On 7 December 2015, the EU Council reached an informal agreement with the EU Parliament on the draft Network and Information Security (NIS) Directive.The draft Directive sets out cybersecurity obligations for operators of essential services in the healthcare, banking, energy and transport sectors, and also digital service providers (including e-commerce platforms, search engines, social networks, internet payment gateways, and cloud services). These operators will be required to take measures to manage cyber risks and report major security incidents.
Last month the Department of Communications, Energy and Natural Resources published the Government’s National Cyber Security Strategy 2015-2017 (the Strategy).
In 2013 the World Economic Forum classified cyber related threats as one of the highest of all global risks from the perspective of impact and likelihood. This assessment was echoed at a national level in the Government’s 2014 National Risk Assessment. The development and proliferation of Information and Communications technology (ICT) has transformed the way in which society operates. There are few sectors of both society and the economy which do not rely on some form of ICT for their continued operation. This increased dependence has led to increased risk with threats such as hacking, cyber-crime, hacktivism, cyber espionage, software failures and even human error posing a direct threat not only to the daily lives of Irish citizens but also to the economy and the State.