Details of the regulation
The regulations spell out a number of principles that must be accounted for when implementing security measures.
“We must ensure that those who operate essential services in the State are protected from hacking and other cyber risks. These new guidelines will ensure that the relevant organizations have the necessary safeguards in place to protect themselves and the people they serve,” said Richard Bruton, Ireland’s Minister for Communications, Climate Action and the Environment.
Who are these guidelines for?
“The measures required include the application of a set of binding network and information system security and incident reporting obligations to a wide range of critical infrastructure operators, termed ‘Operators of Essential Services’ (or OES) including energy, transport, health, drinking water supply and distribution and digital infrastructure,” reads the guidelines.
Procedure for reporting an incident
A copy of the incident reporting form must first be obtained by writing an email to the addresses specified in the regulation.
The incident reporting form requires the affected agency to fill out various fields such as incident details, current situation details, and lessons learned among others.