Ministers Ryan and Smyth launch the National Cyber Security Strategy 2019-2024 Mid-Term Review

• review sets out 18 new strategic actions to be implemented within the lifetime of the strategy
• investment in building NCSC capacity and addressing cyber security skills gap are priorities

Minister for the Environment, Climate and Communications, Eamon Ryan, and Minister of State at the Department of the Environment, Climate and Communications, Ossian Smyth, today published the Mid-Term Review of the National Cyber Security Strategy, 2019-2024.

The Mid-Term Review sets out 18 new strategic actions to be implemented within the lifetime of the strategy. These have been developed following a public consultation as well as engagement with stakeholders from across the public and private sectors.

Responding to the cyber security skills gap in Ireland and globally, the Mid-Term Review includes new measures to continue the development of relevant cyber skills to fill skills gaps and support the potential growth of the cyber security industry in Ireland. In addition, a priority action will see the development of a whole-of-government cyber security industrial strategy to support Ireland’s cyber security industry to achieve its potential.

The government will continue investment in building the capacity of our National Cyber Security Centre (NCSC) particularly in its ability to monitor and respond to cyber security incidents and developing threats in the State such as ransomware. The government has agreed to expand the range of entities supported by the NCSC, including a number of new measures to support SMEs and other stakeholders. The Mid-Term Review will also ensure Ireland plays a full and active part in the cyber discussions in the EU and internationally and is fully prepared to implement the revised EU Network and Information Systems Directive (NIS2) from next year.

The delivery of these measures will continue to be overseen by the existing high-level Inter-departmental Committee, and annual reports will be published to provide greater transparency on the implementation of the Strategy.

Speaking following the publication today, Minister Ryan said:

Minister Smyth said:

The 18 new strategic actions span the Strategy’s 7 thematic areas of focus, including, amongst others:

• National Capacity Development: The NCSC will establish and lead a National Counter-Ransomware Task Force to coordinate efforts to respond to this severe cyber threat
• Critical National Infrastructure Protection: Develop further sectoral information sharing networks with relevant operators of critical national infrastructure and important industry sectors including Digital Infrastructure and Energy Sectors
• Public Sector Data and Networks: Provide the NCSC with the necessary legal authority and technical capabilities to carry out security assessments of ICT systems for the handling of sensitive and confidential data
• Skills: Facilitate the ongoing development of a centralised repository of educational and apprenticeship courses in cybersecurity at all levels and throughout the country, and use this data to develop materials for schools, guidance counsellors and others to raise awareness of careers in cyber security and learning pathways
• Enterprise Development: Implement a financial support programme for SMEs and other societal stakeholders, in accordance with EU provisions, to improve cybersecurity resilience and facilitate innovation
• Engagement: Publish Ireland’s national position on the application of international law in cyberspace, to contribute to international efforts to clarify the applicable legal framework and promote responsible State behaviour in cyberspace
• Citizens: Develop and publish on a more frequent basis tailored advice and guidance documents on steps that can be taken by citizens, SMEs, schools and educational institutions, and community and voluntary organisations to prevent and mitigate cyber security risks

The National Cyber Security Strategy, published in 2019, is a five-year whole of government strategy aimed at enhancing the security and resilience of government systems and critical national infrastructure. The Strategy set out a range of collaborative measures to enhance the cyber security and resilience of public bodies, providers of essential services, businesses, and households, to support the continued development of the cyber security industry and research community, and to ensure Ireland plays an active role in the international discussions on the security and stability of a free and open cyberspace.

At its publication in 2019, the government indicated its intention to review the Strategy at its mid-point to assess progress and consider new initiatives to ensure delivery across all the measures outlined therein. A consultation paper was launched in December 2022 and provided a brief account of progress to date in delivering the measures under the 2019 Strategy and posed possible future measures for the remaining years of the strategy. Stakeholders and members of the pubic were invited to assess actions taken to date and the proposed future actions and provide their submissions.

The public consultation was open for submissions for an eight-week period, from 12 December 2022 to 7 February 2023. During this period we were grateful to receive a large number of written submissions. In addition to written submissions, a series of webinars and roundtable meetings were held with key stakeholder groups. The consultation process generated valuable data from multiple perspectives, all of which was considered for the final Mid-Term Review report. Progress on the strategy measures achieved to date was positive. In direct response to the consultation results the Mid-Term Review includes ambitious new measures to be achieved within the Strategy’s lifetime. The ambition of the Strategy continues to adapt and respond to the changed and changing cyber-threat landscape.