Page 1 Page 2 Page 3 Page 4 Page 5 Page 6 Page 7 Page 8 Page 9 Page 10 Page 11 Page 12 Page 13 Page 14 Page 15 Page 16 Page 17 Page 18 Page 19 Page 20 Page 21 Page 22 Page 23 Page 24 Page 25 Page 26 Page 27 Page 28 Page 29 Page 30 Page 31 Page 32 Page 33 Page 34 Page 35 Page 36 Page 37 Page 38 Page 39 Page 40 Page 41 Page 42 Page 43 Page 44 Page 45 Page 46 Page 47 Page 48 Page 49 Page 50 Page 51 Page 52 Page 53 Page 54 Page 55 Page 56 Page 57 Page 5826 • Transformation Through Training • Issue No: 9 • December 2016 sector. Yet Ms. Świątkowska underlined manning shortfalls in information and communications technology (ICT) sector, estimated at 40 thousand in Poland and 350 thousand in the whole EU. The discussions then shifted towards preventing and countering cybercrime. Significance of cyberattacks against banking sector has been highlighted, as having the potential to affect the whole economy of a country. Also, due to progressing digitisation of fiscal administration and the processes for filing fiscal declarations and payment of taxes electronically, the number of fiscal offences committed with the use of cyber means is constantly growing. There has been a number of phishing campaigns using spoofed governmental web sites. Panama Papers case has shown close relations between cybersecurity and preventing financial offences, to include money laundering. In response to such occurrences, cybercrime enforcement departments are to be created in every prosecutor’s office in Poland, from the local district prosecutor’s offices, up to the Attorney General’s level. Also, creation of National Cybersecurity Agency similar to a French model was suggested, that would enable efficient provision of cybersecurity to critical infrastructure, operated by both public and private sector entities. Creation of such agency would fulfil one of the recommendations from the Supreme Chamber of Audit, namely centralisationandconsolidationofcybersecurity, would ensure flexibility of responses to cyber threats and reduction of costs. Panellists agreed that the so called “silo approach” to cybersecurity must change and bridges between particular sectors and institutions must be built at the lowest possible level to enhance cooperation and coordination. There was also consensus with regards to considering the conclusions of the Supreme Chamber of Audit June 2015 report on cybersecurity as a starting point for thorough reform of the system. STATE STREAM5 Theleadingthemeofdiscussionsinthis streamwasprotectionofcriticalinfrastructure. Intenseactivitiesmeanttoincreasethelevelof cyber security were considered fundamental to ensure uninterrupted functioning of critical infrastructure, i.e. key facilities, services, equipment and installations necessary for the security and development of the state. The aim of the discussion was to identify major activities and strategic decisions, implementation of which is necessary to ensure cybersecurity of critical infrastructure. The discussion was extremely important, both in the face of the work on the Cybersecurity Strategy of the Republic of Poland and the implementation of the NIS Directive. Panellists underlined direct links between cybersecurity, energetic security and securityofcriticalinfrastructure.Cyberattacks on critical infrastructure may physically threaten safety and security of citizens. Close cooperation between particular sectors of administration and economy is a must as is protection of sensitive information. Human errors were indicated as the cause of 99% of cyber incidents, thus there is a need to educate and train personnel responsible for administering and operating computer networks, as well as incident response teams. Education and training are key factors in improving cybersecurity. Currently, Polish government is working on the framework for the act of Parliament on cybersecurity. Panellists agreed that the draft regulations would have to be subject to broad consultations with all key cybersecurity stakeholders in public and private sectors and that there is a requirement for mutual complementarity and consistency of the act of Parliament, the governmental Cybersecurity Strategy and the aforementioned revised Cybersecurity Doctrine. Ensuring cybersecurity for critical infrastructurewasconsideredachallenge,with more than 150 operators and approximately 700 sites in 11 systems. Cybersecurity though, should not be considered a goal itself, merely one of the means to an end, which is uninterrupted functioning of critical infrastructure. Thediscussionthenshiftedtoindustrial security standards, in particular with regards to SCADA6 systems. Inputs to the merits of the SCADA systems should be provided by the users of such systems and propagated by sectoral market regulators. It was underlined that cyberattacks against SCADA systems may be used for military purposes – e.g. STUXNET attack against Iranian uranium enrichment facility in Natanz. The main recommendations from the panel included: isolating critical infrastructure from external networks and duplicating their security systems; increasing the pool of cybersecurityexpertsemployedwithincritical infrastructure sector; creating a national information and communication services provider for the purposes of governmental administration; securing financial resources for cybersecurity; complementarity and coordination of cybersecurity efforts; more actions, less discussions. MILITARY STREAM7 The main theme of discussions in this stream was modernisation of Polish military vis-à-vis the issue of cybersecurity. The current geopolitical situation of Poland and threats emanating from cyberspace require decisive steps and decisions to strengthen the security if Polish military functioning and operations in the digital domain. Acquiring both defensive and offensive cyber capabilities is a prerequisite for effective operations in the modern battlefield, to include cyberspace recognized by NATO as an operating domain equal to sea, land and air. The aim of the discussion was to provide recommendations as to the necessary steps and decisions to be taken at the strategic, operational, structural levels and above all technological level, in order to enable the Armed Forces of the Republic of Poland to effectively execute their tasks in this regard. The role of the Ministry of National Defence and the Armed Forces was considered fundamental in providing nation-wide cybersecurity, however inputs from and cooperation with civilian sector should not be underestimated, in particular because separating military cyberspace from civilian is virtually impossible. Cooperation between civilian and military sectors should mainly focus on detecting, identifying, reconnaissance, reporting, preventing and countering cyber threats.