Poland (PL)

Current Status: Poland has adopted a national strategy on cybersecurity in 2013. “Cyberspace protection policy of the Republic of Poland

The National Security Bureau (BBN) published the Polish cybersecurity doctrine in January 2015.

Principles:

  • The Polish cybersecurity doctrine emphasizes the need for "pursuing active cyberdefence, including offensive actions in cyberspace, and maintaining readiness for cyberwar," protection and defence of Polish teleinformation systems and accumulated data, and supporting key private firms in their cybersecurity efforts. 

Main goals:

  1. Increasing the level of security of the State ICT infrastructure.
  2. Improving the capacity to prevent and combat threats from cyberspace
  3. Reducing the impact of incidents threatening the ICT security.
  4. Determining the competence of entities responsible for the security of cyberspace.
  5. Creating and implementing a coherent system of cyberspace security management for all government administration entities and establishing guidelines in this area for non-state actors.
  6. Creating a sustainable system of coordination and exchange of information between the entities responsible for the security of cyberspace and the cyberspace users
  7. Increasing awareness of the cyberspace users on the methods and safety measures in cyberspace.

The objectives of the Policy are implemented through:

  1. the coordination system to prevent and respond to threats and attacks on cyberspace, including attacks of a terrorist nature;
  2. the widespread adoption of mechanisms for the prevention and early detection of threats to the cyberspace security and the proper procedure for the identified incidents among the government administration units as well as non-state actors;
  3. the general and specialized social education in the field of security of CRP.

 

Year of adoption Established in June 2013 by Ministry of Public Administration and Digitisation (MAC) and Internal Security Agency (ABW) Cyberspace protection policy of the Republic of Poland (English)  
Updates and revisions

Cybersecurity Doctrine of the Republic of Poland 2015 (summary in English)

The National Security Bureau (BBN) published the Polish cybersecurity doctrine in 2015,
Implementation and monitoring

The entity coordinating the implementation of the Policy, on behalf of the Council of Ministers, is the minister responsible for informatization.

The Ministry of Administration and Digitization, The Ministry of National Defense and the Internal Security Service are the officially recognized agencies responsible for implementing a national cybersecurity strategy, policy and roadmap.

In facilitating sharing of cybersecurity assets across borders or with other nation states, Poland has officially recognized partnerships with the following through CERT.GOV.PL and CERT Polska:

TF-CSIRT and FIRST.

Poland also participates in international cybersecurity activities with the following: - ENISA - NATO.
Public-private partnerships There is no information on any officially recognized national or sector-specific programs for sharing cybersecurity assets within the public and private sector in Poland.
Date of last WISER analysis November 2016

 

Current status: NIS Directive and national CERTs/CSIRTs

Computer security 

CERT.GOV.PL <www.cert.gov.pl> was established in 2008. It is responsible for coordinating security and incident response measures for Polish state authorities and entities engaged with critical infrastructure.

In the implementation of tasks relating to the security of CRP the Governmental Computer Security Incident Response Team CERT.GOV.PL is acting as the primary CERT in the area of government administration and the civil area.

cert@cert.gov.pl
Telephone:      +48 22 58 59 373

The first CERT created in Poland was the CERT Polska:
Report an incident:cert@cert.pl
E-mail: info@cert.pl
Telephone: +48 22 380 82 74

CERT Polska was established in 1996. It acts on behalf of the Research and Academic Network in Poland (NASK) to coordinate incident response measures across .pl domain hosts.

Followed by the PIONIERCERT (Computer Security Incident Response Team that has been established to provide effective incident response service to members and users of Polish Scientific Broadband Network PIONIER (and POL34/622):
To report an incident to PIONIER-CERT via email you should send the message to the address: cert@pionier.gov.pl (or directly to cert@man.poznan.pl )

And the TP CERT (Computer Emergency Response Team) ensures the safety of users of the Polish telecommunications network. The activity of TP CERT is to monitor threats to the security systems connected to the TP network and responding to detected threats, especially in incidents reported by users. The main task of the team is to take the necessary actions in cases of cyber-security threats.
cert.opl@orange.com
 

There is also SRnIK (Computer Incident Response System of the Ministry of National Defense)
Only for information on incidents directly or indirectly related to computer systems and networks belonging to the Ministry of National Defense of Poland are to be reported to SRnIK.

Monitoring system

Poland has officially recognized ARAKIS-GOV as a national program for sharing cybersecurity assets within the public sector.

  Early Warning System http://arakis.pl/pl/ews/ (only in Polish)

Report an incident Incident submission:   
incydent@cert.gov.pl
Telephone: +48 22 58 59 373
Languages Polish/English
Date of last WISER analysis November 2016

 

Contact us for more info