Poland - Cybersecurity Strategy of the Republic of Poland 2019-2024

The main objective of the Strategy is to increase the level of resilience against cyber threats and the level of information protection in sectors: public, military and private. The promotion of knowledge and good practices among citizens will also improve the protection of information.

The document sets out five specific objectives:

• Specific objective 1 – Development of the national cybersecurity scheme. On the basis of the practice of the system, an evaluation of the legal provisions, including the National Cyber Security System Act and implementing regulations, will be carried out. The update of the legislation is intended to help improve the efficiency of the cybersecurity system in Poland. Steps will be taken to develop and build a cyber-resilient information sharing system to facilitate national security governance. In addition, in order to enhance the security of essential and digital services as well as of critical infrastructure, the Integrated Cyber Security Management System of the Republic of Poland will be implemented. The development and implementation of a methodology for risk estimation at national level is also an important element for increasing the level of cybersecurity.
• Specific objective 2 – Increasing the level of resilience of information systems of the public administration and the private sector and achieving the capacity to prevent and respond effectively to incidents includes the development of National Cybersecurity Standards. The aim is to increase the resilience of public administration information systems. The Ministry of Digitalisation has now finalised the Cybersecurity Standards for Computing Metrics. Further standards will be progressively developed for applications, mobile devices, servers and networks, among others. Action will be taken to implement the so-called. The Cybersecurity Act, which entails the creation and subsequent maintenance and development of a national cybersecurity assessment and certification system, which will enable the Republic of Poland to obtain a full European and internationally recognised status of producer country in the field of cybersecurity solutions. A national cybersecurity certification authority should also be designated to issue European cybersecurity certificates and supervise national conformity assessment bodies for products, services and processes with the requirements set out in European cybersecurity certification schemes. The Ministry will support KSC entities in the context of audits, which entails the development of a common audit methodology for all sectors.
• Specific objective 3 – Increasing national capacity in cybersecurity technologies. Cooperation with the National Centre for Research and Development under the CyberSecIdent Programme – Cybersecurity and Identity will continue. The programme allows Polish research centres and companies to apply for grants for research and development of state-of-the-art technologies and solutions in cybersecurity. As part of the development of an effective public-private partnership, the Cybersecurity Cooperation Programme (PWCyber), i.e. agreements with leaders in innovative technologies, will continue.
• Specific objective 4 – Building awareness and societal competences on cybersecurity. It is necessary to improve the skills of staff not only in entities important for Poland’s cybersecurity system, but it is also important to put in place systemic solutions to provide substantive support for improving the competences of employees of both the government administration and local government units. Given the numerous challenges related to cybersecurity, it is important to continuously raise public awareness through, inter alia, dedicated education programmes and awareness-raising campaigns.
• Specific objective 5 – Building a strong international position of the Republic of Poland in the area of cybersecurity. Building Poland’s international position as a strong and competent player in the area of cybersecurity is also an important element of the Ministry of Digitalisation’s action plan. We plan to carry out intensive activities at European Union level, including within the NIS Cooperation Groups. A strong expert voice from Poland is required in the context of possible amendments to the NIS Directive or the work on a European cybersecurity certification scheme. At the same time, the Ministry attaches great importance to the work of the Horizontal Working Party of the Council of the EU on Cybersecurity, where directional decisions on cybersecurity are taken, the Ministry of Digital Affairs plans to intensify regional cooperation. In addition, active action by Poland in the context of the United Nations system and regional and bilateral relations with other countries is required.