS, agus bhí tús curtha le hobair mhionsonraithe
sula raibh an Straitéis críochnaithe ar mheasúnú mionsonraithe ar an mBonneagar Náisiúnta
Criticiúil in Éirinn, a áiríodh ann Staidéar Idirspleáchais Bonneagair leis an Ríocht Aontaithe
(críochnaithe i lár 2017). Ansin, úsáideadh na measúnuithe seo chun liosta náisiúnta
27
d’Oibreoirí Seirbhísí Bunriachtanacha (OSB) a chur i dtoll a chéile, a ainmníodh go foirmiúil i
ndiaidh thrasuíomh na Treorach NIS in Éirinn i Meán Fómhair 2018 trí I.R. 360 de 2018.
Ceadaíonn cumhachtaí forfheidhmiúcháin faoi na Rialacháin NIS d’Oifigigh Údaraithe LNCS
measúnuithe agus iniúchtaí slándála a dhéanamh i 5 as 7 n-earnáil (tá freagracht ag Banc
Ceannais na hÉireann as an mbeart slándála a chur chun feidhme sna hearnálacha Seibhísí
Airgeadais), agus éilíonn siad soláthar faisnéise agus treoracha ceangailteachta a eisiúint
chun aon easnamh atá ann a réiteach. Chomh maith leis sin, d’ullmhaigh LNCS doiciméid
treorach mionsonraithe a bhaineann le bearta slándála, comhlíontacht agus tuairisciú
teagmhas chun breis tacaíochta a chur ar fáil do OSB, a foilsíodh le haghaidh
comhairliúcháin phoiblí in Eanáir 2019.
Chun críche an doiciméid seo, is é an sainmhíniú atá luaite le Bonneagar Náisiúnta Criticiúil
“… sócmhainn, córas nó cuid de atá lonnaithe i mBallstáit atá riachtanach le haghaidh
chothabháil feidhmeanna riachtanacha sochaíocha, sláinte, sábháilteacht, slándáil, folláine
gheilleagrach nó shóisialta daoine, agus cur isteach ar nó scriosadh a mbeadh tionchar
suntasach aige ar Bhallstát mar thoradh ar theip na bhfeidhmeanna seo a chothabháil.” Is é
an aidhm atá ag an Rialtas ár BNC a choinneáil slán ó ionsaí trína shainordú go bhfuil
bearta á ndéanamh ag oibreoirí chun rioscaí don bhonneagar seo a bhainistiú, lena n-
áirítear trí phleananna oiriúnacha freagartha teagmhas a bheith déanta chun déileáil le haon
chur isteach ar sheirbhísí.
De bharr spleáchas forchéimnitheach an Bhonneagair Náisiúnta Chriticiúil agus seirbhísí ar
líonra gléasanna nasctha, chuir an Stát sraith beart i gcrích chun seasmhacht catagóirí
áirithe de bhonneagar náisiúnta criticiúil a chinntiú. I bhfianaise nádúr agus fairsinge an
riosca, áfach, agus mar gheall ar theicneolaíochtaí forbarthacha, ní mór tuilleadh forbartha
agus fairsingithe a dhéanamh ar an gcóras seo. Chuige sin, cuirfidh an Rialtas na bearta seo
a leanas i gcrích chun tuilleadh cosanta a dhéanamh ar Bhonneagar Náisiúnta Criticiúil agus
seirbhísí;
Príomhfhorbairtí
1. Tá an mhodheolaíocht do Chosaint an Bhonneagair Chriticiúil atá leagtha amach i
dTreoir NIS an AE curtha chun feidhme.
2. Mar thoradh air seo, ainmníodh 7 nOibreoirí Seirbhísí Bunriachtanacha in 7
bpríomhearnáil, agus chuir Oibreoirí tús le sraith de mheasúnachtaí foirmiúla
ullmhachta.
3. Cuireadh tús le meicníochtaí saincheaptha comhroinnte faisnéise chun faisnéis
íogair a chomhroinnt le príomh-Oibreoirí.
28
6.2. Cuspóir An bonneagar náisiúnta criticiúil a shainaithint agus a chosaint trína sheasmhacht do
chibirionsaí a mhéadú agus trína chinntiú go bhfuil pleananna oiriúnacha freagartha
teagmhas bunaithe ag oibreoirí seirbhísí bunriachtanacha chun aon chur isteach ar
sheirbhísí a laghdú agus a bhainistiú.
6.3. Bearta Leanfaidh LNCS ag cur a chlár reatha cosanta Bonneagar Náisiúnta Criticiúil chun feidhme,
bunaithe ar phróiseas curtha chun feidhme na Treorach NIS cheana féin, ach déanfaidh sé
forbairt shuntasach ar an Treoir seo, bunaithe ar mhórphíosa anailíse. Tacóidh Na Fórsaí
Cosanta agus An Garda Síochána leis an iarracht seo, agus oibreofar leis an Rialtas trí
chéile lena chinntiú go bhfuil ábhair imní cibearshlándála á gcomhtháthú i ngach ábhar
beartais ábhartha.
3. Leanfar leis an gcóras reatha do Chosaint an Bhonneagair Náisiúnta Chriticiúil bunaithe ar an Treoir NIS a úsáid agus a fhorbairt, agus leagfar béim ar leith ar chláir leanúnacha chomhlíontachta agus iniúchta chun rioscaí do phríomhsheirbhísí a mhaolú.
Is é príomhchuspóir na Treorach NIS a chinntiú go bhfuil ardleibhéal de chibearshlándáil
choiteann sna Ballstáit trí chéile. Is é an LNCS an t-údarás inniúil náisiúnta atá
freagrach as treoir a sholáthar maidir le slándáil an Bhonneagair Náisiúnta Chriticiúil,
agus as iniúchadh a dhéanamh ar chur chun feidhme na rialaithe slándála le haghaidh
go leor de na hearnálacha seo. Leanfaidh an LNCS leis na bearta seo a fhorbairt agus a
chur chun feidhme lena chinntiú go bhfuil an Treoir NIS á cur chun feidhme ina
hiomláine in Éirinn, agus go mbíonn an cur chun feidhme seo ag tarlú ag an luas
céanna le hathruithe teicneolaíochta agus dea-chleachtais.
4. Déanfaidh LNCS, le cúnamh ó na Fórsaí Cosanta agus An Garda Síochána, measúnú riosca mionsonraithe nuashonraithe ar leochaileacht reatha gach Bonneagar Náisiúnta Criticiúil agus seirbhísí do chibirionsaí.
Ag cur leis an bpróiseas measúnaithe reatha a reáchtáladh faoin Treoir NIS, déanfaidh
LNCS measúnú riosca mionsonraithe ar leochaileacht gach Bonneagar Náisiúnta
Criticiúil agus seirbhísí do chibirionsaí. Áireofar anseo measúnú ar chriticiúlacht raon
29
leathan seirbhísí agus mapáil idirspleáchas eatarthu seo. Úsáidfear an t-aschur ón
bpróiseas seo mar bhonn le scóip fairsingthe phróiseas reatha cosanta cibearshlándála
an Bhonneagair Náisiúnta Chriticiúil.
5. Forbrófar agus leathnófar córas cosanta reatha an Bhonneagair Náisiúnta Chriticiúil thar shaolré na Straitéise chun raon níos leithne de Bhonneagar Náisiúnta Criticiúil a chur san áireamh, lena n-áirítear gnéithe den chóras toghcháin.
Déanfaimid forbairt ar an gcóras rialála reatha do chibearshlándáil BNC chun raon níos
leithne oibreoirí a chur san áireamh i raon níos leithne earnálacha agus chun
monatóireacht níos géire ar chomhlíontacht a cheadú. Glactar leis go n-áireofar sa
chóras fairsingithe seo gnéithe de chórais ardoideachais agus toghcháin agus cuirfidh
siad leis an obair atá déanta cheana féin mar thoradh ar an Treoir NIS.
6. Déanfar tuilleadh forbartha ar na grúpaí comhroinnte faisnéise atá á n-oibriú ag an Ionad Náisiúnta Cibearshlándála cheana féin, agus leathnófar an Grúpa Comhroinnte Bagartha atá ann cheana féin chun raon níos leithne de Bhonneagar Náisiúnta Criticiúil a chur san áireamh.
Déanfar forbairt shuntasach ar na fóraim comhroinnte faisnéise cibearshlándála atá ann
cheana féin, cosúil leis an ‘Grúpa Comhroinnte Bagartha’ (GCB) agus an ‘Malartú
Faisnéise Uile-oileáin’ (MFUO).
7. Bunóidh an Rialtas tacar breise de chaighdeáin chomhlíontachta chun tacú le cibearshlándáil an bhonneagair teileachumarsáide sa Stát.
Bunóimid sraith nua agus shonrach ceanglas slándála don earnáil teileachumarsáide,
agus beidh bearta maolaithe riosca mionsonraithe le forbairt ag LNCS chun tacú le
Comreg a fheidhmeanna reachtúla a chomhlíonadh faoi Rialacháin Slándála reatha an
AE (trasuite ag I.R. 333 de 2011), agus Cód Teileachumarsáide an AE atá le foilsiú
(Treoir 2018/1972)
30
Beart 3: Leanfar leis an gcóras reatha do Chosaint an Bhonneagair Chriticiúil bunaithe ar an Treoir NIS a úsáid agus a fhorbairt, agus leagfar béim ar leith ar chláir leanúnacha chomhlíontachta agus iniúchta chun rioscaí do phríomhsheirbhísí a mhaolú.
Gníomhartha le Cur i gCrích Amlíne de
réir na
Ráithe
Ceannasaí Príomhpháirtithe
Leasmhara
1 An chéad chéim d’Fhéinmheasúnú
na nOibreoirí Seirbhísí
Bunriachtanacha (OSB) i gcomparáid
leis an gCreat Rialaithe Slándála a
chur i gcrích
Ráithe 1
2020
LNCS OSB Ainmnithe
2 An chéad chéim de Thástáil Rialaithe
Slándála d’Oibreoirí Seirbhísí
Bunriachtanacha (OSB) a chur i
gcrích
Ráithe 3
2020
LNCS OSB Ainmnithe
3 Athmheasúnú a dhéanamh ar Chlár
na OSB Ainmnithe agus Treoirlínte
Slándála
Ráithe 3
2020
LNCS
4 Tástáil Rialaithe Slándála i ndiaidh
teagmhas, agus iniúchtaí leanúnacha
ar chomhlíontacht OSB
Go
leanúnach
LNCS OSB Ainmnithe
Beart 4: Déanfaidh LNCS, le cúnamh ó na Fórsaí Cosanta agus An Garda Síochána, measúnú riosca mionsonraithe nuashonraithe ar leochaileacht reatha gach Bonneagar Náisiúnta Criticiúil agus seirbhísí do chibirionsaí.
