In March 2017, the Polish Ministry of Digital Affairs published the draft Cyber Security Strategy for the years 2017-2022, as an extensive update of the 2013 edition ( “Cyberspace protection policy of the Republic of Poland”).
The new strategy identifies mechanisms and measures to strengthen Poland's cyber security capabilities by 2022. The draft comes with the announcement of a dedicated fund to finance the development of such capabilities within the state budget.
The strategy defines four objectives:
Obj. 1 - Ensuring a coordinated capacity to combat cyber-threats at nationa level.
Obj. 2 - Increasing Poland's capability to counter such threats.
Obj. 3 - Enhancing the digital competences of local entities.
Obj. 4 - Strengthening Poland's international position in the field of cyber security.
The objectives will be achieved through a number of measures, including the implementation of new legislation, facilitating investments in technology, and overhauling the institutional framework.
Poland set up a coordinating national body in July 2016, under the auspices of the country's computer-research organisation, NASK. The Polish national cyber security centre (Poland NC Cyber) started operating in the same month, and is responsible for facilitating security collaboration between sectors and for being an early-warning system. Two key drivers are behind the establishment of Poland NC Cyber: EU regulation (primarily NIS Directive) and a recognised need to improve mechanisms for dealing with incidents (2015 audit: National Audit Office (NAO) has issued an IT Audit report on Cyber Security across Government entities).
NATIONAL CYBERSECURITY STRATEGY - NIS Capacities
|Year of adoption||
2017 (2017-2022); 2013
The first national cyber security strategy was launched in 2013 by the Ministry of Public Administration and Digitisation (MAC) and Internal Security Agency (ABW) Cyberspace protection policy of the Republic of Poland (English).
|Updates and revisions||
In March 2017, a draft cyber security strategy was published in for the years 2017 to 2022, in response to the changing threat landscape and to the European NIS Directive on protecting national networks and systems, and which demands a more coordinated approach from EU members.
Since the first national cyber security strategy of 2013, Poland has been conducting research on cyber security under NASK, with a focus on developing new security technologies. NASK increased its involvement in security in 1995 with the establishment of the country's Computer Emergency Response Team (CERT), and has been expanding ever since.
The Poland NC Cyber commenced operations in July 2016. In that year, it managed 1,926 incidents, not just because of a rise of cyber events but also because of increased awareness. NC Cyber is now the prime institution that private companies can turn to for security notifications. The centre's role is to secure national assets by protecting key services as defined in the NIS Directive. However, it is not involved with cyber-defence in a military or anti-terrorism context. Details about its target operating model are still being defined.
|Implementation and monitoring||
Currently, the Digital Affairs Ministry coordinates all questions related to national cyber-defence policy. However, under the new 2017-2022 plan, the coordination of the military dimension of the country's cyber-defence will be delegated to the Defence Ministry, which has unveiled plans to boost spending on cyber security.
The new plans are based on an interdisciplinary approach and were drafted by an inter-governmental group comprising representatives from the Digital Affairs Ministry, the Ministry of Defence, the Interior Affairs and Administration Ministry, the Research and Academic Computer Network, as well as a several national agencies, including the Internal Security Agency and the National Security Bureau.
Poland has several established several Computer Security Incident Response (CSIRT)/Computer Emergency Response (CERT) teams:
NASK has organised a series of events related to EU regulations and international co-operation:
The draft Cyber Security Strategy 2017-2022 provides for a new legal framework based on a review of existing legislation to ensure harmonisation, increase efficiency, and improve the flow of information among all stakeholders.
Legislative work will be also be required to regulate producing, handling, acquiring and using specialised tools that allow to perform military activities in cyberspace by the Ministry of Defence.
|Public Private partnerships||
While there are no specific references to public-private partnerships, Poland has startups disrupting existing industries such as finance with a focus on cyber security and data encryption (CeBIT, April 2017).
|Date of last WISER analysis||July 2017 (complete revision)|
Compliance with the GDPR and NIS Directive: Report a cyber incident
|Reporting a cyber incident to CSIRT/CERT||
CERT.GOV.PL - government agencies and public administration:
PIONIER-CERT - Polish scientific broadband network (service incidents) by the Security Team of the Poznan Supercomputing and Networking Center (PSNC).
CERT Orange Poland (CERT OPL)
|Guidance and Updates||
New roles for monitoring are defined in the draft strategy for 2017-2022, including the involvement of Poland NC Cyber, which now operates the early-warning system.
|Languages||Polish and English|
|Date of last WISER analysis||July 2017 (complete update)|