- The Irish government is introducing new security measures to ensure increased protection against cyberattacks.
- Around 70 agencies responsible for critical services must implement security measures and report security incidents.
Details of the regulation
The regulations spell out a number of principles that must be accounted for when implementing security measures.
- Any incident that affects the security of the company’s network of information must be reported to the computer security incident response team (CSIRT) in the Department of Communications, Climate Action and Environment.
- These guidelines are said to support the National Cyber Security Strategy, which has not been released yet.
- Initially published in draft form, these guidelines were open for comments till 27 February 2019. The final version has been published after taking the comments into consideration.
“We must ensure that those who operate essential services in the State are protected from hacking and other cyber risks. These new guidelines will ensure that the relevant organizations have the necessary safeguards in place to protect themselves and the people they serve,” said Richard Bruton, Ireland’s Minister for Communications, Climate Action and the Environment.
Who are these guidelines for?
“The measures required include the application of a set of binding network and information system security and incident reporting obligations to a wide range of critical infrastructure operators, termed ‘Operators of Essential Services’ (or OES) including energy, transport, health, drinking water supply and distribution and digital infrastructure,” reads the guidelines.
Procedure for reporting an incident
A copy of the incident reporting form must first be obtained by writing an email to the addresses specified in the regulation.
The incident reporting form requires the affected agency to fill out various fields such as incident details, current situation details, and lessons learned among others.