Gníomhartha le Cur i gCrích Amlíne de
réir na
Ráithe
Ceannasaí Príomhpháirtithe
Leasmhara
1 Grúpa Stiúrtha bunaithe agus téarmaí
tagartha don athbhreithniú
Ráithe 1
2020
LNCS CCGS, FC,
INAS, BCÉ,
31
comhaontaithe COMREG,
CRF, ÚEÉ
2 An chéim bailithe faisnéise
críochnaithe, agus modheolaíocht
comhaontaithe
Ráithe 3
2020
LNCS CCGS, FC,
INAS, BCÉ,
COMREG,
CRF, ÚEÉ
3 An Próiseas Measúnaithe a
chríochnú, lena n-áirítear
comhairliúchán idirnáisiúnta agus
measúnú mionsonraithe ar
idirspleáchais thrasearnála.
Ráithe 2
2021
LNCS CCGS, FC,
INAS, BCÉ,
COMREG,
CRF, ÚEÉ
4 Tuarascáil Deiridh agus Moltaí
Curtha i gCrích
Ráithe 4
2021
LNCS CCGS, FC,
INAS, BCÉ,
COMREG,
CRF, ÚEÉ
Beart 5: Forbrófar agus leathnófar córas cosanta reatha an Bhonneagair Náisiúnta Chriticiúil thar shaolré na Straitéise chun raon níos leithne de Bhonneagar Náisiúnta Criticiúil a chur san áireamh, lena n-áirítear gnéithe den chóras toghcháin.
Gníomhartha le Cur i gCrích Amlíne de
réir na
Ráithe
Ceannasaí Príomhpháirtithe
Leasmhara
1 Cinn Billí a Dhréachtú le Comhaontú
ag an Rialtas
Ráithe 4
2021
RCGAC OAA
2 Próiseas Dréachtaithe le OAA Ráithe 1
2022
RCGAC OAA
3 Próiseas Oireachtais Ráithe 2
2022
RCGAC OAA,
Oireachtas
32
Beart 6: Déanfar tuilleadh forbartha ar na grúpaí comhroinnte faisnéise atá á n-oibriú ag an Ionad Náisiúnta Cibearshlándála cheana féin, agus leathnófar an Grúpa Comhroinnte Bagartha atá ann cheana féin chun raon níos leithne de bhonneagar náisiúnta criticiúil a chur san áireamh.
Gníomhartha le Cur i gCrích Amlíne de réir na Ráithe
Ceannasaí Príomhpháirtithe Leasmhara
1 Cur le hionadaithe reatha an Ghrúpa
Comhroinnte Bagartha (GCB) chun
BNC a chur san áireamh, le Téarmaí
Tagartha nua.
Ráithe 2 2020
LNCS CCGS, FC, BNC
2 Socruithe reatha na Ríochta
Aontaithe maidir le comhroinnt
faisnéise agus freagairt do
theagmhas a bheachtú, le béim ar
leith ar chosaint bonneagair chriticiúil
Thuaidh-Theas.
Ráithe 4 2020
LNCS OPÉ, CPNI na Ríochta Aontaithe
Beart 7: Bunóidh an Rialtas tacar breise de chaighdeáin chomhlíontachta chun tacú le cibearshlándáil an bhonneagair teileachumarsáide sa Stát.
Gníomhartha le Cur i gCrích Amlíne de
réir na
Ráithe
Ceannasaí Príomhpháirtithe
Leasmhara
1 Trasuíomh Threoir 2018/1972 Ráithe 4
2020
RCGAC LNCS, Comreg
2 Tacaíocht Theicniúil a chur ar fáil
do Comreg
Ráithe 4
2020
LNCS Comreg
3 Cur chun feidhme beart slándála
athbhreithnithe
Ráithe 1
2021
Comreg RCGAC, LNCS,
Oibreoirí
Teileachumarsáide
33
7 Sonraí agus Líonraí na hEarnála Poiblí 7.1. An Cás Mar Atá Baineann freagracht as oibriú agus slándáil chórais TF na hearnála poiblí le Ranna agus
Gníomhaireachtaí aonair, agus tá ról uileghabhálach ag Oifig Phríomh-Oifigeach Faisnéise
an Rialtais i gcur chun feidhme Straitéis TFC na Seirbhíse Poiblí agus an líonra a úsáideann
Ranna agus Gníomhaireachta chun nascadh lena chéile agus leis an Idirlíon go ginearálta a
bhainistiú. Sna blianta tosaigh, d’áirigh príomhról CSIRT laistigh de LNCS feidhm freagartha
teagmhais a bhunú chun tacú leis na Ranna agus leis na gníomhaireachtaí seo nuair a
thuairiscigh siad teagmhais do LNCS, agus chun córas Comhairleach a fhorbairt chun
scaipeadh tapa faisnéis shonrach a bhaineann le bagairtí agus le teagmhais a cheadú, agus
dea-chleachtas maidir le cibearshlándáil. Ní raibh aon léargas díreach ag LNCS ar
ghníomhaíochtaí ar líonraí Rialtais, áfach, ach oiread le haon mhodh foirmiúil nó beacht
chun cinneadh a dhéanamh maidir leis na bearta slándála a d’fhéadfadh a bheith bunaithe i
Ranna nó i ngníomhaireachtaí aonair.
Ar an mbonn sin, agus ag teacht le forbairt leanúnach CSIRT agus an tacar uirlisí níos mó
atá ar fáil do gach comhbhall, chuir LNCS tús le tionscadal dar teideal ‘Sensor’ a rolladh
amach; arb ionann é go bunúsach agus sraith bhreise cosanta do Ranna Rialtais a
chuireann in iúl do LNCS nuair a thugtar faoi deara go bhfuil cineálacha áirithe
gníomhaíochta ag trasdul líonraí Rialtais. Chomh maith leis sin, d’eisigh LNCS ‘Treoir 5
Phointe’ do Ranna ag deireadh 2018, ina leagtar amach bonnlíne de bhearta slándála a
d’fhéadfadh Ranna a dhéanamh, bunaithe ar roinnt de na teagmhais choitianta a bhí
tuairiscithe ag CSIRT dó sa tréimhse roimhe sin.
Príomhfhorbairtí
1. Tá an córas Comhairleach atá á oibriú ag LNCS méadaithe go suntasach chun
scaipeadh tapa faisnéise a cheadú.
2. Tá an t-ardán Sensor forbartha, tástáilte agus úsáidte ag LNCS i roinnt Rann
Rialtais, rud a bhí mar bhonn le slándáil chórais TF agus sonraí a fheabhsú i gcoinne
bagairtí ardleibhéil.
3. Tá infheistíocht shuntasach déanta ag Ranna agus gníomhaireachtaí Rialtais i
slándáil, le treoir ó LNCS.
34
7.2. Cuspóir Seasmhacht agus slándáil chórais TF na hearnála poiblí a fheabhsú chun na seirbhísí a
mbraitheann daoine orthu a chosaint ar bhealach níos fearr, agus a gcuid sonraí.
7.3. Bearta Braitheann an Earnáil Phoiblí ar Theicneolaíocht Faisnéise chun na seirbhísí ar fad
beagnach atá á soláthar aici a chur ar fáil; dá réir sin, ní mór go mbeadh na seirbhísí seo
slán, seasmhach agus in ann a chinntiú go bhfanann faisnéis phearsanta príobháideach.
Chuige sin, cuirfidh an Rialtas na tionscnaimh shonracha seo i bhfeidhm;
8. Forbróidh LNCS caighdeán slándála bonnlíne atá le cur i bhfeidhm ag gach Roinn Rialtas agus príomhghníomhaireacht.
Forbróidh LNCS, i gcomhar le OPOFR, íoschaighdeán bonnlíne cibearshlándála do
TFC an Rialtais. Athlíneofar é seo le caighdeáin idirnáisiúnta agus cuirfear i bhfeidhm ar
bhonn céimnithe é i ngach comhlacht Rialtais, ag tosú le Ranna Rialtais. Áirítear i
measc na gcaighdeán seo go hiondúil, bearta agus rialuithe a bhaineann le hoiliúint
foirne, aitheantas agus bainistíocht rochtana. Meastar go ndéanfar an caighdeán a
iniúchadh ag leibhéal na Roinne áitiúla agus go mbeidh tacaíocht agus treoir á cur ar fáil
ag LNCS.
9. Cuirfear an Clár ‘Sensor’ reatha i bhfeidhm i ngach Roinn Rialtais, agus déanfar measúnú ar an bhféidearthacht a bhaineann le Sensor a leathnú chun é a chur i bhfeidhm i ngach líonra Rialtais.
Déanfar Clár Sensor LNCS a rolladh amach i ngach Roinn Rialtais agus é mar aidhm
luathbhrath a fheabhsú agus deireadh a chur le bagairtí. Tacóidh LNCS lena cur chun
feidhme ar fud na hearnála poiblí, agus forbrófar an tIonad Comh-Oibríochtaí Slándála
chun tacú leis an gcóras seo agus é a oibríochtú. Meastar go ndéanfaidh an tIonad
Comh-Oibríochtaí Slándála monatóireacht ar gach Roinn agus Gníomhaireacht Rialtais
atá á bainistiú ag LNCS.
10. Cruthófar fóram Slándála TF an Rialtais, a mbeidh cead ag Ceannasaithe Shlándáil TF ar fud an Rialtais a bheith páirteach ann, chun comhroinnt faisnéise
35
maidir le dea-chleachtas le haghaidh cibearshlándáil a éascú agus chun cead a thabhairt do LNCS tacú le húsáid a bhaint as an gcaighdeán slándála bonnlíne.
Beidh ról ceannasaíochta ag LNCS i bhfóram nua Slándála TF na hEarnála Poiblí a
chruthú, cathaoirleacht a dhéanamh air agus é a chur chun feidhme, le Ceannasaithe
shlándáil TF ó Ranna agus Gníomhaireachtaí Rialtais. Buailfidh an fóram le chéile gach
ráithe chun faisnéis maidir le dea-chleachtas, próisis idir-eagraíochtúla, bagairtí agus
bearta cibearshlándála a mhalartú agus a chomhroinnt chun caighdeán nua bonnlíne
cibearshlándála na hearnála poiblí a chomhlíonadh.
