Readers like you keep news free for everyone.
More than 5,000 readers have already pitched in to keep free access to The Journal.
For the price of one cup of coffee each week you can help keep paywalls away.
Shutterstock/Eugenio Marongiu
# Online threats
Mandatory security requirements introduced to protect companies against cyber attacks
The requirements will apply to service providers in sectors such as digital communications, transport, drinking water supply and healthcare.
NEW MANDATORY SECURITY requirements have been announced to protect Ireland’s national infrastructure providers against cyber attacks and online threats.
The security requirements, which have already been the subject of a public consultation, will apply to all Operators of Essential Services (OES) in areas such as energy, digital communications, transport, drinking water supply and healthcare.
Speaking today, Communications Minister Denis Naughten said information technology and digital technology is “an integral part of almost all services on which individuals, businesses, families and communities in this State rely”.
“Critical national infrastructure such as energy, telecommunications and transport networks and services such as healthcare, financial services, education and drinking water supply and distribution have been optimised through internet technology, which also increases their vulnerability to cyber-attacks,” he stated.
Naughten made the comments at the Data Summit taking place at Croke Park conference centre in Dublin today.
Five themes
The security requirements are built around five central themes – Identify, Protect, Detect, Respond and Recover – which provide an overall view of an organisation’s management of cybersecurity risk.
Each operator is required to assess and implement appropriate security measures to address the five key areas, taking into account sector specific factors and the identified risks of their own organisation and its environment.
The process of identifying OES has been underway for some time, and the notification process will commence immediately. Those entities likely to be selected have already been informally notified that they have been designated as such, a spokesperson for the Department of Communications noted.
However, the method and timing of implementation of the measures under each theme will vary between OES, depending on their own risk assessments and the specifics of the sector in which they operate.
Naughten added that there are “continuous challenges that operators of essential services are experiencing in this area every day and it is critical that Ireland is in a position to guarantee the continuity of those services”.
Ireland also has to apply and police a new regulatory regime on Digital Service Providers such as cloud computing providers, search engines providers and providers of online marketplaces.
In this regard, there is ongoing consultation with relevant stakeholders to identify such providers.
