The Cyber Defence Strategy of the Republic of Poland
Discussion about protecting cyber space of Poland should be started off by analyzing the issue of coordination. Nowadays cyber defence cannot be maintain by only one institution. Unfortunately, the divion of competence among numerous entities remains quite unclear – claimed the participants of conference ‘The Cyber Defence Strategy of the Republic of Poland’
The capability to protect cyber space of Poland is restrained by inefficient division of competence, which remain conferred on several entities. The main issue lays in legislative regulations – the accountability of respective institutions lacks firm legal foundations – claimed dr Krzysztof Liedel, the Director of the Department of Legal and Non-Military Affairs in National Security Bureau (BBN). However, we should not create an additional organization with coordinatory functions. In dr Liedel’s opinion, enhancing cooperation between already existing institutions is to be perceived as a better solution. Nowadays, such cooperation is framed by mutual agreements, not by legislation. Appropriate legal solutions would guarantee sufficient exchanging of information between aforementioned institutions. Certain scope of cooperation could be coordinated by one of the governmental institutions, e.g. the Government Centre for Security.
Furthermore, the necessity of having numerous entities responsible in the field of cyber defence is questionable. Nowadays, competence in this matter hold ABW, Armed Forces of the Republic of Poland and the Counterintelligence. – In the most serious cases such situation could lead to decision-making obstruction – stated płk dr hab. inz. Piotr Dela from the National Security Faculty of the National Defence University. However, recently the situation has slightly improved, particularly in the field of defining essential terms. On the initiative of the President of the Republic of Poland, first definitions concerning cyber defence have been incorporated into respective legislative regulations (i.a. the State of Emergency Act).
During the conference experts several times emphasized the importance of proper protection of critical infrastructure against cyber attacks. In this regard, human factor should be perceived as the weakest link. –Training and raising awareness is a must. We should educate people about network security from the level of elementary school, it doesn’t cost much” – estimated płk Dela.
The matter of cyber defence – especially perceived from the educational point of view – is the main area of interest at the National Centre for Research and Development (NCBiR), where a special section, dedicated to this field, has been created. – People interested in research in the field of cyber space can apply for grants through two EU operational programs: the “Knowledge
Education Development” and the “Intelligent Development” – explained dr inż. Stanisław Dyrda, an expert from the NCBiR. – Funds dedicated for cyber defence have increased in recent years. For instance, 120 mln zlotych was spent on the National Cryptology Center – he said.
The cooperation with the industry in the field of cybersecurity is vital. Unfortunately, the research is not being used. The institutions of higher education have a difficult time attempting to reach the Administration. The reasons for that are unknown – assessed płk Dela. The cooperation between the private sector and the Administration is crucial, if the State wants to operate with a sufficient defence potential in the cyberspace. However, coordinating this cooperation proves problematic and is dependent on many factors. There are also other priorities – enterprises are above all profit-oriented. According to experts, this does not always go hand in hand with security – although the private sector was invited to work on “The Doctrine of the Cybersecurity of Poland”, both sides have rejected the rule of private-public partnership. Working out new mechanisms of cooperation is necessary – said dr Liedel.
A significant personnel problem was also signaled. – Cybersecurity should be a domain of a large group of highly qualified specialists. We are talking about substantial resources, even couple of thousands professionals. However, there are no facilities for them, the universities do not educate that sort of people – judged dr Stanisław Dyrda. The experts are also sceptical about the issue of international cooperation. According to Liedel there is a need for cooperation but it is vital to start working from the foundations. – States and international organisations need to agree on the basic definitions. Cybersecurity knows no borders. Therefore it is hard to imagine any action in this field without international cooperation. Currently, the Internet functions like the so called Wild West. The regulation cannot keep up with the technological development – the issue of actions on the internet, which result in crime in real world has not yet been regulated, he added. European cooperation in the area of cyber must also face the potential conflict of interests of different countries – the cooperation in that field might end like in the case of common foreign policy or the European Army – emphasized Dela.
Adequate preparation of a country for action in the cyberspace is also an assurance of offensive capabilities. “The Doctrine of Cybersecurity of Poland” sets i.a. combating (disorganising, interfering and destroying) the sources of threat as its operational objective. The Doctrine is a document of a general nature, setting directions. At this stage we do not have any offensive capabilities – assessed Liedel. According to the Director, this area also suffers from a lack of formal legitimacy. – The Doctrine is not a legislation but it was accepted by the National Security Council and state institutions pledged to implement it – he added.
The event took place within “Cybersecurity of Poland” conference cycle, which is a part of Road to Warsaw Security Forum 2015.
Author: Kamil Gapiński
Photo: Krzysztof Żuczkowski, Polska Zbrojna