11. Éileoidh an Rialtas ar LNCS moltaí a eisiúint ag féachaint d’úsáid bogearraí agus crua-earraí sonracha ar bhonneagar TF agus teileachumarsáide an Rialtais.
Beidh sé de dhualgas ar LNCS moltaí a eisiúint maidir le soláthar agus úsáid cineálacha
áirithe bonneagar agus bogearraí TF chun sonraí agus seirbhísí Rialtais a choinneáil
slán, agus chun toirmeasc nó baint bonneagair áirithe ó líonraí TF agus cumarsáide an
Rialtais a mholadh má chinneann LNCS go gcruthaíonn a láithreacht riosca do-ghlactha
do shlándáil shonraí an Rialtais.
Beart 8: Forbróidh LNCS caighdeán slándála bonnlíne atá le cur i bhfeidhm ag gach Roinn Rialtas agus príomhghníomhaireacht.
Gníomhartha le Cur i gCrích Amlíne de
réir na Ráithe
Ceannasaí Príomhpháirtith
e Leasmhara
1 Íoschaighdeán oiriúnach a dhearadh do
TF an Rialtais, i gcomhar le Fóram
Slándála TF an Rialtais.
Ráithe 4 2021 LNCS/OPOFR
/Fóram TF an
Rialtais
Ranna Rialtais
agus
príomhghníomha
ireachtaí
2 Bearta, rialuithe agus nósanna imeachta
cur chun feidhme mionsonraithe a
fhorbairt.
Ráithe 1 2022 LNCS/OPOFR
/Fóram TF an
Rialtais
Ranna Rialtais
agus
príomhghníomha
ireachtaí
3 Ábhar treorach agus tacaíochta maidir le
measúnú comhlíontachta a dhréachtú
d’fhoirne TF agus d’Aonaid Iniúchta
Ráithe 2 2022 LNCS/OPOFR
/Fóram TF an
Rialtais
Ranna Rialtais
agus
príomhghníomha
36
Inmheánacha. ireachtaí
4 Tacú le Ranna Rialtais agus le
Príomhghníomhaireachtaí le cur chun
feidhme an chaighdeáin bonnlíne.
Go leanúnach LNCS/OPOFR
/Fóram TF an
Rialtais
Ranna Rialtais
agus
príomhghníomha
ireachtaí
5 Measúnú a dhéanamh ar chur chun
feidhme an chaighdeáin bonnlíne
Ráithe 4 2023 LNCS/OPOFR
/Fóram TF an
Rialtais
Ranna Rialtais
agus
príomhghníomha
ireachtaí
Beart 9: Cuirfear an Clár ‘Sensor’ reatha i bhfeidhm i ngach Roinn Rialtais, agus déanfar measúnú faoin dáta céanna ar an bhféidearthacht a bhaineann le Sensor a chur i bhfeidhm i ngach líonra Rialtais.
Gníomhartha le Cur i gCrích Amlíne de
réir na
Ráithe
Ceannasaí Príomhpháirtithe
Leasmhara
1 Sensor a úsáid sa bhonneagar TF sa 15
Roinn Rialtais. Ráithe 4 2020 LNCS Gach Roinn
Rialtais, Fóram
Slándála TF an
Rialtais
2 Athbhreithniú a dhéanamh ar chostais
agus ar shaincheisteanna dlí a
bhaineann le cur chun feidhme Sensor i
Líonraí an Rialtais, ag cumhdach TFC na
hearnála poiblí, agus an toradh a chur
faoi bhráid an Rialtais chun cinneadh a
dhéanamh.
Ráithe 4 2021 LNCS OPOFR OAA,
RCPA
37
Beart 10: Cruthófar fóram Slándála TF an Rialtais, a mbeidh cead ag Ceannasaithe Shlándáil TF ar fud an Rialtais a bheith páirteach ann, chun comhroinnt faisnéise maidir le dea-chleachtas le haghaidh cibearshlándáil a éascú agus chun cead a thabhairt do LNCS tacú le húsáid a bhaint as an gcaighdeán slándála bonnlíne.
Gníomhartha le Cur i gCrích Amlíne de
réir na
Ráithe
Ceannasaí Príomhpháirtithe
Leasmhara
1 Acmhainní a chur ar fáil chun Foireann
TF na hEarnála Poiblí a chruthú in LNCS,
agus Téarmaí Tagartha a bhunú don
Fhóram
Ráithe 1 2020 LNCS OPOFR, Gach
Roinn Rialtais
2 Seisiún faisnéisithe a phleanáil do gach
Ceannasaí Slándála TF chun cur síos a
dhéanamh ar aidhm an Fhóraim Slándála
Ráithe 1 2020 LNCS OPOFR, Gach
Roinn Rialtais
3 Cruinnithe ráithiúla den Fhóram a bhunú
agus Cathaoirleach agus Rúnaí a
cheapadh
Ráithe 4 2020 LNCS OPOFR, Gach
Roinn Rialtais
Beart 11: Éileoidh an Rialtas ar LNCS Moltaí a eisiúint ag féachaint d’úsáid bogearraí agus crua-earraí sonracha ar bhonneagar TF agus teileachumarsáide an Rialtais.
Gníomhartha le Cur i gCrích Amlíne de
réir na
Ráithe
Ceannasaí Príomhpháirtithe
Leasmhara
1 Réasúnaíocht agus Téarmaí Tagartha
Ullmhaithe agus curtha faoi bhráid an
Rialtais lena gComhaontú
Ráithe 3 2020 LNCS OPOFR, CCGS,
FC, INAS
2 Éifeacht tugtha do Phróiseas Molta
LNCS
Ráithe 4 2020 LNCS OPOFR, CCGS,
FC, INAS
38
8 Scileanna 8.1. An Cás Mar Atá Tá roinnt bearnaí suntasacha scileanna tagtha chun solais i gcibearshlándáil, den chuid is
mó mar gheall ar a forbairt thapa mar dhúshlán sochaíoch. Is saincheist dhomhanda é an
bhearna scileanna seo, agus tá suas le 2 mhilliún folúntas cibearshlándála gan líonadh ar
fud an domhain in 2019. Ag leibhéal náisiúnta, baineann fíorthábhacht le soláthar foirne
chun an cumas ár mbonneagar féin a choinneáil slán a chaomhnú, agus chun leanúint le
hinfheistíocht shuntasach sonraí a mhealladh agus a choimeád. Dá réir sin, chun an t-
éileamh seo a chomhlíonadh ní mór oiliúint a chur ar iontrálaithe nua agus tras-oiliúint agus
uasoiliúint ó ghairmithe san earnáil TFC agus in earnálacha ábhartha eile a spreagadh. Le
blianta beaga anuas, tá dul chun cinn tábhachtach déanta ag Éire chomh fada is a
bhaineann le déileáil le agus feabhas a chur ar scileanna, acmhainní taighde a fhorbairt
agus feasacht maidir leis an gcibearshlándáil mar ghairm bheatha a mhúscailt. Tá aga moille
fós ann, áfach, idir an lucht tionscail agus an lucht acadúil in earnálacha mar seo atá ag
athrú go tapa, agus tá gá lena chinntiú go bhfuil céimithe ag fágáil institiúidí tríú leibhéal leis
na scileanna a theastaíonn chun na riachtanais fostaíochta sa tionscal a chomhlíonadh.
Tá iarracht á déanamh ag an Rialtas dul i ngleic leis an éileamh méadaitheach ar scileanna
cibearshlándála trí chur chun feidhme Scileanna Teicneolaíochta 2022, an tríú Plean
Gníomhaíochta Scileanna TFC. Sainaithníodh cibearshlándáil sa bhuntaighde don phlean,
déanta ag an Sainghrúpa ar Riachtanais Scileanna sa Todhchaí, mar cheann de na
príomhréimsí atá ag teacht chun cinn a bheidh mar bhonn le dlús a chur faoin éileamh ar
scileanna TFC ardleibhéil in Éirinn amach anseo. Tá an clár oibre scileanna cibearshlándála
á chur chun cinn i gcomhthéacs Scileanna Teicneolaíochta 2022 trí roinnt cainéal, lena n-
áirítear Skillnet Ireland, leathnú an tsoláthair in ardoideachas agus cur chun cinn
printíseachtaí TFC trí SOLAS, an tÚdarás Breisoideachais agus Ardoideachais.
I nDeireadh Fómhair 2018, sheol Skillnet Ireland Tionscnamh Scileanna Cibearshlándála
nua i gcomhpháirt le LNCS, Biúró Cibearchoireachta an Gharda Síochána, agus
gníomhaireachtaí agus institiúidí tríú leibhéal eile. Is iad príomhaidhmeanna an tionscnaimh
feasacht a fhorbairt, an bhearna scileanna a líonadh agus caighdeáin a shonrú le haghaidh
scileanna agus inniúlachtaí do róil Chibearshlándála. Tá an plean trí bliana dírithe ar oiliúint
agus ar chreidiúnú a fhorbairt sa réimse chun dul i ngleic le bearnaí scileanna, níos mó
daoine óga a mhealladh i dtreo na hearnála, mná go háirithe, agus Forbairt Ghairmiúil
Leanúnach a chur chun cinn. Measann Skillnet Ireland go mbeidh oiliúint Chibearshlándála á
cur ar fáil do bhreis is 5,000 duine sa tionscal sna trí bliana amach romhainn mar thoradh ar
39
an tionscnamh. Ina theannta sin, tá tús curtha ag an earnáil tríú leibhéal in Éirinn le líon
suntasach cúrsaí sa chibearshlándáil, agus tá ar a laghad 8 gcúrsa Máistreachta á dtairiscint
anois.
Tá printíseachtaí á bhforbairt ag cuibhreannais atá á stiúradh ag an earnáil thionsclaíoch,
agus áirítear iontu oiliúint obairbhunaithe agus oiliúint lasmuigh den láthair oibre le linn a
bheith i mbun fostaíochta. Tá printíseachtaí á bhfaomhadh ag an gComhairle Printíseachta
faoin gCiste Náisiúnta Oiliúna agus cuireann siad ar chumas fágálaithe scoile, cuardaitheoirí
poist agus iad siúd ar mian leo tabhairt faoi ghairm nua, gairm a aimsiú dóibh féin. I mí
Feabhra 2019 seoladh printíseacht nua 2 bhliain ar a dtugtar Gairmí Comhlach sa
Chibearshlándáil ag leibhéal 6 QQI, agus is é SAP an treoraí tionscail agus is é Fastrack to
Information Technology (FIT) an soláthraí comhordúcháin.
