Poland's Ministry of Digital Affairs presented the country's latest cybsersecurity strategy in 2019: Cybersecurity Strategy of the Republic of Poland for 2019-2024 (English). It is the third national strategy, with the first coming out in 2013 and the second in 2017 as an extensive update of the former.
The new strategy lays emphasis on increasing th country's resilience to cyber-attacks and improve data protection in the public, military and private sector, pledging to develop the national cybersecurity system, expand the information exchange on cyber threats and enhance coordination between law enforcement agencies. The national research institute, NASK, plays a key role in implementing the strategy from a research and educational perspective.
It builds on the 2017 strategy, which covered the following strategic goals in the ENISA self-assessment classification: Cybercrime, citizen awareness, critical information infrastructure protection, national cyber contingency plans, international cooperation, public-private partnership, incident response capability, institutionalised form of cooperation between public agencies, baseline security requirements, incident reporting mechanisms, R&D, cyber security exercises, training and educational programmes.
EDUCATION AND TRAINING IN NATIONAL CYBERSECURITY STRATEGY
|Education & Citizen Awareness||
Citizen Awareness: The strategy sets out measures for creating conditions for the safe use of cyberspace by citizens as a top priority. As a national institute, NASK - Cybersecurity is tasked with supporting education and awareness-raising about cyber threats. Its centre for strategic analysis assesses various strategic, regulatory and organisational aspects of cybersecurity, as well as educational and awareness about cyberspace security. To this end, it runs its own social projects and training programmes for businesses and institutions with a special focus on IT security.
NASK has been taking part in the EC's Safer Internet Programme (Safer Internet) for many years, promoting the safe use of new technologies and the Internet by children and young people, providing materials and best practices for educating society on cybersecurity (Stój. Pomyśl. Połącz, Bezpieczne Wybory).
Primary and secondary education: The strategy highlights the importance of:
Poland has been conducting research on cybersecurity since 2013 under NASK - Cybersecurity with the aim of developing new security technologies. NASK R&D facilities support research and analyses on new technology applications and implementations. Its cybersecurity-related R&D activities are centred around developing new, effective methods and techniques of identifying, analysing and responding to network and IT system security threats. Our activities also lead to the finding of practical applications for these new solutions, by creating our own innovative products, including products which make it possible to detect and counteract threats.
Commercially oriented achievements include the ARAKIS Enterprise, a cybersecurity early warning system for businesses and BotSense systems, offering real-time detection of account theft attempts and unauthorised transactions for the financial sector. BotSense won the Portfiel WPROST 2017 award in the security category.
The strategy sets out several measures to build on this national legacy aimed at stimulating research and development on cybersecurity, such as:
Research programmes will be based on cooperation between the academic and scientific community with a view to:
Research and development activities will be carried out also in the area of international cooperation within the EU and NATO. Important tasks for ensuring cybersecurity are performed by non-governmental organisations, which are very efficient organisers of educational activities for society and providers of analyses coupled with viewpoints on public administration. It is also possible to acquire experts with unique skills through analytical centres for the purposes of solving complex cybersecurity issues. In this regard, Poland will create its own innovative products, including products that make it possible to detect and counteract threats.
The strategy defines a wide-ranging professional training programme across public administration, education and entrepreneurs.
Local government and public administration:
Higher Education and Research:
|Capacity building and standards||
Prioritising the capacity to preventt and respond to incidents is key to increasing resilience in public and private organisations. To this end, the national strategy underscores the importance of developing and implementing national cybersecurity standards and disseminating good practices and recommendations.
Supply chain security:
Security tests and audits:
Increasing the national capacity in the area of cybersecurity technology:
|Higher Education Courses on Cybersecurity||
The Polish government has made a commitment to ensuring security in cyberspace is part of a joint effort between the private sector, the public sector and citizens based on trust and shared responsibility for cybersecurity.
EU Cyber Professional Register for national stakeholders
The CYBERWISER.eu CyPR is all about boosting opportunities in the cybersecurity marketplace.
This European Cybersecurity Professional Register is the place where professionals, juniors or seniors, age can promote their specific skill sets and experiences in cybersecurity, courses taken and qualifications.
Organisations of any size or sector from SMEs to large companies and public institutions can find and contact the right skills and experiences they need to improve their IT security posture.
|Latest Update & Disclaimer||
The information contained here is based on desk research carried out by CYBERWISER.eu, including the ENISA interactive maps on national strategies and educational courses.
Cysersecurity Response Teams: GDPR and NIS Directive Compliance and Notification
|CSIRT - Computer Security Incident Response Team||
The NASK CSIRT operates in accordance with the Act on the national security system, which implements the Polish legal system the EU Directive on the security of network and information systems (NIS Directive). The act appoints three institutions to serve as response teams – the Internal Security Agency (GOV CSIRT in English; in Polish), NASK – National Research Institute (NASK CSIRT) and the Ministry of National Defence (MON CSIRT), which work with one another and with other organs responsible for cybersecurity. Together, they constitute a coherent and complete national risk management system, combating cybersecurity threats, both sector-specific and cross-border, as well as coordinating the handling of all reported incidents. The institutions making up the national cybersecurity system form a cohesive whole which renders it possible to take a wide range of effective actions to counteract threats and successfully respond to hazards.
NASK has organised a series of events related to EU regulations and international co-operation:
|Reporting a cyber incident||
Every public institution performing public obligations specified in the Act on the national cybersecurity system, depending on the information system utilised, as well as key service operators, must appoint a person responsible for staying in contact with national cybersecurity system institutions. The NASK CSIRT must be informed about appointing or changing a contact person within 14 days. In order to register a contact person responsible for staying in touch with the national cybersecurity system institutions, please fill out the form available here or contact:
Please include the following information:
• Subject/organisation name
• Your sector (public administration, financial, energy etc.)
• Full name of the contact person, including their mobile phone number and business email address.
A paper version must be signed by a person authorised to make cybersecurity-related decisions in your institution.
|Languages||Polish and English|
|Latest Update & Disclaimer||
The information contained here is the result of desk research carried out by CYBERWISER.eu.