We need your help now

Support from readers like you keeps The Journal open.

You are visiting us because we have something you value. Independent, unbiased news that tells the truth. Advertising revenue goes some way to support our mission, but this year it has not been enough.

If you've seen value in our reporting, please contribute what you can, so we can continue to produce accurate and meaningful journalism. For everyone who needs it.

Shutterstock/Eugenio Marongiu
Online threats

Mandatory security requirements introduced to protect companies against cyber attacks

The requirements will apply to service providers in sectors such as digital communications, transport, drinking water supply and healthcare.

NEW MANDATORY SECURITY requirements have been announced to protect Ireland’s national infrastructure providers against cyber attacks and online threats.

The security requirements, which have already been the subject of a public consultation, will apply to all Operators of Essential Services (OES) in areas such as energy, digital communications, transport, drinking water supply and healthcare.

Speaking today, Communications Minister Denis Naughten said information technology and digital technology is “an integral part of almost all services on which individuals, businesses, families and communities in this State rely”.

“Critical national infrastructure such as energy, telecommunications and transport networks and services such as healthcare, financial services, education and drinking water supply and distribution have been optimised through internet technology, which also increases their vulnerability to cyber-attacks,” he stated. 

Naughten made the comments at the Data Summit taking place at Croke Park conference centre in Dublin today.

Five themes 

The security requirements are built around five central themes – Identify, Protect, Detect, Respond and Recover – which provide an overall view of an organisation’s management of cybersecurity risk.

Each operator is required to assess and implement appropriate security measures to address the five key areas, taking into account sector specific factors and the identified risks of their own organisation and its environment.

The process of identifying OES has been underway for some time, and the notification process will commence immediately. Those entities likely to be selected have already been informally notified that they have been designated as such, a spokesperson for the Department of Communications noted.

However, the method and timing of implementation of the measures under each theme will vary between OES, depending on their own risk assessments and the specifics of the sector in which they operate.

Naughten added that there are “continuous challenges that operators of essential services are experiencing in this area every day and it is critical that Ireland is in a position to guarantee the continuity of those services”.

Ireland also has to apply and police a new regulatory regime on Digital Service Providers such as cloud computing providers, search engines providers and providers of online marketplaces.

In this regard, there is ongoing consultation with relevant stakeholders to identify such providers.

Readers like you are keeping these stories free for everyone...
A mix of advertising and supporting contributions helps keep paywalls away from valuable information like this article. Over 5,000 readers like you have already stepped up and support us with a monthly payment or a once-off donation.

Your Voice
Readers Comments
This is YOUR comments community. Stay civil, stay constructive, stay on topic. Please familiarise yourself with our comments policy here before taking part.
Leave a Comment
    Submit a report
    Please help us understand how this comment violates our community guidelines.
    Thank you for the feedback
    Your feedback has been sent to our team for review.

    Leave a commentcancel