Ina theannta sin, tá tús curtha ag an earnáil tríú leibhéal in Éirinn le líon suntasach cúrsaí sa
chibearshlándáil, agus tá ar a laghad 8 gcúrsa Máistreachta á dtairiscint anois. Tá tacaíocht
á tabhairt do chláir chibearshlándála tríd an gclár Springboard+ chomh maith, atá ag cabhrú
leo siúd atá i mbun fostaíochta cheana féin athsciliú chun tabhairt faoi róil nó faoi
ghairmeacha nua. Bainfidh tábhacht leis seo de réir mar a bheidh méadú ag teacht ar an
éileamh ar scileanna cibearshlándála.
Sheol an Roinn Gnó, Fiontar agus Nuálaíochta i dteannta le Roinn an Taoisigh, Future Jobs
Ireland i Márta 2019, creat ilbhliantúil nua lena chinntiú go bhfuil ár bhfiontair agus oibrithe
seasmhach agus ullmhaithe le haghaidh na ndúshlán agus na ndeiseanna a bheidh ann
amach anseo. Chomh maith leis sin, cinnteoidh Future Jobs Ireland go mbeidh fiontair agus
oibrithe in ann dul in oiriúint do na hathruithe teicneolaíocha agus claochlaitheacha a mbeidh
ar ár ngeilleagar agus ár sochaí dul i ngleic leo sna blianta amach romhainn. Cé go bhfuil sé
fadréimseach, is é ceann den chúig Cholún laistigh de Future Jobs Ireland “Glacadh leis an
Nuálaíocht agus leis an Athrú Teicneolaíoch”. Aithnítear sa chreat an gá atá le tacar
scileanna nua agus éagsúil chun freastal ar ár ngeilleagar athraitheach agus “tairbhe a
bhaint as réimsí ceannródaíocha teicneolaíocha cosúil le hIntleacht Shaorga, Anailísíocht
Sonraí, Idirlíon na nEarraí agus Blocshlabhra chun cabhrú le cuideachtaí a bheith i mbun
nuálaíochta i dteannta a chéile agus réitigh a fhorbairt”.
Tá sraith uaillmhianta agus táirgí insoláthartha sainaitheanta chun na haidhmeanna seo a
chomhlíonadh lena n-áirítear trí chumas FBManna a mhéadú chun páirt a ghalacadh i
dtaighde & forbairt, oideachas agus oiliúint ar ardchaighdeán a sholáthar, foghlaim ar feadh
an tsaoil a spreagadh, agus rannpháirtíocht i gcláir phrintíseachta a fheabhsú. Tá tús curtha
cheana féin le roinnt tionscnamh faoi na huaillmhianta méantéarmacha atá sonraithe in
40
Future Jobs Ireland 2019. Gach bliain, sonróidh Future Jobs Ireland céimeanna nua chun
na huaillmhianta seo a bhaint amach.
Príomhfhorbairtí
1. Tá Scileanna Teicneolaíochta 2022 foilsithe agus curtha i bhfeidhm.
2. Sheol Skillnet Ireland a Thionscamh Scileanna Cibearshlándála chun clár leathan
tionscnamh a chur ar fáil sa réimse.
3. Sheol Mearchlár Teicneolaíochta Faisnéise Clár Cibearshlándála do phrintísigh.
4. Sheol an Rialtas Future Jobs Ireland, creat ilbhliantúil d’fhorbairt scileanna agus
fiontar, lena n-áirítear an earnáil teicneolaíochta.
8.2. Cuspóirí Infheistiú i dtionscnaimh oideachais chun an lucht oibre a ullmhú le haghaidh gairmeacha TF
agus cibearshlándála.
8.3. Bearta Trí chur chun feidhme Scileanna Teicneolaíochta 2022, Future Jobs Ireland, agus an
Straitéis Rialtais seo, tá sé mar aidhm a chinntiú go bhfuil dóthain ball foirne oilte chun éilimh
fostóirí a chomhlíonadh.
12. Leanfaidh an Rialtas lena chinntiú go bhfuil oiliúint dara agus tríú leibhéal san eolaíocht ríomhaireachta agus sa chibearshlándáil á forbairt agus á húsáid, lena n-áirítear trí thacú leis an obair atá ar bun ag Skillnet Ireland chun cláir oiliúna a fhorbairt do gach leibhéal oideachais agus chun tacú le tionscnaimh SOLAS do chlár TFC printíseachta i gcibearshlándáil.
Leanfaidh an Rialtas ag tacú leis an obair atá ar bun ag Skillnet Ireland chun oiliúint a
fhorbairt agus a chur ar fáil don tionscal príobháideach a bhfuil sé mar aidhm aige
rannpháirtíocht sa lucht oibre cibearshlándála, uasciliú agus forbairt ghinearálta ghairme
a chur chun cinn. Cabhróidh LNCS le tionscnaimh a fhorbairt a spreagann mná tabhairt
faoi ghairm sa réimse cibearshlándála agus rannpháirtithe ó dhisciplíní eile a spreagadh
chun tabhairt faoi thras-oiliúint.
13. Déanfaidh Fondúireacht Eolaíochta Éireann (SFI) cibearshlándáil a chur chun cinn mar rogha gairme i scoileanna agus i gcoláistí tríd an gClár Smart Futures.
41
Is clár comhoibríoch oideachais é Smart Futures atá á reáchtáil ag Fondúireacht
Eolaíochta Éireann a sholáthraíonn eolas faoi ghairmeacha in Eolaíocht, Teicneolaíocht,
Innealtóireacht agus Matamaitic (STEM), do mhic léinn dara leibhéal in Éirinn. Forbróidh
SFI an chomhpháirt Chibearshlándála, trí thairbhe a bhaint as ionchur ó ghairmithe ón
tionscal, le cur san áireamh in Smart Futures ionas go mbeidh mic léinn ar an eolas faoi
raon leathan deiseanna gairme sa réimse.
14. Déanfaidh Fondúireacht Eolaíochta Éireann i dteannta le RGFN agus RCGAC, scrúdú ar an bhféidearthacht trí Chlár Taighde SFI, clár Spoke an Ionaid Taighde nó cláir chomhpháirtíochta fiontair eile chun tionscnamh suntasach i réimse an Taighde Cibearshlándála a mhaoiniú.
Chruthódh an t-ionad taighde seo nasc idir eolaithe agus innealtóirí i gcomhpháirt i
measc an lucht acadúil agus an tionscail chun déileáil le ceisteanna tábhachtacha
taighde.
Beart 12: Leanfaidh an Rialtas lena chinntiú go bhfuil oiliúint dara agus tríú leibhéal san eolaíocht ríomhaireachta agus sa chibearshlándáil á forbairt agus á húsáid, lena n-áirítear trí thacú leis an obair atá ar bun ag Skillnet Ireland chun cláir oiliúna a fhorbairt do gach leibhéal oideachais agus chun tacú le tionscnaimh SOLAS do chlár TFC printíseachta i gcibearshlándáil.
Gníomhartha le Cur i gCrích Amlíne de
réir na
Ráithe
Ceannasaí Príomhpháirtithe
Leasmhara
1 Tacaíocht a chur ar fáil do
thionscnaimh faoi Scileanna
Teicneolaíochta 2022 lena n-áirítear
tionscnaimh phrintíseachta Skillnet
agus TFC a fhorbairt
Go
Leanúnach
RCGAC Skillnet,
SOLAS, ROS
2 Oideachas agus uasoiliúint a chur le
clár oibre Fhóram Slándála TF an
Rialtais mar mhír sheasta
Ráithe 2
2020
LNCS Fóram Slándála
TF an Rialtais
42
3
Tacú le forbairt gearrchúrsa
cibearshlándála don tSraith
Shóisearach, a chinnteoidh go
mbeidh oideachas cibearshlándála á
chur ar fáil ag an dara leibhéal
Ráithe 4
2020
LNCS NCCA
4
Tacú le tionscnaimh a spreagann
mná chun tabhairt faoi ghairm sa
réimse cibearshlándála
Go
Leanúnach
LNCS/ROS Tionscal
Beart 13: Déanfaidh Fondúireacht Eolaíochta Éireann (SFI) cibearshlándáil a chur chun cinn mar rogha gairme i scoileanna agus i gcoláistí tríd an gClár Smart Futures.
Gníomhartha le Cur i gCrích Amlíne de
réir na
Ráithe
Ceannasaí Príomhpháirtithe
Leasmhara
1 Tá LNCS chun comhpháirtithe
tionscail a lorg chun páirt a ghlacadh
in Smart Futures
Ráithe 1
2020
LNCS SFI, Tionscal
2 Oibreoidh LNCS le Smart Futures
chun tacú le tionscnaimh a
spreagann mic léinn bhaineanna
spéis a léiriú sa réimse
cibearshlándála
Ráithe 1-
Ráithe 4
LNCS SFI
Beart 14: Déanfaidh Fondúireacht Eolaíochta Éireann i dteannta le RGFN agus RCGAC, scrúdú ar an bhféidearthacht trí Chlár Ionad Taighde SFI, clár Spoke an Ionaid Taighde nó cláir chomhpháirtíochta fiontair eile chun tionscnamh suntasach i réimse an Taighde Cibearshlándála a mhaoiniú.
Gníomhartha le Cur i gCrích Amlíne de
réir na
Ráithe
Ceannasaí Príomhpháirtithe
Leasmhara
43
1 Gairmeacha a eisiúint ar féidir leis an
bpobal cibearshlándála iad a
fhreagairt
Ráithe 4
2020
SFI LNCS, RGFN,
SFI
2 Tograí a mheas bunaithe ar
phiarmheasúnú neamhspleách
idirnáisiúnta.
Ráithe 1
2021
SFI LNCS, RGFN,
SFI
44
9 Forbairt Fiontar 9.1. An Cás Mar Atá Thacaigh IDA Ireland le hInstitiúid Teicneolaíochta Chorcaí (CIT) le bunú an Chláir ‘Cyber
Ireland’, chun Braisle Cibearshlándála na hÉireann a fhorbairt in Éirinn. Seoladh Cyber
Ireland go hoifigiúil ar an 20 Bealtaine 2019 agus is é Institiúid Teicneolaíochta Chorcaí
(CIT) atá i gceannas air. Tá sé mar aidhm ag an mbraisle náisiúnta seo ionadaíocht a
dhéanamh ar riachtanais na hearnála in Éirinn agus páirteach ann tá páirtithe leasmhara ón
tionscal, lucht acadúil agus ionadaithe rialtais. Spreagfaidh sé comhoibriú, cuirfidh sé le
feasacht ar dheiseanna oideachais agus gairme, cuirfidh sé dlús faoi nuálaíocht, agus
spreagfaidh sé gnó nua sa réimse Cibearshlándála. Tá maoiniú le haghaidh 2 bhliain faighte
ag CIT ón IDA chun an bhraisle a fhorbairt agus tá clár struchtúrtha 7 gcéim forbartha chun
an aidhm seo a chomhlíonadh. Áirítear forbairt Cyber Ireland in Future Jobs Ireland 2019
fianaise ar thiomantas an Rialtais don earnáil a fhorbairt.
