AmCham November Monthly Meeting

More than 100 AmCham members attended the AmCham Monthly Meeting in November, on November 9, 2022, with guest speaker Secretary of State Janusz Cieszyński, Government Plenipotentiary for Cyber Security at the Office of the Prime Minister, who explained government policies to safeguard high cybersecurity standards and keep the market attractive to investors. 

The speaker said that his main role is to coordinate the work of government agencies charged with cybersecurity: the Scientific and Academic  Computer Network (NASK), the Counterintelligence Services (SKW), and the National Center for Cyberspace Security (NCBC). The NASK, a scientific organization, has the longest history of tackling cybercrime in Poland and employs seasoned experts. In turn, the SKW and NCBC are special services agencies with access to classified information and other capacities that are off-limits to other agencies. While the SKW is charged with the protection of the government and supporting the Polish Armed Forces, the NCBC has been developing to meet the challenges of the rapidly changing cybersecurity landscape from a much broader perspective. Cieszyński underlined, that all three agencies have recently worked “hand in hand” on complex issues and, among others, discovered Zero Day malware in commercially used software in Poland. 

The speaker said that, generally, there is a level of awareness of the importance of cybersecurity across the public sector in Poland. It is generally understood that institutions and organizations must protect their data and create the first tier of resistance against cyber threats. In addition, it is embedded in many organizations’ cultures that they should “keep their data to themselves”. 

The speaker noted that the private sector in Poland has been going through a major reshuffle in managing cybersecurity. While in the past cybersecurity experts employed by companies were members of the back-office, today they are being moved to the top of managerial structures in their organizations. It is so because today cybersecurity is conditioned by human errors, unlike in the past, when it was predominantly a software-critical issue.

Cieszyński said that Poland is engaged in cybersecurity regulatory work on the European Union level. He noted that some EU countries tend to over-regulate cybersecurity, “beyond what we think is reasonable”.The Polish government intends to keep the cybersecurity market as competitive as possible. The country has had a successful digital transformation, which would not have been possible without access to IT solutions developed by the private sector.

In the same vein, the government does not intend to shut down the IT infrastructure market to any vendor. Instead, it plans to introduce the status of “high-risk vendor” which will be assigned to vendors following technical expert scrutiny assessing the security risks of their products. With this, the speaker said, the IT critical infrastructure market and cloud services, will be a level playing field in Poland, open to all investors. 

The government is also open to collaboration with the private sector on cybersecurity expert training programs and can provide top talent sourced from Polish technical schools and universities. 

 

View meeting gallery HERE