Poland - Cybersecurity Strategy of the Republic of Poland 2019-2024
The document sets out the strategic objectives and appropriate policy and regulatory measures to be implemented to ensure that information systems, operators of essential services, operators of critical infrastructure, digital service providers and public administrations are resilient to cyber threats. This will also increase the level of national security.
Main objective of the Strategy
The main objective of the Strategy is to increase the level of resilience against cyber threats and the level of information protection in sectors: public, military and private. The promotion of knowledge and good practices among citizens will also improve the protection of information.
Specific objectives of the Strategy
The document sets out five specific objectives:
- Specific objective 1 – Development of the national cybersecurity scheme. On the basis of the practice of the system, an evaluation of the legal provisions, including the National Cyber Security System Act and implementing regulations, will be carried out. The update of the legislation is intended to help improve the efficiency of the cybersecurity system in Poland. Steps will be taken to develop and build a cyber-resilient information sharing system to facilitate national security governance. In addition, in order to enhance the security of essential and digital services as well as of critical infrastructure, the Integrated Cyber Security Management System of the Republic of Poland will be implemented. The development and implementation of a methodology for risk estimation at national level is also an important element for increasing the level of cybersecurity.
- Specific objective 2 – Increasing the level of resilience of information systems of the public administration and the private sector and achieving the capacity to prevent and respond effectively to incidents includes the development of National Cybersecurity Standards. The aim is to increase the resilience of public administration information systems. The Ministry of Digitalisation has now finalised the Cybersecurity Standards for Computing Metrics. Further standards will be progressively developed for applications, mobile devices, servers and networks, among others. Action will be taken to implement the so-called. The Cybersecurity Act, which entails the creation and subsequent maintenance and development of a national cybersecurity assessment and certification system, which will enable the Republic of Poland to obtain a full European and internationally recognised status of producer country in the field of cybersecurity solutions. A national cybersecurity certification authority should also be designated to issue European cybersecurity certificates and supervise national conformity assessment bodies for products, services and processes with the requirements set out in European cybersecurity certification schemes. The Ministry will support KSC entities in the context of audits, which entails the development of a common audit methodology for all sectors.
- Specific objective 3 – Increasing national capacity in cybersecurity technologies. Cooperation with the National Centre for Research and Development under the CyberSecIdent Programme – Cybersecurity and Identity will continue. The programme allows Polish research centres and companies to apply for grants for research and development of state-of-the-art technologies and solutions in cybersecurity. As part of the development of an effective public-private partnership, the Cybersecurity Cooperation Programme (PWCyber), i.e. agreements with leaders in innovative technologies, will continue.
- Specific objective 4 – Building awareness and societal competences on cybersecurity. It is necessary to improve the skills of staff not only in entities important for Poland’s cybersecurity system, but it is also important to put in place systemic solutions to provide substantive support for improving the competences of employees of both the government administration and local government units. Given the numerous challenges related to cybersecurity, it is important to continuously raise public awareness through, inter alia, dedicated education programmes and awareness-raising campaigns.
- Specific objective 5 – Building a strong international position of the Republic of Poland in the area of cybersecurity. Building Poland’s international position as a strong and competent player in the area of cybersecurity is also an important element of the Ministry of Digitalisation’s action plan. We plan to carry out intensive activities at European Union level, including within the NIS Cooperation Groups. A strong expert voice from Poland is required in the context of possible amendments to the NIS Directive or the work on a European cybersecurity certification scheme. At the same time, the Ministry attaches great importance to the work of the Horizontal Working Party of the Council of the EU on Cybersecurity, where directional decisions on cybersecurity are taken, the Ministry of Digital Affairs plans to intensify regional cooperation. In addition, active action by Poland in the context of the United Nations system and regional and bilateral relations with other countries is required.
Under the current rules, entities performing public tasks are required to include in their financial plans cybersecurity expenditure. These costs were increased by the expenditure allocated to the activities related to the construction of the national cybersecurity system and by the costs incurred for the implementation of the other actions of the Action Plan for the implementation of the Cybersecurity Strategy. The detailed size and cost structure of individual projects will be determined in the process of initiating specific projects. The cost of financing the implementation of the Cybersecurity Strategy will be estimated as part of the Action Plan. The sources of funding for the implementation of the actions described in the document will be the financial plans of the individual entities involved in the implementation of the Cybersecurity Strategy, as well as funds from the National Centre for Research and Development and European Union funds, where possible.
Poland’s Cybersecurity Strategy 2019-2024 was approved by the Council of Ministers on 22 October 2019 and signed on 29 October by Prime Minister Mateusz Morawiecki. In force since 31 October 2019. The Strategy replaces the National Cybersecurity Policy Framework of the Republic of Poland for 2017-2022.
Public administration, citizens and entrepreneurs.