Príomhfhorbairtí
1. Tá an Tionscnamh Cyber Ireland seolta, maoinithe ag an IDA, chun cabhrú le forbairt
na hearnála in Éirinn.
9.2. Cuspóirí Feasacht a mhúscailt faoi fhreagrachtaí gnóthaí maidir le slándáil a líonraí, gléasanna agus
faisnéis, agus dlús a chur faoi thaighde agus forbairt sa chibearshlándáil in Éirinn, lena n-
áirítear infheistíocht i dteicneolaíocht nua a éascú.
9.3. Bearta
15. Leanfaidh an Rialtas ag tacú le agus le rannpháirtíocht iomlán le Clár Cyber Ireland, clár atá á mhaoiniú ag an IDA, agus scrúdóidh sé meicníochtaí nua chun tacú le comhoibriú cibearshlándála Tionscail/Acadúil/Rialtais.
Glacfaidh LNCS, i dteannta leis an IDA agus Fiontraíocht Éireann, páirt mar bhaill boird
ghníomhacha tionscnaimh Cyber Ireland ag tacú lena dtionscnamh an tionscal, an lucht
acadúil agus an rialtas a thabhairt le chéile, chun an timpeallacht chibearshlándála in
Éirinn a fheabhsú. Tá baint ghníomhach ag Cyber Ireland le hoideachas agus scileanna
45
a chur chun cinn, fóraim chumarsáide, infheistíocht dhíreach eactrach a mhealladh,
agus taighde agus forbairt.
16. Forbróidh Fiontraíocht Éireann clár cibearshlándála chun naisc chomhoibríocha a éascú idir lucht fiontar agus an pobal taighde, na daoine a bheidh i gceannas ar chur chun feidhme praiticiúil taighde i ngnó.
Ag teacht le misean Fhiontraíocht Éireann, treiseoidh Fiontraíocht Éireann a eolas agus
saineolas earnálach ar thionscnaimh chomhoibríocha thionsclaíocha-acadúla le LNCS
chun scrúdú a dhéanamh ar dheiseanna chun tacú le naisc chomhoibríocha
chibearshlándála a chruthaíonn tairbhe don gheilleagar idir an lucht fiontair agus an
pobal taighde.
Beart 15: Leanfaidh an Rialtas ag tacú le agus le rannpháirtíocht iomlán le Clár Cyber Ireland, clár atá á mhaoiniú ag an IDA, agus scrúdóidh sé meicníochtaí nua chun tacú le comhoibriú cibearshlándála Tionscail/Acadúil/Rialtais.
Gníomhartha le Cur i gCrích Amlíne de
réir na
Ráithe
Ceannasaí Príomhpháirtithe
Leasmhara
1 Tacaíocht tugtha do Cyber Ireland
chun Braisle Chibearshlándála de
Lucht Tionscail, Acadúil agus Rialtais
a fhorbairt
Go
Leanúnach
IDA Cyber Ireland,
FÉ, LNCS,
RGFN
Beart 16: Forbróidh Fiontraíocht Éireann clár cibearshlándála chun naisc chomhoibríocha a éascú idir lucht fiontar agus an pobal taighde, na daoine a bheidh i gceannas ar chur chun feidhme praiticiúil taighde i ngnó.
Gníomhartha le Cur i gCrích Amlíne de
réir na
Ráithe
Ceannasaí Príomhpháirtithe
Leasmhara
1 Lárionad Náisiúnta Inniúlachta
Cibearshlándála a bhunú
Ráithe 1
2021
LNCS LNCS, FÉ,
RGFN.
46
10 Rannpháirtíocht 10.1. An Cás Mar Atá Is réimse idirnáisiúnta é Cibearshlándáil, agus tá go leor impleachtaí aige ar go leor gnéithe
de rannpháirtíocht idirnáisiúnta an Stáit. Tuigimid an tábhacht a bhaineann le cibearshlándáil
mar thosaíocht do bheartas eachtrach. Is dlúthchuid de dhéanamh beartais eachtraigh in
Éirinn le fada é forbairtí sa réimse ach tá sé riachtanach an rannpháirtíocht sin a fhorbairt,
go ginearálta agus ar fud an Aontais Eorpaigh go sonrach.
Ar leibhéal domhanda le 10 mbliana anuas tá méadú tagtha ar an líon ionsaithe agus
teagmhas ardphróifíle, lena n-áirítear ionsaithe ar bhonneagar leictreachais sa Úcráin in
2015 agus na teagmhais ‘Wannacry2’ agus ‘NotPetya’ in 2017. Spreag na teagmhais seo
díospóireacht nua faoi ról na Stát agus an phobail idirnáisiúnta in iompraíocht ar líne Stáit a
mhaolú, agus faoin sraith oiriúnach beart ba cheart do thíortha a úsáid laistigh dá ndlínse
féin chun ionracas agus seasmhacht príomhchóras a chinntiú.
Tá tionscnaimh forbartha ag roinnt eagraíochtaí idirnáisiúnta mar iarracht na
saincheisteanna seo a fhrámú laistigh de chreataí reatha caidreamh idirnáisiúnta. Is é an
ceann is suntasaí díobh seo Grúpa na NA de Shaineolaithe Ginearálta Rialtais (nó GGE).
Bunaíodh é seo in 2004 bunaithe ar phlé a bhí ar siúl ó 1998, bunaithe ar Rún 53/70. Sa
tréimhse ó 2004, bhí cúig atriall ar leith de GGE, agus chomhaontaigh trí cinn ar
thuarascálacha substainteacha, agus theip ar dhá cheann, lena n-áirítear an ceann is
déanaí in 2017, teacht ar chomhaontú.
Ag deireadh 2018, ghlac na Náisiúin Aontaithe le dhá rún nua maidir le ceisteanna
cibearshlándála. Bhunaigh an chéad rún grúpa oibre neamhiata, a tionóladh ar dtús i
Meitheamh 2019 agus a dhíreoidh ar fheasacht a mhúscailt, cur le comhthuiscint agus dlús
a chur faoi chur chun feidhme norm agus prionsabal d’iompar freagrach Stáit a
comhaontaíodh roimhe seo. Tharraing an dara rún aird ar na trí thuarascáil rathúla GGE
agus lorgaíodh GGE eile, le béim ar chur chun feidhme dlí idirnáisiúnta ar chibearspás agus
dlús a chur faoin gcomhaontú maidir le hiompar freagrach Stáit i gcibearspás.
Ag leibhéal réigiúnach, bhí ról níos forchéimnithí ag an Eagraíocht um Shlándáil agus
Comhar san Eoraip (ESCE) agus ag an Aontas Eorpach sa réimse Cibearshlándála. Tá dhá
thacar de bhearta tógála muiníne (BTM) curtha i dtoll a chéile ag ESCE in 2013 agus 2016
chun “comhoibriú idirstáit, trédhearcacht, intuarthacht, agus cobhsaíocht a fheabhsú, agus
chun na rioscaí míbhraistinte, géaraithe, agus coinbhleachta a d’fhéadfadh eascairt as úsáid
TFCanna a laghdú”.
47
Príomhfhorbairtí
1. Ghlac na Náisiúin Aontaithe le dhá rún nua atá dírithe ar chomhoibriú agus ar
fheasacht faoi cheisteanna cibearshlándála a mhúscailt.
2. Chuir ESCE dhá thacar de bhearta tógála muiníne i dtoll a chéile a bhfuil comhoibriú
agus cobhsaíocht á bhfeabhsú acu.
10.2. Cuspóir Leanúint le rannpháirtíocht le comhpháirtithe idirnáisiúnta agus le heagraíochtaí idirnáisiúnta
lena chinntiú go bhfuil an cibearspás oscailte, slán, aonadach agus saor agus in ann forbairt
gheilleagrach agus shóisialta a éascú.
10.3. Bearta 17. Neartófar tiomantas taidhleoireachta na hÉireann do chibearshlándáil, lena n-
áirítear cibir-attachés a bhunú i bpríomh-mhisin taidhleoireachta agus trí pháirt a ghlacadh i bhforbairt acmhainní inbhuanaithe i dtríú tíortha.
Neartóidh Éire a tiomantas taidhleoireachta do chibearshlándáil mar chuid den
tionscnamh ‘Global Ireland’, trí Chibir-Attachés ainmnithe a shannadh do phríomh-
mhisin taidhleoireachta. Bunaithe ar ár dtacaíocht do chibearspás oscailte, saor,
síochánta agus slán, beidh taidhleoireacht choisctheach á héileamh againn inár
rannpháirtíocht idirnáisiúnta. Tacóimid le comhar idirnáisiúnta chun cibearchoireacht a
chomhrac agus comhar foirmiúil agus neamhfhoirmiúil sa chibearspás a chur chun cinn,
trí bheith rannpháirteach i bhforbairt acmhainne inbhuanaithe i dtríú tíortha. Mar chuid
dár dtiomantas do chibearchoireacht a chomhrac, daingneoimid Coinbhinsiún
Bhúdaipéist a luaithe agus is féidir. Beidh infheidhmeacht dlí idirnáisiúnta, lena n-áirítear
dlí daonnúil idirnáisiúnta, agus meas ar chearta an duine mar bhonn lenár dtiomantas
idirnáisiúnta do chibearshlándáil. Soláthróimid tacaíocht inbhuanaithe forbartha
acmhainne do thíortha atá i mbéal forbartha agus do ghníomhaithe sa tsochaí shibhialta
agus cinnteoimid go bhfuil tuiscint iomlán againn ar mhí-úsáidí a d’fhéadfaí a dhéanamh
do chearta an duine, ag díriú ar chosantóirí chearta an duine, agus ag déanamh
monatóireachta/rialaithe ar mhionlaigh eitneacha trí theicneolaíocht.
48
18. Cruthóimid grúpa idir-rannach (GIR) maidir le rialachas Idirlín agus cibirbheartais idirnáisiúnta chun seasamh náisiúnta a chomhordú i Ranna.
