According to Poland’s Supreme Audit Office (NIK), state agencies as well as other government institutions are not collaborating enough and lack the expertise to deal with new security threats, department director Marek Bienkowski told the audience at a security conference this week in the Polish capital of Warsaw.
While the NIK’s audit is still ongoing and the final report hasn’t published yet, it’s already clear the Polish authorities have much work ahead of them.
The NIK has been auditing cybersecurity at Polish government institutions since the summer, looking into the agencies’ files dating back til 2008. While audits of some organisations are still ongoing, the NIK’s director is confident of its eventual findings — and alarmed enough about them — to share some of the preliminary conclusions. And they aren’t pretty.
Communication between the Ministries of Home Affairs; Administrative Affairs and Digitization; and Defence has been below par, while law enforcement agencies and academic computer networks are poorly equipped to deal with security breaches, he said. Only on a few occasions were actions taken to counter threats effectively, Bienkowski said. While the Polish police and the country’s internal security agency ABW are very active on the topic of cybersecurity, they simply lack the necessary security systems (the police) or resources (ABW) to be effective.
Politically, the situation is even more alarming. Instead of being proactive, the highest government officials tend to wait for the European Union to come up with new directives and common guidelines, Bienkowski says.
The ministries in particular are doing poorly when it comes to cyber security. While the National Security Bureau has been looking into cyber security and developed frameworks on the subject, Bienkowski warns these guidelines are just that: guidelines, without hard commitments. The Minister of the Interior has, for example, no set duties with regard to securing Poland’s IT systems, and there is a lack of a sense of responsibility within the department.
The Ministry of Administrative Affairs and Digitization gets criticism for responding in an ad hoc manner to events as they happen, without preparation or a long-term vision. But even worse, according to Bienkowski, is the lack of knowledge within the department on the topic of cybercrime and digital threats.
For full story visit ZDNET