The risk of attack on critical infrastructure, including power stations and energy networks has so far been underestimated. This was shown in the lack of cooperation of the particular institutions, the low awareness of the threat and small funds allocated for security program. Poland, as well as most European countries, do not protect their critical infrastructure sufficiently – concluded panelists participating in “Cybersecurity of the energy sector” conference organized by the Casimir Pulaski Foundation.

For the last two decades, operators of critical infrastructure in Poland have underestimated cyber threats. Nobody would have imagined that cyber attack could neutralize all security levels applicated in power stations or transmission lines. In recent years, the use of cyberspace for military purposes has increased significantly. Currently behind cyber attacks stand modern systems and huge amounts of money. With that scale of the threat Poland has no possibilities to deal with – says dr hab. inż. Konrad Świrski, Professor at Warsaw Technical University and President of Transition Technologies SA. If we want to compare Poland to the other European countries in terms security of critical infrastructure certainly it is not a satisfactory level. Not satisfactory but no bad.

One reason for this situation is that until Government Centre for Security in 2012 issued “Critical Infrastructure Protection Programme” there haven’t been effective attempts to increase awareness of the growing threat of cyberattacks. The experts agreed on the fact that such efforts should be made to create similar documents from year to year. The initiative stimulated by the state should force the business sector involved in critical infrastructure appropriate control of mechanisms of defense. The United Kingdom can be pointed as an example of such action, where information campaign on this topic covered more than 1,000 businesses companies.

The transparency of the activities of the state in this sector is also crucial. Due to the fact that the reports prepared by the Internal Security Agency are classified, it is not possible to analyze individual causes and draw from them the appropriate conclusions. As noted by Mr. Mirosław Maj, President of the Secure Cyberspace Foundation, it is necessary to create “sectoral CERT”, which will focus on activities in the energy sector.

The event took place within “Cybersecurity of Poland” conference cycle, which is a part of Road to Warsaw Security Forum 2015.

Author: Kamil Gapiński, Paweł Gołębiewski

Photo: Tucanradio