Cruthóimid Grúpa Idir-rannach (GIR) maidir le saincheisteanna idirnáisiúnta
cibirbheartais chun rannpháirtíocht maidir le saincheisteanna a mbaineann gné
gheopholaitiúil leo a chomhordú agus chun seasamh comhordaithe maidir le rialachas
Idirlín agus saincheisteanna cibearshlándála a fhorbairt.
19. Cuirfimid lenár rannpháirtíocht reatha le heagraíochtaí idirnáisiúnta, lena n-áirítear trí bheith páirteach san Ionad Barr Feabhais Cibearshlándála (CCD-COE) i dTaillinn, san Eastóin.
Cuirfimid lenár rannpháirtíocht in Eagraíochtaí Idirnáisiúnta atá ag déileáil leis an raon
iomlán saincheisteanna atá i gceist faoin Straitéis seo. Dá réir sin, beidh Éire páirteach
in agus beidh ról iomlán aici san Ionad Barr Feabhais Cibearshlándála (CCD-COE) i
dTaillinn, an Eastóin. Áireofar anseo, ar dtús, iasachtú baill de na Fórsaí Cosanta2 chuig
an Ionad in am agus i dtráth. Soláthróimid tacaíocht iomlán do na próisis NA atá ag
iarraidh creat le haghaidh cobhsaíocht sa chibearspás a fhorbairt agus a chur chun
feidhme.
Beart 17: Neartófar tiomantas taidhleoireachta na hÉireann do chibearshlándáil, lena n-áirítear cibir-attachés a bhunú i bpríomh-mhisin taidhleoireachta agus trí pháirt a ghlacadh i bhforbairt acmhainní inbhuanaithe i dtríú tíortha.
Gníomhartha le Cur i gCrích Amlíne de
réir na
Ráithe
Ceannasaí Príomhpháirtithe
Leasmhara
1 Cibir-Attachés a cheapadh do
Phríomh-Mhisin Taidhleoireachta.
Ráithe 3
2020
RGET LNCS
2 Coinbhinsiún Bhúdaipéist Ráithe 2
2021
Roinn Dlí
agus Cirt
LNCS, Roinn an
Taoisigh
2 Cé go ndéanfar an t-imlonnú tosaigh chuig CCD-COE ó na Fórsaí Cosanta, d’fhéadfadh go mbeadh na ndaoine a n-imlonnaítear ina dhiaidh sin ina mbaill foirne sibhialta nó míleata de réir fhaomhadh ón Rialtas.
49
3 Clár d’fhorbairt acmhainne
inbhuanaithe do thíortha atá i mbéal
forbartha a fhorbairt
Ráithe 2
2021
RGET,
LNCS
LNCS
Beart 18: Cruthóimid grúpa idir-rannach (GIR) maidir le rialachas Idirlín agus cibirbheartais idirnáisiúnta chun seasamh náisiúnta a chomhordú i Ranna.
Gníomhartha le Cur i gCrích Amlíne de
réir na
Ráithe
Ceannasaí Príomhpháirtithe
Leasmhara
1 GIR a bhunú chun nithe a bhaineann
le cibirbheartas a chomhordú
Ráithe 2
2020
RGET LNCS, Gach
Roinn Rialtais
Beart 19: Cuirfimid lenár rannpháirtíocht reatha le heagraíochtaí idirnáisiúnta, lena n-áirítear trí bheith páirteach san Ionad Barr Feabhais Cibearshlándála (CCD-COE) i dTaillinn, san Eastóin.
Gníomhartha le Cur i gCrích Amlíne de
réir na
Ráithe
Ceannasaí Príomhpháirtithe
Leasmhara
1 Iasachtú bhall FC do CCD-COE Ráithe 4
2020
LNCS FC, R/Cosanta,
RFET
50
11 Saoránaigh 11.1. An Cás Mar Atá I dtéarmaí feasacht maidir le cibearshlándáil, tá roinnt tionscnamh náisiúnta tábhachtach
bunaithe le blianta beaga anuas, go háirithe sa chóras oideachais. Ina measc tá Webwise,
tionscnamh sábháilteachta Idirlín atá á chómhaoiniú ag an Roinn Oideachais agus
Scileanna agus á oibriú ag an tSeirbhís um Fhorbairt Ghairmiúil do Mhúinteoirí (PDST)
Teicneolaíocht san Oideachas, a thacaíonn le húsáid uathrialaitheach, éifeachtach, agus
níos sábháilte an Idirlín i measc daoine óga trí straitéis leanúnach faisnéise agus feasachta
atá dírithe ar thuismitheoirí, múinteoirí, agus leanaí iad féin, le teachtaireachtaí
comhsheasmhacha agus ábhartha lena n-áirítear treoir maidir le húsáid inghlactha i
scoileanna.
Tá raon acmhainní forbartha lena n-áirítear “UP2US”, “My Selfie and the wider world” agus
“Lockers”; agus an Mol Tuismitheoireachta ar líne: Webwise Parents; agus ‘Be in Ctrl’, a
thacaíonn le múinteoirí labhairt lena mic léinn faoi chomhéigean gnéasach agus sracadh ar
líne. I lár 2019, seoladh an acmhainn ‘HTML Heroes’, a bhfuil sé mar aidhm leis cabhrú agus
tacú le hoideoirí cabhrú le leanaí idir aois 7–10 mbliana foghlaim faoi úsáid shábháilte agus
fhreagrach an Idirlín, na meáin shóisialta san áireamh.
Tá Smart Futures á chomhordú ag Fondúireacht Eolaíochta Éireann i gcomhpháirt le
heagraíochtaí agus le lucht acadúil. Soláthraíonn an clár eolas faoi ghairmeacha in
eolaíocht, teicneolaíocht, innealtóireacht agus matamaitic (STEM), do mhic léinn dara
leibhéal in Éirinn. Cothaíonn Smart Futures rannpháirtíocht idir treoirchomhairleoirí,
múinteoirí agus an tionscal chun acmhainní agus gníomhaíochtaí a fhorbairt chun spéis a
chothú i measc mac léinn. Tá eolas le fáil ar an suíomh gréasáin Smart Futures faoin raon
leathan deiseanna atá ar fáil cosúil le cúrsaí, printíseachtaí, féilte agus imeachtaí. I mí
Feabhra 2019, sheol Smart Futures feachtas náisiúnta nua dar teideal “I get paid to do this” i
gcomhpháirt leis an Roinn Oideachais agus Scileanna. Tá an feachtas dírithe ar acmhainn
ar líne de phróifílí faoi ghairmithe atá ag obair i dtionscail STEM chun léargas a thabhairt do
mhic léinn ar an méid is féidir leo a bheith ag súil leis ó ghairm in STEM agus na deiseanna
éagsúla a bheidh ar fáil dóibh.
I láthair na huaire, tá an clár seo á chur chun feidhme ag Grúpa Urraitheoirí faoi
Chathaoirleacht na Roinne Oideachais & Scileanna. Leagfar amach in achtú Acht um
Shábháilteacht Ar Líne conas is féidir linn a chinntiú go bhfuil dul chun cinn déanta maidir le
breis sábháilteachta leanaí ar líne. Áireofar anseo, den chéad uair, ionchas soiléir a shonrú
51
do sholáthraithe seirbhíse chun céimeanna réasúnacha a dhéanamh chun sábháilteacht
úsáideoirí na seirbhíse a chinntiú.
Príomhfhorbairtí
1. Trí chlár leanúnach faisnéise agus feasachta, sholáthair Webwise treoir do
thuismitheoirí, múinteoirí agus leanaí maidir le húsáid shábháilte an Idirlín.
2. Tá Smart Futures seolta chun eolas a chur ar fáil do mhic léinn dara leibhéal maidir
le gairmeacha i ndisciplíní a bhaineann le heolaíocht, teicneolaíocht, innealtóireacht
agus matamaitic.
11.2. Cuspóir Cur leis an leibhéal ginearálta scileanna agus feasachta i measc daoine aonair maidir le
cleachtais bhunúsacha chibearshláinteachais agus tacú leo trí fhaisnéis agus trí oiliúint.
11.3. Bearta Trí dhea-chleachtais chibearshláinteachais a fhorbairt sa daonra trí chéile is féidir linn sochaí
níos sláine a chruthú. Baineann tábhacht ar leith le feasacht ar chibir-rioscaí i ngrúpaí
leochaileacha den daonra.
20. Forbróidh an Rialtas feachtas náisiúnta faisnéise cibearshlándála a úsáidfidh faisnéis a bheidh curtha ar fáil ag LNCS agus Biúró Cibearchoireachta Náisiúnta an Gharda Síochána, agus beidh eintitis a bhfuil baint dhíreach acu le soláthar faisnéise i mbun an fheachtais a reáchtáil.
Forbrófar agus cuirfear Cibirfheachtas feasachta náisiúnta i bhfeidhm i measc an
phobail. Bainfidh an clár seo leas as taithí LNCS agus Biúró Cibearchoireachta an
Gharda Síochána, agus forbrófar é seo mar iarracht chomhoibríoch idir roinnt
comhpháirtithe, lena n-áirítear PDST agus an Coimisinéir um Shábháilteacht Ar Líne. Is
é an aidhm atá leis an bhfeachtas seo feasacht na sochaí maidir le cibir-rioscaí coitianta
a fheabhsú cosúil le cibearshláinteachas bunúsach agus cumadh cúinse. Chomh maith
leis sin, éascóidh sé feachtais feasachta níos spriocdhírithe atá dírithe ar ghrúpaí
leochaileacha cosúil le leanaí agus daoine scothaosta, lena n-áirítear faisnéis a chur ar
fáil do Webwise.
52
Beart 20: Forbróidh an Rialtas feachtas náisiúnta faisnéise cibearshlándála a úsáidfidh faisnéis a bheidh curtha ar fáil ag LNCS agus Biúró Cibearchoireachta Náisiúnta an Gharda Síochána, agus beidh eintitis a bhfuil baint dhíreach acu le soláthar faisnéise i mbun reáchtáil an fheachtais.
Gníomhartha le Cur i gCrích Amlíne de
réir na
Ráithe
Ceannasaí Príomhpháirtithe
Leasmhara
1 Tacú le cur san áireamh leanúnach
míreanna cibearshlándála i gcláir
Webwise
Ráithe 4
2020
RCGAC CCGS, ROS
2 Feachtas feasachta poiblí a fhorbairt
chun faisnéis maidir le
cibearshlándáil agus cosc na
cibearchoireachta a chur san
áireamh.
