The Minister of State at the Department of the Environment, Climate and Communications, Ossian Smyth T.D., has today published Cyber Security Baseline Standards and associated implementation guidelines for use by Public Service Bodies.
The publication of Baseline Standards was one of the key measures identified in the National Cyber Security Strategy 2019-2024. The Strategy stated that, under Measure 8, the NCSC (Nationals Cyber Security Centre) would formulate Baseline Standards in conjunction with the OGCIO (Office of the Government Chief Information Officer).
The main goal of the Cyber Security Baseline Standards is to improve the resilience and security of information and communications technology infrastructure and systems (ICT) in Public Service Bodies.
Speaking today, Minister Smyth said: “The publication of the Cyber Security Baseline Standards will ensure that there is a common understanding of Cyber Security Standards across Public Service Bodies. The standards form a broad framework for a set of measures that can be revised over time.
“These standards follow a holistic and comprehensive approach to cyber security issues. They will effectively help to address cyber security challenges. They will improve the resilience and cyber security of our Public Service Bodies.”
The Cyber Security Baseline Standards provide a clearly-communicated set of security policies and procedures, to support good cyber security risk management, whilst also reflecting business objectives. They are aligned with international standards and include measures and controls in relation to staff training, identity and access management.
The practical use of the standards, through documentation and recording, will be a critical element in developing and reviewing the cyber security maturity of each organisation. This will be done, with a focus on the five core functions identified in the Baseline Standards: Identify; Protect; Detect; Respond; and Recover. This process will develop a mature understanding of the security risks throughout the organisations.
Cyber security preparedness
Cyber security is a key element in the governance of any organisation. These Cyber Security Baseline Standards will be used by Public Service Bodies as a baseline to gauge their organisation’s cyber security preparedness.
The standards will also align with future wider cyber-related requirements. To enable Public Sector Bodies to evolve with the progression of cyber security technology, and as the maturity level of each organisation evolves, it is envisaged that there will be subsequent releases and updates of the Baseline Standards every 18-24 months. This will promote long-term consistency and facilitate early alignment with the future NIS2 Directive, regarding public administration, which is a new essential sector addition to the NIS2 Directive.
The Cyber Security Baseline Standards can be accessed/viewed at this link: https://www.gov.ie/en/publication/d1fd5-cyber-security-baseline-standards/.
ENDS
NOTES TO THE EDITOR
The process for drawing up the standards was managed by a Steering Group, with representation from stakeholders in eight Government Departments and four Agencies.
In addition to the Department of the Environment, Climate and Communications, Departments/Agencies that were represented included:
- The Department of the Taoiseach
- The office of Government Chief Information Officer (OGCIO)
- The Department of Social Protection
- The Revenue Commissioners
- The Department of Defence
- The Department of Foreign Affairs
- The Department of Housing, Planning and Local Government
- The Department of Justice
- The Local Government Management Agency (LGMA)
- SOLAS
- The Office of Public Works (OPW)
- The National Shared Services Office (NSSO)