This site uses cookies to improve your experience and to provide services and advertising. By continuing to browse, you agree to the use of cookies described in our Cookies Policy. You may change your settings at any time but this may impact on the functionality of the site. To learn more see our Cookies Policy.
OK
Dublin: 9 °C Tuesday 23 April, 2019
Advertisement

Mandatory security requirements introduced to protect companies against cyber attacks

The requirements will apply to service providers in sectors such as digital communications, transport, drinking water supply and healthcare.

Image: Shutterstock/Eugenio Marongiu

NEW MANDATORY SECURITY requirements have been announced to protect Ireland’s national infrastructure providers against cyber attacks and online threats.

The security requirements, which have already been the subject of a public consultation, will apply to all Operators of Essential Services (OES) in areas such as energy, digital communications, transport, drinking water supply and healthcare.

Speaking today, Communications Minister Denis Naughten said information technology and digital technology is “an integral part of almost all services on which individuals, businesses, families and communities in this State rely”.

“Critical national infrastructure such as energy, telecommunications and transport networks and services such as healthcare, financial services, education and drinking water supply and distribution have been optimised through internet technology, which also increases their vulnerability to cyber-attacks,” he stated. 

Naughten made the comments at the Data Summit taking place at Croke Park conference centre in Dublin today.

Five themes 

The security requirements are built around five central themes – Identify, Protect, Detect, Respond and Recover – which provide an overall view of an organisation’s management of cybersecurity risk.

Each operator is required to assess and implement appropriate security measures to address the five key areas, taking into account sector specific factors and the identified risks of their own organisation and its environment.

The process of identifying OES has been underway for some time, and the notification process will commence immediately. Those entities likely to be selected have already been informally notified that they have been designated as such, a spokesperson for the Department of Communications noted.

However, the method and timing of implementation of the measures under each theme will vary between OES, depending on their own risk assessments and the specifics of the sector in which they operate.

Naughten added that there are “continuous challenges that operators of essential services are experiencing in this area every day and it is critical that Ireland is in a position to guarantee the continuity of those services”.

Ireland also has to apply and police a new regulatory regime on Digital Service Providers such as cloud computing providers, search engines providers and providers of online marketplaces.

In this regard, there is ongoing consultation with relevant stakeholders to identify such providers.

  • Share on Facebook
  • Email this article
  •  

About the author:

Órla Ryan

Read next:

COMMENTS (21)

This is YOUR comments community. Stay civil, stay constructive, stay on topic. Please familiarise yourself with our comments policy here before taking part.
write a comment

    Leave a commentcancel