Ráithe 1
2021
LNCS, An
Coimisinéir um
Shábháilteacht
ar Líne
RCGAC, CCGS,
RDC, ROS
53
12 Creat Rialachais agus Freagrachtaí
12.1. Struchtúr Rialachais Éileoidh an Straitéis Náisiúnta Cibearshlándála a chur ar fáil creat agus struchtúr rialachais, i
dtéarmaí freagairt oibríochtúil agus comhpháirteanna uileghabhálacha na Straitéise féin.
12.2. An Straitéis Náisiúnta Cibearshlándála a Chur ar Fáil Is é an Coiste Comh-Aireachta um Shlándáil an príomh-mhodh a bheidh ann chun freagairtí
ar shaincheisteanna slándála náisiúnta a chomhordú. Cruthófar Coiste Idir-rannach
Ardleibhéil, áfach, a bhuailfidh le chéile faoi dhó sa bhliain, a bheidh freagrach as dul chun
cinn chomh fada is a bhaineann leis na Bearta faoin Straitéis seo a mheas agus a
thuairisciú, agus as comhaontú maidir le haon leasuithe ar na gníomhartha atá le déanamh
chun iad seo a chomhlíonadh.
54
Aguisín 1 Liosta Gníomhartha Forbairt Náisiúnta Cumais
Beart 1: Déanfar tuilleadh forbartha ar an Lárionad Náisiúnta Cibearshlándála, go háirithe ag féachaint dá chumas monatóireacht a dhéanamh ar agus freagairt do theagmhais chibearshlándála agus bagairtí atá ag forbairt sa Stát.
Gníomhartha le Cur i gCrích Amlíne de
réir na
Ráithe
Ceannasaí Príomhpháirtithe
Leasmhara
1 Plean mionsonraithe teicniúil agus
eagraíochtúil do JSOC.
Ráithe 4 2020 LNCS RCGAC
2 Ceadú a fháil acmhainní agus foireann a
chur ar fáil le haghaidh fhorbairt LNCS
Ráithe 2 2021 LNCS RCGAC, RCPA
3 JSOC fréamhshamhla a fhorbairt in
acmhainn eatramhach
Ráithe 4 2021 LNCS ONP, RCGAC
4 Áis Deiridh JSOC a Choimisiúnú i
gCeanncheathrú LNCS
Ráithe 2 2023 LNCS ONP, RCGAC
Beart 2: Comhtháthófar faisnéis agus anailís bhagartha ullmhaithe ag an Lárionad Náisiúnta Cibearshlándála le hobair an Ionaid Náisiúnta um Anailís Slándála.
Gníomhartha le Cur i gCrích Amlíne de
réir na
Ráithe
Ceannasaí Príomhpháirtithe
Leasmhara
1 Socruithe Foirmiúla Tuairiscithe agus
Comhroinnte Faisnéise a bhunú le INAS
Ráithe 1 2020 LNCS INAS
55
Cosaint Bonneagar Náisiúnta Criticiúil
Beart 3: Leanfar leis an gcóras reatha do Chosaint an Bhonneagair Chriticiúil bunaithe ar an Treoir NIS a úsáid agus a fhorbairt, agus leagfar béim ar leith ar chláir leanúnacha chomhlíontachta agus iniúchta chun rioscaí do phríomhsheirbhísí a mhaolú.
Gníomhartha le Cur i gCrích Amlíne de
réir na
Ráithe
Ceannasaí Príomhpháirtithe
Leasmhara
1 An chéad chéim d’Fhéinmheasúnú na
nOibreoirí Seirbhísí Bunriachtanacha
(OSB) i gcomparáid leis an gCreat
Rialaithe Slándála a chur i gcrích
Ráithe 1 2020 LNCS OSB Ainmnithe
2 An chéad chéim de Thástáil Rialaithe
Slándála d’Oibreoirí Seirbhísí
Bunriachtanacha (OSB) a chur i gcrích
Ráithe 3 2020 LNCS OSB Ainmnithe
3 Athmheasúnú a dhéanamh ar Chlár na
OSB Ainmnithe agus Treoirlínte Slándála
Ráithe 3 2020 LNCS
4 Tástáil Rialaithe Slándála i ndiaidh
teagmhas, agus iniúchtaí leanúnacha ar
chomhlíontacht OSB
Go leanúnach LNCS OSB Ainmnithe
Beart 4: Déanfaidh LNCS, le cúnamh ó na Fórsaí Cosanta agus An Garda Síochána, measúnú riosca mionsonraithe nuashonraithe ar leochaileacht reatha gach Bonneagar Náisiúnta Criticiúil agus seirbhísí do chibirionsaí.
Gníomhartha le Cur i gCrích Amlíne de
réir na
Ráithe
Ceannasaí Príomhpháirtithe
Leasmhara
1 Grúpa Stiúrtha bunaithe agus téarmaí
tagartha don athbhreithniú
comhaontaithe
Ráithe 1 2020 LNCS CCGS, FC, INAS,
BCÉ, COMREG,
CRF, ÚEÉ
2 An chéim bailithe faisnéise críochnaithe,
agus modheolaíocht comhaontaithe
Ráithe 3 2020 LNCS CCGS, FC, INAS,
BCÉ, COMREG,
56
CRF, ÚEÉ
3 An Próiseas Measúnaithe a chríochnú,
lena n-áirítear comhairliúchán
idirnáisiúnta agus measúnú
mionsonraithe ar idirspleáchais
thrasearnála.
Ráithe 2 2021 LNCS CCGS, FC, INAS,
BCÉ, COMREG,
CRF, ÚEÉ
4 Tuarascáil Deiridh agus Moltaí Curtha i
gCrích
Ráithe 4 2021 LNCS CCGS, FC, INAS,
BCÉ, COMREG,
CRF, ÚEÉ
Beart 5: Forbrófar agus leathnófar córas cosanta reatha an Bhonneagair Náisiúnta Chriticiúil thar shaolré na Straitéise chun raon níos leithne de Bhonneagar Náisiúnta Criticiúil a chur san áireamh, lena n-áirítear gnéithe den chóras toghcháin.
Gníomhartha le Cur i gCrích Amlíne de
réir na
Ráithe
Ceannasaí Príomhpháirtithe
Leasmhara
1 Cinn Billí a Dhréachtú le Comhaontú ag
an Rialtas
Ráithe 4 2021 RCGAC OAA
2 Próiseas Dréachtaithe le OAA Ráithe 1 2022 RCGAC OAA
3 Próiseas Oireachtais Ráithe 2 2022 RCGAC OAA, Oireachtas
Beart 6: Déanfar tuilleadh forbartha ar na grúpaí comhroinnte faisnéise atá á n-oibriú ag an Ionad Náisiúnta Cibearshlándála cheana féin, agus leathnófar an Grúpa Comhroinnte Bagartha atá ann cheana féin chun raon níos leithne de bhonneagar náisiúnta criticiúil a chur san áireamh.
Gníomhartha le Cur i gCrích Amlíne de
réir na
Ráithe
Ceannasaí Príomhpháirtithe
Leasmhara
1 Cur le hionadaithe reatha an Ghrúpa
Comhroinnte Bagartha (GCB) chun BNC
a chur san áireamh, le Téarmaí Tagartha
nua.
Ráithe 2 2020 LNCS CCGS, FC, BNC
57
2 Socruithe reatha na Ríochta
Aontaithe maidir le comhroinnt
faisnéise agus freagairt do
theagmhais a bheachtú, le béim ar
leith ar chosaint bonneagair chriticiúil
Thuaidh-Theas
Ráithe 4 2020 LNCS OPÉ, CPNI na
Ríochta Aontaithe
Beart 7: Bunóidh an Rialtas tacar breise de chaighdeáin chomhlíontachta chun tacú le cibearshlándáil an bhonneagair teileachumarsáide sa Stát.
Gníomhartha le Cur i gCrích Amlíne de
réir na
Ráithe
Ceannasaí Príomhpháirtithe
Leasmhara
1 Trasuíomh Threoir 2018/1972 Ráithe 4 2020 RCGAC LNCS, Comreg
2 Tacaíocht Theicniúil a chur ar fáil do
Comreg
Ráithe 4 2020 LNCS Comreg
3 Cur chun feidhme beart slándála
athbhreithnithe
Ráithe 1 2021 Comreg RCGAC, LNCS,
Oibreoirí
Teileachumarsáide
58
Sonraí agus Líonraí na hEarnála Poiblí
Beart 8: Forbróidh LNCS caighdeán slándála bonnlíne atá le cur i bhfeidhm ag gach Roinn Rialtas agus príomhghníomhaireacht.
Gníomhartha le Cur i gCrích Amlíne de
réir na
Ráithe
Ceannasaí Príomhpháirtithe
Leasmhara
1 Íoschaighdeán oiriúnach a dhearadh do
TF an Rialtais, i gcomhar le Fóram
Slándála TF an Rialtais.
Ráithe 4
2021
LNCS/OPOFR
/Fóram TF an
Rialtais
Ranna Rialtais
agus
príomhghníomhair
eachtaí
2 Bearta, rialuithe agus nósanna imeachta
cur chun feidhme mionsonraithe a
fhorbairt.
Ráithe 1
2022
LNCS/OPOFR
/Fóram TF an
Rialtais
Ranna Rialtais
agus
príomhghníomhair
eachtaí
3 Ábhar treorach agus tacaíochta maidir le
measúnú comhlíontachta a dhréachtú
d’fhoirne TF agus d’Aonaid Iniúchta
Inmheánacha.
Ráithe 2
2022
LNCS/OPOFR
/Fóram TF an
Rialtais
Ranna Rialtais
agus
príomhghníomhair
eachtaí
4 Tacú le Ranna Rialtais agus le
Príomhghníomhaireachtaí le cur chun
feidhme an chaighdeáin bonnlíne.
Go
leanúnach
LNCS/OPOFR
/Fóram TF an
Rialtais
Ranna Rialtais
agus
príomhghníomhair
eachtaí
5 Measúnú a dhéanamh ar chur chun
feidhme an chaighdeáin bonnlíne
Ráithe 4
2023
LNCS/OPOFR
/Fóram TF an
Rialtais
Ranna Rialtais
agus
príomhghníomhair
eachtaí
59
Beart 9: Cuirfear an Clár ‘Sensor’ reatha i bhfeidhm i ngach Roinn Rialtais, agus déanfar measúnú faoin dáta céanna ar an bhféidearthacht a bhaineann le Sensor a chur i bhfeidhm i ngach líonra Rialtais.
Gníomhartha le Cur i gCrích Amlíne de
réir na
Ráithe
Ceannasaí Príomhpháirtithe
Leasmhara
1 Sensor a úsáid sa bhonneagar TF sa 15
Roinn Rialtais.
Ráithe 4
2020
LNCS Gach Roinn
Rialtais, Fóram
Slándála TF an
Rialtais
2 Athbhreithniú a dhéanamh ar chostais
agus ar shaincheisteanna dlí a
bhaineann le cur chun feidhme Sensor i
Líonraí an Rialtais, ag cumhdach TFC
na hearnála poiblí, agus an toradh a
chur faoi bhráid an Rialtais chun
cinneadh a dhéanamh.
Ráithe 4
2021
LNCS OPOFR OAA,
RCPA
Beart 10: Cruthófar fóram Slándála TF an Rialtais, a mbeidh cead ag Ceannasaithe Shlándáil TF ar fud an Rialtais a bheith páirteach ann, chun comhroinnt faisnéise maidir le dea-chleachtas le haghaidh cibearshlándáil a éascú agus chun cead a thabhairt do LNCS tacú le húsáid a bhaint as an gcaighdeán slándála bonnlíne.
Gníomhartha le Cur i gCrích Amlíne de
réir na
Ráithe
Ceannasaí Príomhpháirtithe
Leasmhara
1 Acmhainní a chur ar fáil chun Foireann
TF na hEarnála Poiblí a chruthú in LNCS,
agus Téarmaí Tagartha a bhunú don
Fhóram
Ráithe 1 2020 LNCS OPOFR, Gach
Roinn Rialtais
2 Seisiún faisnéisithe a phleanáil do gach
Ceannasaí Slándála TF chun cur síos a
dhéanamh ar aidhm an Fhóraim Slándála
Ráithe 1 2020 LNCS OPOFR, Gach
Roinn Rialtais
60
3 Cruinnithe ráithiúla den Fhóram a bhunú
agus Cathaoirleach agus Rúnaí a
cheapadh
Ráithe 4 2020 LNCS OPOFR, Gach
Roinn Rialtais
Beart 11: Éileoidh an Rialtas ar LNCS Moltaí a eisiúint ag féachaint d’úsáid bogearraí agus crua-earraí sonracha ar bhonneagar TF agus teileachumarsáide an Rialtais.
Gníomhartha le Cur i gCrích Amlíne de
réir na
Ráithe
Ceannasaí Príomhpháirtithe
Leasmhara
1 Réasúnaíocht agus Téarmaí Tagartha
Ullmhaithe agus curtha faoi bhráid an
Rialtais lena gComhaontú
Ráithe 3 2020 LNCS OPOFR, CCGS,
FC, INAS
2 Éifeacht tugtha do Phróiseas Molta
LNCS
Ráithe 4 2020 LNCS OPOFR, CCGS,
FC, INAS
Scileanna
Beart 12: Leanfaidh an Rialtas lena chinntiú go bhfuil oiliúint dara agus tríú leibhéal san eolaíocht ríomhaireachta agus sa chibearshlándáil á forbairt agus á húsáid, lena n-áirítear trí thacú leis an obair atá ar bun ag Skillnet Ireland chun cláir oiliúna a fhorbairt do gach leibhéal oideachais agus chun tacú le tionscnaimh SOLAS do chlár TFC printíseachta i gcibearshlándáil.
Gníomhartha le Cur i gCrích Amlíne de
réir na
Ráithe
Ceannasaí Príomhpháirtithe
Leasmhara
1 Tacaíocht a chur ar fáil do thionscnaimh
faoi Scileanna Teicneolaíochta 2022 lena
n-áirítear tionscnaimh phrintíseachta
Skillnet agus TFC a fhorbairt
Go
Leanúnach
RCGAC Skillnet, SOLAS,
ROS
2 Oideachas agus uasoiliúint a chur le clár
oibre Fhóram Slándála TF an Rialtais
mar mhír sheasta
Ráithe 2 2020 LNCS Fóram Slándála
TF an Rialtais
3 Tacú le forbairt gearrchúrsa Ráithe 4 2020 LNCS NCCA
61
cibearshlándála don tSraith Shóisearach,
a chinnteoidh go mbeidh oideachas
cibearshlándála á chur ar fáil ag an dara
leibhéal
4
Tacú le tionscnaimh a spreagann mná
chun tabhairt faoi ghairm sa réimse
cibearshlándála
Go
Leanúnach
LNCS/ROS/ Tionscal
Beart 13: Déanfaidh Fondúireacht Eolaíochta Éireann (SFI) cibearshlándáil a chur chun cinn mar rogha gairme i scoileanna agus i gcoláistí tríd an gClár Smart Futures.
Gníomhartha le Cur i gCrích Amlíne de
réir na
Ráithe
Ceannasaí Príomhpháirtithe
Leasmhara
1 Tá LNCS chun comhpháirtithe tionscail a
lorg chun páirt a ghlacadh in Smart
Futures
Ráithe 1 2020 LNCS SFI, Tionscal
2 Oibreoidh LNCS le Smart Futures chun
tacú le tionscnamh a spreagann mic léinn
bhaineanna spéis a léiriú sa réimse
cibearshlándála
Ráithe 1-
Ráithe 4
LNCS SFI
Beart 14: Déanfaidh Fondúireacht Eolaíochta Éireann i dteannta le RGFN agus RCGAC, scrúdú ar an bhféidearthacht trí Chlár Ionad Taighde SFI, clár Spoke an Ionaid Taighde nó cláir chomhpháirtíochta fiontair eile chun tionscnamh suntasach i réimse an Taighde Cibearshlándála a mhaoiniú.
Gníomhartha le Cur i gCrích Amlíne de
réir na
Ráithe
Ceannasaí Príomhpháirtithe
Leasmhara
1 Gairmeacha a eisiúint ar féidir leis an
bpobal cibearshlándála iad a fhreagairt
Ráithe 4 2020 SFI LNCS, RGFN,
SFI
2 Tograí a mheas bunaithe ar
phiarmheasúnú neamhspleách
idirnáisiúnta.
Ráithe 1 2021 SFI LNCS,RGFN,SFI
62
Forbairt Fiontar
Beart 15: Leanfaidh an Rialtas ag tacú le agus le rannpháirtíocht iomlán le Clár Cyber Ireland, clár atá á mhaoiniú ag an IDA, agus scrúdóidh sé meicníochtaí nua chun tacú le comhoibriú cibearshlándála Tionscail/Acadúil/Rialtais.
Gníomhartha le Cur i gCrích Amlíne de
réir na
Ráithe
Ceannasaí Príomhpháirtithe
Leasmhara
1 Tacaíocht tugtha do Cyber Ireland chun
Braisle Chibearshlándála de Lucht
Tionscail, Acadúil agus Rialtais a
fhorbairt
Go
Leanúnach
IDA Cyber Ireland,
LNCS, FÉ, RGFN
Beart 16: Forbróidh Fiontraíocht Éireann clár cibearshlándála chun naisc chomhoibríocha a éascú idir lucht fiontar agus an pobal taighde, na daoine a bheidh i gceannas ar chur chun feidhme praiticiúil taighde i ngnó.
Gníomhartha le Cur i gCrích Amlíne de
réir na
Ráithe
Ceannasaí Príomhpháirtithe
Leasmhara
1 Lárionad Náisiúnta Inniúlachta
Cibearshlándála a bhunú
Ráithe 1 2021 LNCS LNCS, RGFN, FÉ
Rannpháirtíocht
Beart 17: Neartófar tiomantas taidhleoireachta na hÉireann do chibearshlándáil, lena n-áirítear cibir-attachés a bhunú i bpríomh-mhisin taidhleoireachta agus trí pháirt a ghlacadh i bhforbairt acmhainní inbhuanaithe i dtríú tíortha.
Gníomhartha le Cur i gCrích Amlíne de
réir na
Ráithe
Ceannasaí Príomhpháirtithe
Leasmhara
1 Cibir-Attachés a cheapadh do Phríomh-
Mhisin Taidhleoireachta.
Ráithe 3 2020 RGET LNCS
63
2 Coinbhinsiún Bhúdaipéist Ráithe 2 2021 Roinn Dlí
agus Cirt
LNCS, Roinn an
Taoisigh
3 Clár d’fhorbairt acmhainne inbhuanaithe
do thíortha atá i mbéal forbartha a
fhorbairt
Ráithe 2 2021 RGET, LNCS LNCS
Beart 18: Cruthóimid grúpa idir-rannach (GIR) maidir le rialachas Idirlín agus cibirbheartais idirnáisiúnta chun seasamh náisiúnta a chomhordú i Ranna.
Gníomhartha le Cur i gCrích Amlíne de
réir na
Ráithe
Ceannasaí Príomhpháirtithe
Leasmhara
1 GIR a bhunú chun nithe a bhaineann le
cibirbheartas a chomhordú.
Ráithe 2 2020 RGET LNCS, Gach
Roinn Rialtais
Beart 19: Cuirfimid lenár rannpháirtíocht reatha le heagraíochtaí idirnáisiúnta, lena n-áirítear trí bheith páirteach san Ionad Barr Feabhais Cibearshlándála (CCD-COE) i dTaillinn, san Eastóin.
Gníomhartha le Cur i gCrích Amlíne de
réir na
Ráithe
Ceannasaí Príomhpháirtithe
Leasmhara
1 Iasachtú bhall FC do CCD-COE Ráithe 4 2020 LNCS FC, R/Cosanta,
RFET
Saoránaigh
Beart 20: Forbróidh an Rialtas feachtas náisiúnta faisnéise cibearshlándála a úsáidfidh faisnéis a bheidh curtha ar fáil ag LNCS agus Biúró Cibearchoireachta Náisiúnta an Gharda Síochána, agus beidh eintitis a bhfuil baint dhíreach acu le soláthar faisnéise i mbun reáchtáil an fheachtais.
Gníomhartha le Cur i gCrích Amlíne de
réir na
Ráithe
Ceannasaí Príomhpháirtithe
Leasmhara
64
1 Tacú le cur san áireamh leanúnach
míreanna cibearshlándála i gcláir
Webwise
Ráithe 4 2020 RCGAC CCGS, ROS
2 Feachtas feasachta poiblí a fhorbairt
chun faisnéis maidir le cibearshlándáil
agus cosc na cibearchoireachta a chur
san áireamh.
Ráithe 1 2021 LNCS, An
Coimisinéir um
Shábháilteacht
ar Líne
RCGAC, CCGS,
RDC, ROS